1. Data Controller
Controller responsible in respect to the General Data Protection Regulation (GDPR) or other european data protection regulation is
Tel.: +43 677 617 63571
2. Data collection when visiting our website
You can visit our websites without providing personal information. In this case we store only access data your browser transmits to our server, so-called server log files including:
- our visited website
- date and time of access, time zone
- transferred data volumes (in byte)
- what websites or search terms referred you to the site
- how you interact with the site
- some of the cookies that are installed on your device
- operating system
- IP (anonymized)
- internet provider
In accordance to our legitimate interest of improving functionality and stability of our website (Art. 6 (1f) GDPR), these data are analyzed exclusively to ensure an uninterrupted operation of the website and improve our service. They cannot be traced in any way to specific individuals and are not forwarded to third parties
To improve the experience of visiting our website and enable the use of specific functions, we use so-called 'cookies' on various pages. These are small text files that are stored on your end-device. Some of the cookies we use are deleted at the end of your browser session (i.e. as soon as you close your browser). These are called 'session cookies'. Other cookies remain on your end-device and enable us or our partners (third-party cookies) to recognise your browser upon your next visit ('persistent cookies').
If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal cookies are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1b) GDPR either for the execution of the contract or in accordance with Art. 6 (1f) GDPR for safeguarding our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective web design.
We collaborate with various advertising partners who help make our online services and website more interesting for you. Therefore, whenever you visit our website, cookies from our partner firms will also be stored on your hard disk drive (third-party cookies).
You can set your browser to inform you about the placing of cookies and to ask your permission each time on whether to accept them, or to block the acceptance of cookies in specific cases or in general.
You can find the settings for your corresponding browser through the following links:
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please be aware that If you decide to block cookies, you may be unable to use certain functionalities on our website.
4. Contact form & e-mail contact
If you get in touch with us using our contact form or via e-mail we store and process the personal data you provide. The data collected in the case of a contact form corresponds to the fields of the respective contact form. If you contact us via e-mail, we collect the data you provide us in your e-mail. We store this data exclusively for the purpose of responding to your inquiry or getting in touch and the technical administration related to it (Art. 6 (1b) GDPR). Your data will be deleted upon completion of your inquiry.
WeBloom OG is not making use of these messages or data other than to follow up on users’ registered issues or inquiries. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR).
6. Data processing when creating an account and for execution of the contract
Personal data are stored and processed, if you provide them to us for the purpose of executing the contract or for opening a customer account. The nature of the data collected corresponds to the forms you filled out. We store and process the data you provide for the purpose of executing the contract (Art. 6 (1b) GDPR). Upon execution of the contract or deletion of the account, your data will be deleted after the storage period required by the tax and commercial law (currently 7 years).
When commenting on this website (e.g. when rating products), we store not only the comment, but also time and date of the comment, as well as your name and e-mail. Time, content of the comment and the name of the author will be published on our website. Further, we record and store your IP-address for safety reasons and in case the person concerned violates rights of a third party through the comment or posts illegitimate content. We need your e-mail address to contact you in case a third-party makes a complaint regarding the legitimacy of your published content. The processing of the data takes place on the legal basis of Art. 6 (1b) GDPR and Art. 6 (1f) GDPR.
8. Use of your data for direct mail
8.1 Newsletter sign-up
When signing-up to our newsletter, we regularly send you information regarding our offer. The only information mandatory for receiving the newsletter is your e-mail address. Providing additional data is voluntary and will be used to address you personally. With signing up to our newsletter you give us your consent (Art. 6 (1a) GDPR) to use your personal data. When signing up to our newsletter we store your IP address provided by your Service Provider (ISP), as well as the date and time of the signup, to be able to trace a possible abuse of your e-mail address at a later point. The data provided when signing up for our newsletter is exclusively used for the purpose of advertising through our newsletter. You can unsubscribe at any time by clicking the opt-out link provided in the newsletter or by sending an e-mail to the point of contact listed above. After unsubscribing we will immediately delete your e-mail address from our mailing list.
8.2 Existing customers
If you provided your e-mail address when purchasing goods from our online shop, we reserve the right to send you offers based on your previous purchases per e-mail. You will receive these individual product recommendations from us regardless of whether you have subscribed to a newsletter, as it is based on our legitimate interest of personalized direct advertising (Art. 6 (1f) GDPR and §107 TKG).
In case you previously objected against the use of your e-mail for this purpose, we will not send you any e-mails. If you do not wish to receive any more individual product recommendations from us, you can opt-out of this service at any time by sending us an e-mail or using the opt-out link provided in the newsletter. After we receive your objection to our e-mails we immediately cease to use your e-mail for marketing purposes.
We use a third-party data processor to distribute the newsletter, The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), hereinafter referred to as MailChimp. We provide them with your data in accordance with Art. 6 (1f) GDPR, as it serves our legitimate interest in the use of an effective, safe and user-friendly newsletter system. Please note that your data is usually transmitted to and stored by a MailChimp server in the USA.
MailChimp uses this information for sending and statistical evaluation of the newsletter on our behalf. For the evaluation, the emails sent include so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This way you can determine if a newsletter message has been opened and which links have been clicked on.
Mailchimp uses the Web beacons to automatically generate non-personal statistics on the newsletter response. Based on our legitimate interest in the statistical evaluation of newsletter campaigns for the optimization of our marketing communication and to better tailor future newsletters to recipient interests (Art. 6 (1f) GDPR), the web beacons also collect and process data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system). These data provide a personal reference to the newsletter recipient and are processed by Mailchimp to automatically generate statistics that indicate whether a particular recipient has opened the newsletter.
If you want to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, MailChimp may use this data in accordance with Art. 6 (1f) GDPR for its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them in any way or to pass them on to third parties.
To protect your information in the United States, we have entered into a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to allow the transfer of your personal information to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/
9. Data processing for order processing
9.1 Based on the legal basis of execution of the contract (Art. 6 (1b) GDPR), we transfer your data to contracted service providers insofar as necessary for the handling of your order and delivery of your products. We transfer your payment data to contracted payment providers insofar as necessary for the processment of your payment.
Data transferred in this way can only be used by our service providers to perform their tasks. Any other use of the data is not allowed and does not occur with any of our trusted service providers. The following section will explicitly inform you about our contracted service providers.
9.2 Use of transport service providers
If your goods are delivered by the transport services provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Wien, Österreich), we transfer your e-mail address for the purpose of coordinating the delivery time or the delivery announcement only if you have previously given your consent (Art. 6 (1a) GDPR). Otherwise we only give access to your data in the scope and for the time period required for the provision of the delivery service (Art. 6 (1b) GDPR), such as the name of the recipient and the delivery address. In this case the coordination of delivery time and delivery status updates are not possible. Your consent can be revoked at any time towards us or the transport services provider Österreichische Post.
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will give your e-mail address in accordance with Article 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordination of a delivery date or delivery notification to DHL, provided you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. It will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible. The consent can be revoked at any time with effect for the future vis-à-vis the person responsible or the transport service provider DHL.
9.3 Use of payment service providers
For payment via Paypal we will transfer your payment data for the processing of the payment to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’). The disclosure is made in accordance with Art. 6 (1b) GDPR and only insofar as this is necessary for the payment process.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if necessary for the contractual payment.
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. You can find more information on data protection at Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
If you choose to use a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland(hereinafter referred to as ‘Stripe’). Stripe will receive the information you communicated during the ordering process and the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1b) GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Stripe's privacy, please visit https://stripe.com/terms
10. Use of Social Media: Social Plugins
10.1 Facebook plugins with Shariff solution
On our website, so-called 'social plugins' ('plugins') from the social media network Facebook are used. This service is provided by the company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, (hereinafter referred to as 'Facebook').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Facebook when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Facebook website and allow you to log-in and interact with the plugins.
10.2 Instagram Plugins with Shariff Solution
On our website, so-called 'social plugins' ('plugins') from the social media network Instagram are used. This service is provided by the company Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (hereinafter referred to as 'Instagram').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Instagram when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Instagram website and allow you to log-in and interact with the plugins.
10.3 Pinterest Plugins with Shariff Solution
On our website, so-called 'social plugins' ('plugins') from the social media network Pinterest are used. This service is provided by the company Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA (hereinafter referred to as 'Pinterest').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Pinterest when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Pinterest website and allow you to log-in and interact with the plugins.
11. Online Marketing
11.1 Google Adwords Conversion Tracking
This website uses the online advertising program "Google AdWords" and as part of Google AdWords the conversion tracking by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as ‘Google’). We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on a Google-served AdWords ad. Cookies are small text files that are stored on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can not be tracked through AdWords advertisers' websites. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in tracking, you can block this usage by disabling the Google Conversion Tracking cookie through your Internet browser under User Preferences. You will not be included in the conversion tracking statistics. We use Google Adwords based on our legitimate interest in a targeted advertising (Art. 6 (1f) GDPR).
You can permanently deactivate cookie cookies by blocking them by setting your browser software accordingly or by downloading and installing the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=en
12.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as ‘Google’). Google Analytics uses so-called "cookies", which are text files that are stored on your computer and that allow an analysis of your use of this website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.
We only use Google Analytics with activated IP anonymization (‘_anonymizeIp()’). This means that the IP address of the users will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 (1f) GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf Google will use this information to evaluate your use of the website, compiling reports on website activity and providing other with website and internet related services to us. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from entering this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics tracking cookies
13. Retargeting & Remarketing
13.1 Google AdWords Remarketing
Our website uses the features of Google AdWords Remarketing to advertise this site on Google's search results, as well as third party websites. Provider is the Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising based on the pages you visited, using a pseudonymous cookie ID. The processing is based on our legitimate interest of optimally marketing our website in accordance with Art. 6 (1f) GDPR.
Any further processing will only take place if you have agreed with Google that your internet and app browsing history will be linked to your Google account by Google and information from your Google account will be used to personalize the ads you see on the Web. In this case, when you log in to Google during the page visit of our website, Google uses your data with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google will temporarily associate your personal information with Google Analytics data to create audiences.
You can permanently deactivate the setting of cookies by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively you can contact the Digital Advertising Alliance on www.aboutads.info who inform you about the setting of cookies and make the corresponding settings. Finally, you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website.
US-based Google LLC. is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
13.2 Facebook Custom Audience on the pixel process
This website uses the so-called ‘Facebook Pixel’ of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as ‘Facebook’). In the case of explicit consent, this may track the behavior of users after they have seen or clicked on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help to optimize future advertising efforts. The data collected are anonymous for us, so we cannot draw conclusions about the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage directive (https://www.facebook.com/about/privacy/).
You can enable Facebook and its affiliates to display ads on and off Facebook. Further, a cookie may be stored on your computer for these purposes. These processing operations are carried out exclusively upon granting explicit consent in accordance with Art. 6 (1a) GDPR. A consent in the use of the Facebook pixel may only be declared by users who are older than 13 years old. If you are younger, we ask that you ask your guardians for permission.
Based in the US, Facebook Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
14. Rights of the person concerned
You have the following legal data protection rights under the relevant legal conditions: Right to information, right to correction, right to deletion, right to restriction of processing, right to data portability, right to withdraw consent as well as the right to object to particular data processing measures. Your further have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated. In Austria, this is the data protection authority.