Data Protection Policy
Welcome to shop.yaasa.uk! Get an idea of how your personal data is processed when visiting our platform, utilising our online shop or conducting any other business with us. (Art 13, Art 14 GDPR; § 96 Paragraph 3 Austrian Telecommunications Act (TKG)).
Which Information is Processed When You Visit Our Platform?
When you visit our platform, the following data may be processed:
- Browser type,
- Operating system,
- Date and time and duration of access,
- Partially masked IP address and pages visited on our website including entry and exit pages,
- Payment data in the course of the webshop,
- Contact details in the course of the webshop,
- Data that you enter via a contact form,
- E-mail address,
- Sending newsletters,
- Phone number,
- Date of birth (for alcoholic products),
- Ordered products.
Processing of this data is justified by our legitimate interest in operating our platform (Art 6 Paragraph 1 lit f GDPR).
For the operation of our platform and webshops, it may be necessary for us to disclose your data to the following recipients:
|Recipients of the data||Purpose of data processing||Legal basis for data processing||Place of business||Basis for transmission to a third country||Circle of those affected|
|Hetzner Online GmbH||Website hosting||Predominantly legitimate interests (Art 6 Paragraph 1 lit f GDPR)||Germany||Within the EEA||Website user|
|AWS EMEA SARL||Sending the newsletter||Consent according to Art 6 Para 1 lit a GDPR||
|Within the EEA||Customers|
|Adyen NV||Processing of online transactions||Predominantly legitimate interests (Art 6 Paragraph 1 lit f GDPR)||Netherlands||Within the EEA||Customers|
|Klarna Bank AB (publ)||Processing of online transactions||Predominantly legitimate interests (Art 6 Paragraph 1 lit f GDPR)||
|Within the EEA||Customers|
|SIX Payment Services Ltd||Processing of online transactions||Predominantly legitimate interests (Art 6 Paragraph 1 lit f GDPR)||Switzerland||Outside the EEA (adequacy decision according to Art 45 GDPR)||Customers from the delivery country Switzerland|
|Amazon Payments Europe sca||Processing of online transactions||Predominantly legitimate interests (Art 6 Paragraph 1 lit f GDPR)
Contractual obligation (Art 6 Paragraph 1 lit b GDPR)
Within the EEA
|Freshworks Inc||Handling of customer inquiries||Processor (Art 28 GDPR)||USA||Standard data protection clause in accordance with Art 46 GDPR||Website users & customers|
|Bamboo HR LLC||Compliant applicant management||Processor (Art 28 GDPR)||USA||Standard data protection clause in accordance with Art 46 GDPR||Applicants for Niceshops GmbH|
|Trusted Shops||Buyer Protection & Reviews||Predominantly justified interests (Art 6 Para 1 lit a GDPR)||Germany||Within the EEA||Customers|
Overview of the "Technical" Cookies We Use
These technical cookies are activated as soon as you visit our platform.
The following cookies are used on our platform on the basis of our predominantly legitimate interest (Art. 6 Paragraph 1 Point f GDPR):
|Name||Purpose of processing||Duration of storage||Country of residence of the recipient|
|shopcart||Stores the selected products on the website in order to shop at a later date.||Session||Austria|
|S||A server classification is made to prepare the website.||Session||Austria|
|NICEID||The user is anonymously identified on the server which helps with fraud detection, among other things.||
|consent_cookie||Stores all cookies and cookie opt-ins that have been accepted||10 years||Austria|
About Advertising Cookies
In addition to using "technical cookies" as described above, we also utilise so-called advertising cookies ("statistical cookies"). These advertising cookies make it possible to better understand and evaluate your interests. With the help of advertising cookies, we can combine your browsing behaviour beyond the boundaries of our website with data sourced from other websites. This allows us to better understand the user's interests and address them on a more personalised level.
These advertising cookies are only activated once consent has been given.
|Name||Purpose of processing||Duration of storage||Registered office||Purpose of disclosure|
|uid||Marketing purposes||1 year||France||The information collected is used to personalise advertising placements.|
|uid||Marketing purposes||1 year||The information collected is used to personalize advertising placements.|
|mdrds_vid||Marketing purposes||1 year||Germany||The information collected is used to personalize advertising placements.|
|mdrds_nin_668||Marketing purposes||Session||Germany||The information collected is used to personalize advertisements.|
|fr||Marketing purposes||90 days||USA||The information collected is used to personalize advertisements.|
|fatm_vid||Marketing purposes||1 year||USA||The information collected is used to personalize advertisements.|
|fatm_nin_660||Marketing purposes||1 day||USA||The information collected is used to personalize advertising placements.|
|cvt||Marketing purposes||14 days||Austria||Use of remarketing campaigns|
|_uetvid||Marketing purposes||16 days||Austria||Use of remarketing campaigns|
|_uetsid||Marketing purposes||1 day||Austria||Use of remarketing campaigns|
|_hjid||Experience improvements||1 year||Malta||Improvement of the user experience through more precise data on browsing behaviour|
|_hjTLDTest||Experience improvements||Session||Malta||Improvement of the user experience through more precise data on browsing behaviour|
|_hjAbsoluteSessionInProgress||Experience improvements||Session||Malta||Improvement of the user experience through more precise data on browsing behaviour|
|_gid||Statistical purposes||1 day||Austria||Statistical traceability of browsing behaviour|
|_gcl_au||Statistical purposes||90 days||Austria||Statistical traceability of browsing behaviour|
|_ga||Statistical purposes||2 years||Austria||Statistical traceability of surfing behaviour|
|_fbp||Marketing purposes||90 days||Austria||Use of remarketing campaigns|
|__Secure-3PSIDCC||Detection of logged-in users||1 year||USA||Detection of logged-in Google accounts|
|__Secure-3PSID||Detection of logged-in users||2 years||Ireland||Detection of logged-in Google accounts|
|__Secure-3PSID||Detection of logged-in users||2 years||USA||Detection of logged-in Google accounts|
|__Secure-3PAPISID||Detection of logged-in users||2 years||USA||Detection of logged-in Google accounts|
|__Secure-3PAPISID||Detection of logged-in users||2 years||Ireland||Detection of logged-in Google accounts|
|SSID||Marketing purposes||2 years||USA||Use of remarketing campaigns|
|SIDCC||Marketing purposes||1 year||USA||Use of remarketing campaigns|
|SID||Marketing purposes||2 years||USA|
|SEARCH_SAMESITE||Marketing purposes||6 months||USA|
|SAPISID||Marketing purposes||2 years||USA||Use of remarketing campaigns|
|NID||Marketing purposes||1 year||Ireland||Use of remarketing campaigns|
|NID||Marketing purposes||6 months||USA||Use of remarketing campaigns|
|MUID||Marketing purposes||1 year||USA||Use of remarketing campaigns|
|HSID||Marketing purposes||2 years||USA||Use of remarketing campaigns|
|APISID||Marketing purposes||2 years||USA|
|AID||Marketing purposes||1.5 years||USA|
|_fw_crm_v||Contact option||1 year||Ireland||Onsite chat option|
When Do We Process Your Data for Business Transactions?
While conducting business with you, we process contractual data (executing our contractual relationship with you, pre-contractual obligations, billing of services, dispatch of documents, communication for the execution of the contract) and legal obligations (legally required storage within the scope of Section 132 BAO, Federal Fiscal Code) (Art. 6 Paragraph 1 Point b and c GDPR), as well as data used for our legitimate interests or for the legitimate interests of third parties (Art. 6 Paragraph 1 Point f GDPR), such as:
- Data used for the internal administration and management of your business transaction (e.g. processing your business transaction, forwarding your business transaction to various departments, filing, archiving purposes, correspondence)
- Data used for the purpose of direct advertising (e.g. postage, emailing, customer satisfaction surveys, congratulatory letters, statistical evaluations); You can object to the processing of your data for direct marketing purposes.
- Data used for law enforcement and in defence of legal claims
Your data is used only to the extent required. Processing your data serves to initiate, maintain and process your business transaction. If you do not provide us with the data we require, we will not be able to process your business transaction.
In order to offer Klarna payment method options, we may be required to forward your personal data, in form of contact and order details, to Klarna during the checkout process. In doing so, Klarna will assess whether you are qualified to use their payment methods whilst also tailoring these payment methods to your requirements. The personal data transferred is processed in line with the Klarna privacy notice.
How Long Will Your Data Be Stored?
We will only store your data for as long as is necessary to fulfil the purposes for which we collected your data. Statutory retention requirements must be taken into account during this time period (for example, for tax purposes, contracts and other documents regarding our contractual relationship are generally kept for a period of seven years (Federal Fiscal Code, § 132 BAO)). In justified individual cases, for example, to assert and defend legal claims, we can store your data for up to 30 years after our business relationship has ended.
We store data from interested parties for up to three years from the time the interested party has last contacted us.
Who May Obtain Your Data?
Over the course of our business relationship, it may be necessary for us to transfer your data to the following recipients:
|Recipient of the data||Purpose of data processing||Legal basis for data processing||Registered office||Basis for transmission to a third-party country|
|Logistics service provider||Shipment of orders||Legal obligation (Art. 6 Para 1 Point c GDPR)||Generally EEA - but also third-party countries in exceptional cases||If outside the EEA - Art. 49 Paragraph 1 Point b and e GDPR|
Collection of Data From Other Sources (Art. 14 GDPR)
Over the course of a business relationship, it is necessary to make enquiries regarding the business partner. This is done only to the extent necessary. In this context, data can be accessed and processed from the following sources:
|Source||Publicly available?||Data affected||Purpose / Reason|
|Company website||Yes||Contact / structural data||Contacting us for business purposes|
Do We Use Automated Decision-Making or Profiling (Art. 13 (2) Point f GDPR)?
No automated decision-making takes place on our website. Over the ordering process, however, it is possible that the respective payment service provider uses profiling to detect fraud.
What rights do you have with regard to data processing?
Provided that the legal requirements are met, you have the right to:
- request information about what type of data we process (see Art. 15 GDPR).
- request amendments to or completion of incorrect or incomplete data (see Art. 16 GDPR).
- have your data deleted (see Art. 17 GDPR).
- object to the processing of your data that is necessary to safeguard your legitimate interests or that of a third party. This applies, in particular, to the processing of your data for advertising purposes.
- receive a copy of the data you provided in a structured, prevalent and machine-readable format.
If we process your data on the basis of your consent, you have the right to revoke this consent at any time via email. This does not affect the legality of the data processing that has taken place up to this point in time (Art. 7 (3) GDPR).
What are Your Rights of Appeal?
If, contrary to expectations, your right to the lawful processing of your data is violated, please contact us via post or email. We will do our best to handle your request immediately. However, you also have the right to lodge a complaint with the supervisory authority responsible for data protection.
How Can You Contact Us?
If you have any further questions about how your data is processed, please feel free to contact our data protection coordinator using the contact details below.
The person responsible in respect to Art. 4 Z 7 GDPR is:
(+43) 720 710740 9000
Chief executive officers: Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler
Graz Regional Court for Civil Matters
District Commission Southeast Styria
Member of the trade division, the Styrian Chamber of Commerce.
Author: Attorney-at-law, Dr. Tobias Tretzmüller, LL.M (IT-LAW); https://www.digital-recht.at/
Copyright information: Use of this data protection declaration, or even parts thereof, without the consent of the author constitutes a copyright infringement.