Privacy Policy

As of: January 28, 2024


Introduction

The protection of your personal data is particularly important to us. We therefore process your data exclusively on the basis of the applicable legal provisions (EU General Data Protection Regulation GDPR, TKG 2003). In this data protection information we inform you about the most important aspects of data processing as part of our activities.

It is generally possible to use the KINDL website without providing any personal data. If you enter personal data, for example for the purpose of contacting us or subscribing to a newsletter, the necessary information you provide will be forwarded to companies that process data on this behalf (e.g. send the newsletter). We only commission companies that work in accordance with the provisions of the General Data Protection Regulation.


Encrypted transmission

The KINDL website uses SSL encryption for security and data protection reasons. This prevents third parties from intercepting and reading the data you enter during transmission. You can recognize active encryption by the padlock or similar symbols in the address bar of your browser.


Server protocols

The server from which this website is provided stores information that is automatically transmitted to us by your browser in so-called log files. These are:

  • Browser type and browser version
  • Operating system used
  • The page (URL) from which you came to us
  • The IP address of the accessing computer
  • Time of request

This data is used exclusively for technical monitoring of the web server (utilization, optimization, error detection, security) and is absolutely necessary for this purpose. They are not connected to other data sources so that they cannot be assigned to individual people. They will be deleted after three months.

Data processing is carried out on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the proper and secure functioning of the website.


Operation of the website by Shopify

To operate our website, we use the shop system of the service provider Shopify. The service provider for Europe is Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Your personal information, such as your name, billing address, shipping address, email address, phone number and payment information, as well as information about how you access my website, is processed by Shopify International Ltd. (“Shopify EU”) processes. As part of providing my services, this personal information may also be transferred to other regions, including Canada and the United States. If your personal information is transferred to Canada, it will be protected under Canadian law. The European Commission has classified Canada as a safe third country through an adequacy decision, which ensures adequate protection of your data. If your personal data is transferred to a country outside Canada (for example to sub-processors), such data will be protected by contractual obligations comparable to the European Commission's Standard Contractual Clauses and will therefore be carried out in accordance with relevant data protection laws. You can view the European Commission's standard contractual clauses at the following link: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Data processing is carried out on the basis of Art 6 Paragraph 1 lit b (fulfillment of a contract) and Art 6 Para 1 lit f (legitimate interests) of the GDPR. The fulfillment of a contract within the meaning of the GDPR is the processing of personal data provided by you, such as your name, your billing address, your delivery address, your email address, your telephone number and payment information for the purpose of sales, payment and shipping make possible. The legitimate interest within the meaning of the GDPR is the attractive and technically flawless presentation of a website for marketing purposes.

Shopify has integrated a Data Processing Addendum into its terms and conditions. This serves as a data processor agreement in which Shopify commits to complying with the standard contractual clauses defined by the EU Commission. You can view Shopify's Data Processing Addendum here: https://www.shopify.com/legal/dpa

For more information, see the Shopify Privacy Policy at
https://www.shopify.com/de/legal/datenschutz


Payment service provider

We offer the payment service provider ShopifyPay to process payments. Choosing a specific payment method may result in the transmission of payment data to the relevant payment service provider. If your data is processed outside the EU, the payment service provider is committed to complying with the EU standard contractual clauses. For more information on how payment service providers process personal data, please see their privacy policies. The legal basis for the use of ShopifyPay is Article 6 Paragraph 1 Letter b GDPR (fulfillment of a contract).

  • Shopify Payments, a payment system from Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (https://www.shopify.com/de/legal/datenschutz)

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm.

We use cookies to make our offering user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit.

Some of these cookies are necessary for the operation of the website and store your consent to non-essential cookies, the language you have chosen and are used for registration. Add additional essential cookies here. If you do not want the necessary cookies to be stored, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

The legal basis for the use of necessary cookies is Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. Legitimate interests within the meaning of the GDPR are the proper and secure functioning of the website and the optimization of our offering.

In addition, other cookies that are not absolutely necessary for the operation of the website may be stored and only with your consent. Details about this in the following sections.


Data storage

For accounting purposes, the following customer data is stored internally: name, address, telephone number, email address, VAT ID. If you have agreed to a direct debit mandate (SEPA direct debit mandate), also your bank details. This data will not be passed on, with the exception of transmission to the processing banking institutions/payment service providers for the purpose of debiting, as well as to our tax office for accounting purposes and to fulfill our tax obligations. The data is stored exclusively within the EU.

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you.

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired.

The above data is stored

  • On encrypted local computer systems or portable computers secured by passwords and physical access protection.
  • In zero knowledge cloud solutions from Filen (Filen Cloud Services UG (limited liability), Breite Straße 27, 45657 Recklinghausen, Germany), which are encrypted on the client side and secured by a password. The data is stored exclusively on servers in Germany. Filen's data protection regulations can be found here: https://filen.io/privacy

Data processing is carried out on the basis of Article 6 Paragraph 1 lit c (legal regulations) of the GDPR and Article 6 Paragraph 1 lit b (necessary for the fulfillment of the contract) of the GDPR.

The data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you. Data will only be transferred to third parties with your express permission

All data from a contractual relationship will be stored until the tax retention period (7 years) has expired. Access data to systems used by the customer will be deleted immediately after the contract ends.

Data processing is carried out on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit a (consent) and/or lit b (necessary for contract fulfillment) of the GDPR.


Your rights

In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection. Corresponding inquiries can be addressed to the email address atelier@kindl.co.at. If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria this is the data protection authority.


Contact us

If you contact us using a form on the website, by email or by other means, the data you provide (name, email address and optionally telephone number) will be used to process the request and in the event of Follow-up questions are stored encrypted for one year. If the inquiry results in a contract, the statutory retention periods apply. We will not pass on this data without your consent. Data processing is carried out on the basis of Art 6 Paragraph 1 lit b (fulfillment of the contract) and Art 6 Para 1 lit a (consent) of the GDPR.

You can reach us using the following contact details:

  • Contact form on our website
  • Contact via email: atelier@kindl.co.at