Under the GDPR, “Personal data” means all data concerning a natural person who is identified or identifiable, including indirectly, or any data concerning an individual whose identity can be ascertained by means of additional information. “Processing of personal data” means all operations concerning the collection, recording, organisation, structuring, storage, consultation, compiling, adaptation or alteration, selection, extraction, comparison, use, interconnection, blocking, communication, distribution, erasure and destruction of the personal data, as well as its storage in a database.
The data controller determines the purposes for which and the means by which personal data collected and processed by the Site is processed (“Data Controller”). The Data Controller of personal data processed by the Site is: Christoph Tsetinis KG LLinke Wienzeile 14/Top18 AT-1060 Wien, Austria.
The Site will always and without exception process personal data under the principles of correctness, lawfulness and transparency.
Categories of personal data
The Site processes various categories of personal data.
In the first place, the Site processes personal data concerning the interaction with the device employed by the User to access the Site: for instance, IP address, browser information, operating system, type of device used, the pages visited and the searches performed by the User on the Site and other data. Personal data processed at this stage is strictly necessary to enable navigation on the Site or to make it more functional.
The Site expressly requires each and every User to share personal data when they activate the procedure for registering on the Site and/or in order to make an Order.
Furthermore, the Site processes personal data of Users to send them communications of a commercial nature: for example, when they subscribe to newsletters. In this case, processing of personal data will be strictly conditional upon the User’s previous and unambiguous consent.
The Site always asks for the explicit and separate consent of Users before carrying out profiling activities for marketing purposes. Profiling means any form of automated processing of personal data that involves the use of such personal data for the evaluation of certain personal aspects relating to a natural person (Art. 4 of the GDPR).
The Site always indicates to Users where communication of personal data is mandatory or optional.
The Site may also perform checks, either directly or indirectly, on the payment methods used to complete orders with the main purpose of preventing insolvencies or fraudulent activities.
The withholding of consent to the processing of personal data for purposes unconnected with the functioning of the Site and/or placement of orders on the Site will not bear any significant consequences for Users.
Personal data is used by the Site only when necessary for the specific purpose for which such personal data is collected and subsequently processed.
The purpose of the processing of personal data
The Data Controller processes personal data for the purposes of fulfilling orders made on the Site and providing customer service. In this context, the processing of personal data is lawfully based on the obligation on the Data controller to provide services to Users and to fulfil contractual obligations.
Moreover, subject to the explicit consent of the concerned User, the Data controller processes personal data to execute promotional and commercial activities, direct sales, as well as for market researches and other advertising activities directed at the same User. In such situation, the processing of the personal data is legitimately based on the valid consent expressed by the concerned User or on the legitimate interest of the Data Controller.
When marketing activities are specifically based on taste, shopping experience and interests of the concerned Users (“profiling”), the specific and separate User consent to profiling is an essential condition prior to carrying out any profiling activities in a legitimate manner.
On the basis of the legitimate interest to improve services and products to Customers, the Data Controller may send Customers promotional emails containing communications, promotions, discounts, feedback requests or updates. However, Customers always hold the right to opt out from receiving commercial communications (for example, by clicking on the link placed in these emails).
Communication of personal data
The Data Controller may communicate part of the personal data processed to third-party operators involved in the fulfilment of orders. This it the case, for example, of the courier carrying out deliveries of products ordered on the Site. In this case, the communication of personal data to suppliers, in their quality of data processors, is necessary for the Data Controller to fulfil contractual obligations that arise from the conclusion of orders.
This is without prejudice to the cases where the communication or disclosure of personal data is required by law.
In all other cases, any communication or distribution of personal data is subject to the prior, explicit and unequivocal consent of the User.
Users can ask the Data Controller for an updated list of the categories of data processors involved in the processing of their personal data by email to: email@example.com
The Data controller will never transfer any personal data to locations and territories outside the European Economic Area (EEA) unless such transfer is not fully legitimate under the GDPR.
Retention period for personal data
Once the processing of personal data is no longer required, the Data controller will promptly delete or anonymise such personal data. For instance, the Data controller shall retain personal data for a sufficient period in order to provide the services requested by Users, and/or to fulfil legal or tax obligations.
In order to determine the appropriate retention period for personal data, the Data Controller will take into account various factors to ensure that personal data is not stored for longer than is necessary or appropriate. These factors also include the purposes for processing personal data and the type of relationship established with the user (how often a User connects to the Site, how often a Customer purchases on the Site, etc.).
Data Protection Rights
Users have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed and, when that is the case, access to such personal data.
User also have the right to be informed by the Data Controller about:
the source of the personal data processed;
the purpose, and the legal basis, of personal data processing;
the legitimate interests that may be pursued by the Data controller, in those cases these constitute the legal basis for the processing itself;
the existence of an automatic decision-making process, including profiling;
the retention period of personal data.
Users also have the right to request to the Data controller that their personal data is:
updated, corrected or (where data are incomplete) supplemented;
personal data is no longer necessary for the purposes for which was collected or processed;
Users revoke their consent to, or opposes its processing;
personal data is processed unlawfully, or must be deleted in order to comply with a legal obligation;
Users have the right to obtain from the Data Controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the User, for a period enabling the Data Controller to verify the accuracy of the personal data;
the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
the User has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the User.
Users have the right to oppose, entirely or in part:
for legitimate reasons, the processing of the personal data concerning the Users, even though relevant to the purpose of the data processing;
the processing of the personal data concerning the Users, for the purpose of sending advertising material or for direct sales, or for conducting market researches, or for commercial communications.
Users have the right to receive the personal data concerning them that they have previously provided to the Data Controller in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another controller without hindrance from the Data Controller, where:
the processing is based on consent; and
the processing is carried out by automated means.
In exercising their right to data portability, Users have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Users have the right to file a complaint with the Data Protection Authority or with any other competent supervisory authority.
For all communications to the Data controller concerning questions of privacy or in order to exercise their individual rights, users can contact the Data controller at: firstname.lastname@example.org
Cookies: what is a cookie?
A cookie is a small file that a website sends to the browser and which is saved on the device of the user visiting the website. Cookies are employed to make the Site work, to enhance its performance or for profiling and marketing purposes.
What kind of cookies does this Site use, and for what purpose?
The Site uses various kinds of cookies and similar tools, each of which has a specific function, as indicated below:
Types of cookies:
Navigation Cookies: navigation cookies enable the Site to function correctly and enable users to view geolocalized content from their very first access. Navigation cookies also enable an account to be created, and allow users to log in and manage orders on the Site. In general, navigation cookies are necessary for the functioning of the Site.
Functional Cookies: functional cookies enable the Site to recognise a User based on their request whenever they access the Site, so that they do not have to re-enter their data each time. Functional cookies are not essential for the functioning of the Site, but enhance the quality of the browsing experience.
Third party cookies for marketing/re-targeting: this type of cookies is used by trusted third-party companies enabling banner advertisements on other affiliated sites, for example showing the User the latest products they viewed on the Site. While the User is browsing on the Site, these cookies are also used to display products that might be of interest to the User, or products similar to those previously viewed. The use of such cookies does not normally imply the processing of personal data; however, it may enable the tracing of saved data
This is a list of the types of cookie used by the Site or by third parties in connection with access and browsing on the Site:
dwsid (replaces sid)
https session cookie
This is a link to web pages with information and forms for the acquisition of user consent to third-party cookies:
Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en-GB
The main browsers are configured in a way to accept cookies. Nonetheless, the majority of browsers also allow Users to control and disable cookies through browser settings. Disabling navigation or functional cookies may cause a website to malfunction and/or to restrict the services offered. These are the links to the main browsers:
For additional information on cookies, Users can also visit: