Data Privacy Notice
1. Name and contact data of the parties responsible for data processing, and the corporate Data Protection Officer
The following information regarding data protection is valid for data handling by:
Responsible party: SnS Commerce GmbH, Windmuehlgasse 9/14, 1060 Vienna / Austria
Managing Directors: Lukas Schuetz / Michael Serafin
Registration number: FN 477826 k
Court of register: Vienna Commercial Court
Telephone: + 43 (0) 1512 / 18 62
A corporate Data Protection Officer is not required.
2. Collection and storage of personally identifiable data, and methods and purpose of use
The legal basis for handling/processing procedures, with which we reach an agreement for a definite purpose for handling/processing, is always Art. 6 Sect. 1 p. 1 lit. a DSGVO. Insofar as the handling and processing of personally identifiable data is necessary for the fulfillment of a contract (shipping of goods, provision of services) in which you are a party, such handling is based on Art. 6 Sect. 1 p. 1 lit. b DSGVO. The aforementioned legal basis is valid also in the case of conducting pre-contractual activities (e.g. inquiring as to our products and services).
If our company is subject to a legal obligation through which the handling of personally identifiable data becomes necessary, and which has its basis in EU law or the laws of the member countries by which we are governed, such handling is based on Art. 6 Sect. 1 p. 1 lit. c DSGVO. Further, such handling can be based on Art. 6 Sect. 1 p. 1 lit. d DSGVO, if vital interests are involved (danger to body and life and/or catastrophies). In addition, the legal basis for handling of personally identifiable data can be Art. 6 Sect. 1 p. 1 lit. f DSGVO. In this case we will communicate our legitimate interest according to Art. 6 Sect. 1 p. 1 lit. f DSGVO to you separately.
a) Using our website
Upon accessing our website, your browser automatically sends information to the server hosting our website, and this information is saved temporarily in a so-called logfile. This can include the following information:
• IP address of the querying computer,
• Date and time of access,
• Name and URL of the file accessed,
• The website from which access to our site occurs (referrer URL),
• The browser and operating system used by your computer, as well as the name of your access provider.
Data is stored until it is automatically deleted after seven days. We handle and use this data for the following purposes:
• Guaranteeing a trouble-free connection to the website,
• Guaranteeing comfortable and convenient use of the website,
• Evaluating system security and stability,
• Other administrative purposes.
The data processing we undertake is based on Art. 6 Sect. 1 p. 1 lit. f DSGVO as its legal basis. The purposes of data collection listed above establish our legitimate interest. We will make no inferences pertaining to you as an individual from the data we collect.
b) Newsletter service
Pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO, express consent is given when you choose to receive our newsletter. For regular transmission of the newsletter, we use the email address you provide for this purpose. You do not need to provide any further information to receive the newsletter.
You can unsubscribe from our newsletter service at any time. At the end of each newsletter is a link by which you can unsubscribe. However, you do not need to use this link; you can simply send us an email request to firstname.lastname@example.org.
c) Contact form
There is a contact form on our website which you can use for questions of any kind. This type of data processing is done with your consent,pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO. So that we know the sender of the query and can thus reply, a valid email address is required. All further information is given voluntarily.
All personally identifiable data collected by us through your use of the contact form is automatically deleted as soon as your question is resolved.
d) Business processing
When you enter into a distance contract with us, for instance by shopping in our online shop, data processing is done pursuant to Art. 6 Sect. 1 p. 1 lit. b DSGVO. In addition, we have a legitimate interest in a credit check, pursuant to Art. 6 Sect. 1 p. 1 lit. f DSGVO. The data you provide during registration or in the scope of the conclusion of the contract - particularly your name, address, and email address - are necessary for the fulfillment and settlement of the contract. The contract cannot be fulfilled without this data. You are expressly referred to Art. 13 Sect. 2 lit. e DSGVO. The data is also provided to third parties (clause 4) if absolutely necessary (e.g. to shipping services).
As a registered Influencer, your information provided during registration is saved in our Influencer database. You will be contacted by us for the purpose of collaboration. This is done via email or as a message through your social media platform. We use your mailing address for the purpose of sending goods.
The registration data is saved as long as your account exists. If your account is deleted, the account data is also deleted.
3. Storage of data
Your data regarding the conclusion of a contract is stored until the end of the limitation periods. In this respect, storage of your data is based on Art. 6 Sect. 1 p. 1 lit. b DSGVO. Also, the duration of storage of your data conforms to our retention requirements based on commercial and tax law. In this case, storage of your data is based on Art. 6 Sect. 1 p. 2 lit. c DSGVO. If the data is no longer necessary for the purposes listed above, it is deleted immediately.
4. Sharing of data
Your personal data is fundamentally not shared with third parties. Sharing is only done in the following cases:
• You have expressly consented to sharing with third parties, pursuant to Art. 6 Sect. 1 p. 1 lit. a DSGVO;
• The sharing is necessary for verification of our legal interests or those of a third party, particularly for assertion, exercise, or defense of legal claims, pursuant to Art. 6 sect. 1 p. 1 lit. f DSGVO, and you have no overriding legitimate interest in your data not being shared;<
• A legal obligation according to Art. 6 Sect. 1 p. 1 lit. c DSGVO exists;
• Data is transmitted for the processing of contractual relationships with you, as per Art. 6 Sect. 1 p. 1 lit. b DSGVO. In this case, sharing of your personally identifiable data with third parties is done exclusively with the service partner involved in processing the contract, such as the logistics company tasked with delivery, the credit institution handling payment matters, or the service company responsible for marchandise management and accounting, as far as this is absolutely necessary for contract processing and fulfillment. In the cases of sharing with third parties, the scope of data provided is limited to the minimum required for processing the contract.
The data processed through cookies is necessary for the listed purposes and serve to verify our legitimate interests as well as those of third parties, as per Art. 6 Sect. 1 p. 1 lit. f DSGVO.
As an affected person you can prevent the placing of cookies by our website at any time by means of an appropriate setting of your internet browser, and thereby permanently refuse the placing of cookies. Cookies already placed can be deleted at any time by an internet browser or other software program. Please note that deactivating the placing of cookies may mean that you may not be able to use all the functions of our website.
6. Analysis- and tracking tools
Legal basis for the use of the following tools is Art. 6 sect. 1 p. 1 lit. f DSGVO. Only with these measures can a needs-based design and continuous optimization of our website be assured. In addition, we can compile statistics about the usage of our website and continuously optimize our services. These interests are seen as justified in the sense of the above-named regulation.
You can learn about the purposes of our data processing and types of data from the tracking tool described below.
• Browser type/version
• Operating system used
• Referrer URL (the page visited previously)
• Host name of the accessing computer (IP address)
• Time of the server query
These are transmitted to, and saved on, a Google server in the USA. The information is used to evaluate the usage of the website, to compile reports about activities on the website, and to further provide services related to website and internet usage for the purposes of market research and needs-based design of these websites. This information may be transmitted to third parties, insofar as this is legally prescribed or insofar as third parties are contracted to handle this data.
In standard practice, Analytics uses the complete IP addresses of website users to create general geographic reports. When IP masks are in use, Analytics removes the last octet of the user's IP address before it is used and stored.
Google will not couple your IP address with other data.
As described under clause 4, the installation of cookies can be prevented using an appropriate setting of your browser software, although this can affect your usage of the website. Data collection by this tool can be prevented by using a browser add-on, which you can find at the following link:https://tools.google.com/dlpage/gaoptout?hl=de.
On mobile devices you can simply click the link and thus prevent collection by Google Analytics. For our website this will place an opt-out cookie on your device, which will remain until you delete it.
You can find more information about data privacy regarding Google Analytics in the "Help" information, which you can find at the following link: https://support.google.com/analytics/answer/6004245?hl=de.
We have completed the necessary contract data handling agreement with Google. The contract establishes the object and duration of handling, type and purpose of processing, types of personally identifiable data, categories of affected persons, and the obligations and rights to which we are bound as per DSGVO. The contract guarantees that Google is correspondingly bound to us regarding compliance with these obligations. The handling of your data by Google occurs exclusively at our direction. We have ensured that Google offers sufficient guarantees that appropriate technical and organizational measures are observed which ensure that handling and processing are done in accordance with the requirements of DSGVO and that the rights of affected persons are protected. The contract processor will not make use of any additional contract processor without previous separate or general written approval on our part.
7. Social media plugins
On the basis of Art. 6 sect. 1 p. 1 lit. f DSGVO we use social media plugins on our website for the social networks Facebook, Instagram, YouTube, Pinterest, and Twitter in order to increase our notoriety. This promotional purpose is classified as a legitimate interest as per the DSGVO. The respective companies offering the plugins are responsible for their operation complying with data protection requirements. We make an effort to protect visitors our website as much as possible by integrating the plugins via the so-called double-click method.
Our website uses social media plugins from Facebook Inc., Menlo Park, California, USA (subsequently "Facebook") in the form of "LIKE" or "SHARE" buttons.
When you access a page on our website containing such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the website.
Through the integration of plugins, Facebook obtains information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can directly log your visit to our website onto your Facebook account. If you interact with the plugins, e.g. by clicking the "LIKE" or "SHARE" buttons, the corresponding information is transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purposes of advertising, market research, and needs-based design of Facebook pages. For this, Facebook creates profiles regarding usage, interests and relationships, e.g. to evaluate your use of our website regarding the advertisements inserted on Facebook, to inform other Facebook users about your activities on our website, and to provide further services connected to the use of Facebook
If you do not want Facebook to associate its data collected through our website with your Facebook account, you must log out of your Facebook account before visiting our website.
Our website uses social plugins ("plugins") from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").
The plugins are distinguished by an Instagram logo, e.g. in the form of an "Instagram camera".
When you access a page on our website which contains a plugin, your browser establishes a direct connection to the Instagram servers. The plugin content is transmitted by Instagram directly to your browser and embedded into the page. Through this embedding, Instagram obtains information that your browser has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not currently logged into Instagram.
This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can immediately record your visit to our website on your Instagram account. If you interact with the plugins, e.g. by clicking the "Instagram" button, this information is transmitted directly to an Instagram server and stored there.
The information is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to immediately record the data collected by our website to your Instagram account, you must log out of Instagram before visiting our website.
Our website contains a link to the internet platform www.youtube.com. YouTube LLC, with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA is responsible for this web presence (https://www.youtube.com/t/terms).
Information about the data provided to YouTube LLC:
As soon as you activate the corresponding plugin and visit the site www.youtube.com, YouTube LLC obtains data from you. We expressly advise you that we have only the following knowledge about data handling and processing by YouTube.
Fundamentally, data is collected and transmitted during every interaction with www.youtube.com. Data which you send yourself to the platform operator (particularly when signing into your user account) is stored initially.
Even without entering it yourself, data is collected when you use certain services: particularly information about the services you use and the way you use them, e.g. when you view a video on YouTube, visit a website on which our advertising services are used, or view and interact with our advertisements and content.
Our website also uses plugins from the service "pinterest.com", which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA ("Pinterest"). The plugin is recognizable by the Pinterest logo. As with the other social media plugins, when you visit our site a direct connection to the Pinterest servers is established, and log data is transmitted to the Pinterest servers. These are located in the United States, among other places. The log data contains, for example, your IP address, the address of sites you visit which contain Pinterest functions, your browser type and settings, the date and time of your query, your manner of use of Pinterest, and cookies (cf. clause 6). Pinterest can log your visit to our website on your Pinterest account if you are logged into it. If you activate a Pinterest button, the corresponding information is transmitted directly to Pinterest by your browser.
Our website contains integrated plugins from the short message network Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereafter "Twitter"). You can recognize the Twitter plugins (tweet button) on our site by the Twitter logo. You can find an overview of tweet buttons here:https://about.twitter.com/resources/buttons.
When you access a page on our website which contains such a plugin, a direct connection between your browser and the Twitter server is established. Twitter thus obtains the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while you are logged into your Twitter account, you can link the content of our site to your Twitter profile. In this way Twitter can log your visit to our site to your user account. We advise that as the operator of the website we obtain no information about the content of the data transmitted or its use by Twitter.
If you do not want Twitter to be able to log your visit to our website, please log out of your Twitter account.
8. Rights of affected parties
Through the new General Data Protection Regulation, your rights have been substantially expanded. These are enumerated in the following list and briefly explained with a mention of their legal basis.
• Disclosure, Art. 15 DSGVO: You have the right to request disclosure pertaining to your personally identifiable data which we handle. This includes e.g. information about purposes of processing, the category of personally identifiable data, categories of parties to whom your data was or is disclosed, the planned duration of storage, the existence of a right to correction, deletion, or restriction of handling or the objection thereto, the existence of a right to appeal, the origin of your data if it is not collected by us, and existence of automated decision making including profiling and (if applicable) significant information about its details;
• Disclosure, Art. 15 DSGVO: also about the existence of automated decision making including profiling and (when applicable) significant information about its details;
• Right to correction, Art. 16 DSGVO: you can promptly request the correction or completion of personally identifiable data stored by us;
• Right to deletion ("Right to be forgotten"), Art. 17 DSGVO: you have a right to the deletion of your personally identifiable data stored by us, as long as its processing is not necessary for the exercise of the right to free expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims/rights;
• The right to limitation of handling, Art. 18 DSGVO: you can request to limit the handling of your personally identifiable data. It is presumed that you are disputing the correctness of the data, the handling is unlawful, you decline its deletion and we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims/rights, or you have entered an objection (clause 9) to its handling pursuant to Art. 21 DSGVO;
• Right to data transmission, Art. 20 DSGVO: you can request to obtain any personally identifiable data which you have provided to us in a structured, common, and machine-readable format, or transmitted to another responsible party;
• Revocation of consent, Art. 7 sect. 3 DSGVO: You can revoke your consent previously granted to us at any time. This means that in the future we may no longer continue any data processing dependent upon this consent. The legality of any processing done which was permitted by your consent, before such consent was revoked, is not affected.
• Right to appeal, Art. 77 DSGVO: You have the right to appeal to a supervisory authority if you believe that your personally identifiable data has been handled in a manner in violation of the data protection regulations. To do this you can typically approach the supervisory authority of your usual area of residence, of your workplace, or of our headquarters.
9. Right to object
In addition, you have the right to object, pursuant to Art. 21 DSGVO. This is valid for your personally identifiable data which is handled on the basis of legitimate interests as per Art. 6 sect. 1 p. 1 lit. e or f DSGVO, and insofar as reasons resulting from your particular situation exist for an objection against data handling. You have an unrestricted right to object to direct advertising, even without details about your particular situation.
You can exercise your right to object and your other rights by sending an email to email@example.com.
10. Data security
For our website we use the extended SSL protocol (Secure Socket Layer) along with the highest level of encryption supported by your browser, normally 256-bit encryption. If your browser does not support 256-bit encryption, we revert instead to 128-bit v3 technology. You will know whether an individual page on our website is transmitted with encryption by the closed representation of the key or lock icon in the status bar at the bottom of your browser.
Protecting your data is important to us. Therefore, we take suitable technical and organizational security measures to protect your data against incidental or intentional manipulation, partial or complete loss, destruction, and unauthorized access by third parties. Our security measures are continuously improved in accordance with developing technology.
11. Existence of automated decision making
Automatic decision making or profiling does not occur.
12. Updates and changes to this data privacy notice
It may become necessary to adjust this data privacy notice due to the ongoing development of our website, or to update it due to changing legal requirements. You can access and print the current data privacy notice at the following link: https://beardgrowthspray.myshopify.com/pages/privacy-policy
Current version: July 9, 2018