1. Data Controller
Controller responsible in respect to the General Data Protection Regulation (GDPR) or other european data protection regulation is
Tel.: +43 677 617 63571
2. Data collection when visiting our website
You can visit our websites without providing personal information. In this case we store only access data your browser transmits to our server, so-called server log files including:
- our visited website
- date and time of access, time zone
- transferred data volumes (in byte)
- what websites or search terms referred you to the site
- how you interact with the site
- some of the cookies that are installed on your device
- operating system
- IP (anonymized)
- internet provider
In accordance to our legitimate interest of improving functionality and stability of our website (Art. 6 (1f) GDPR), these data are analyzed exclusively to ensure an uninterrupted operation of the website and improve our service. They cannot be traced in any way to specific individuals and are not forwarded to third parties
To improve the experience of visiting our website and enable the use of specific functions, we use so-called 'cookies' on various pages. These are small text files that are stored on your end-device. Some of the cookies we use are deleted at the end of your browser session (i.e. as soon as you close your browser). These are called 'session cookies'. Other cookies remain on your end-device and enable us or our partners (third-party cookies) to recognise your browser upon your next visit ('persistent cookies').
If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.
In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal cookies are also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1b) GDPR either for the execution of the contract or in accordance with Art. 6 (1f) GDPR for safeguarding our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective web design.
We collaborate with various advertising partners who help make our online services and website more interesting for you. Therefore, whenever you visit our website, cookies from our partner firms will also be stored on your hard disk drive (third-party cookies).
You can set your browser to inform you about the placing of cookies and to ask your permission each time on whether to accept them, or to block the acceptance of cookies in specific cases or in general.
You can find the settings for your corresponding browser through the following links:
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please be aware that If you decide to block cookies, you may be unable to use certain functionalities on our website. Cookie Preferences
5. Customer Chat
4. Contact form & e-mail contact
If you get in touch with us using our contact form or via e-mail we store and process the personal data you provide. The data collected in the case of a contact form corresponds to the fields of the respective contact form. If you contact us via e-mail, we collect the data you provide us in your e-mail. We store this data exclusively for the purpose of responding to your inquiry or getting in touch and the technical administration related to it (Art. 6 (1b) GDPR). Your data will be deleted upon completion of your inquiry.
WeBloom OG is not making use of these messages or data other than to follow up on users’ registered issues or inquiries. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR).6. Data processing when creating an account and for execution of the contract
Personal data are stored and processed, if you provide them to us for the purpose of executing the contract or for opening a customer account. The nature of the data collected corresponds to the forms you filled out. We store and process the data you provide for the purpose of executing the contract (Art. 6 (1b) GDPR). Upon execution of the contract or deletion of the account, your data will be deleted after the storage period required by the tax and commercial law (currently 7 years).
When commenting on this website (e.g. when rating products), we store not only the comment, but also time and date of the comment, as well as your name and e-mail. Time, content of the comment and the name of the author will be published on our website. Further, we record and store your IP-address for safety reasons and in case the person concerned violates rights of a third party through the comment or posts illegitimate content. We need your e-mail address to contact you in case a third-party makes a complaint regarding the legitimacy of your published content. The processing of the data takes place on the legal basis of Art. 6 (1b) GDPR and Art. 6 (1f) GDPR.
8. Use of your data for direct mail
8.1 Newsletter sign-up
When signing-up to our newsletter, we regularly send you information regarding our offer. The only information mandatory for receiving the newsletter is your e-mail address. Providing additional data is voluntary and will be used to address you personally. With signing up to our newsletter you give us your consent (Art. 6 (1a) GDPR) to use your personal data. When signing up to our newsletter we store your IP address provided by your Service Provider (ISP), as well as the date and time of the signup, to be able to trace a possible abuse of your e-mail address at a later point. The data provided when signing up for our newsletter is exclusively used for the purpose of advertising through our newsletter. You can unsubscribe at any time by clicking the opt-out link provided in the newsletter or by sending an e-mail to the point of contact listed above. After unsubscribing we will immediately delete your e-mail address from our mailing list.
8.2 Existing customers
If you provided your e-mail address when purchasing goods from our online shop, we reserve the right to send you offers based on your previous purchases per e-mail. You will receive these individual product recommendations from us regardless of whether you have subscribed to a newsletter, as it is based on our legitimate interest of personalized direct advertising (Art. 6 (1f) GDPR and §107 TKG).
In case you previously objected against the use of your e-mail for this purpose, we will not send you any e-mails. If you do not wish to receive any more individual product recommendations from us, you can opt-out of this service at any time by sending us an e-mail or using the opt-out link provided in the newsletter. After we receive your objection to our e-mails we immediately cease to use your e-mail for marketing purposes.
Our e-mail newsletters are sent via the technical service provider SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France (http://sendinblue.com/). SendinBlue is a service with which the sending of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter (e.g. e-mail address) will be stored on SendinBlue's servers.
Our newsletters sent with SendinBlue enable us to analyze the behavior of newsletter recipients, for example how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links with which your clicks can be counted.
If you do not want any analysis by SendinBlue, you must unsubscribe from the newsletter. We provide a link for this in every newsletter. You can also revoke your consent at any time with effect for the future by sending an email to the address given in our legal notice.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the SendinBlue servers after you unsubscribe from the newsletter. This does not affect data that we have stored for other purposes (e.g. e-mail addresses for the member area).
For more information, see the data protection provisions of SendinBlue at: https://sendinblue.com/legal/privacypolicy/.Order processing contract
We have concluded a contract with SendinBlue in which we oblige SendinBlue to protect the data of our customers and not to pass them on to third parties.
9. Data processing for order processing
9.1 Based on the legal basis of execution of the contract (Art. 6 (1b) GDPR), we transfer your data to contracted service providers insofar as necessary for the handling of your order and delivery of your products. We transfer your payment data to contracted payment providers insofar as necessary for the processment of your payment.
Data transferred in this way can only be used by our service providers to perform their tasks. Any other use of the data is not allowed and does not occur with any of our trusted service providers. The following section will explicitly inform you about our contracted service providers.
9.2 Use of transport service providers
If your goods are delivered by the transport services provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Wien, Österreich), we transfer your e-mail address for the purpose of coordinating the delivery time or the delivery announcement only if you have previously given your consent (Art. 6 (1a) GDPR). Otherwise we only give access to your data in the scope and for the time period required for the provision of the delivery service (Art. 6 (1b) GDPR), such as the name of the recipient and the delivery address. In this case the coordination of delivery time and delivery status updates are not possible. Your consent can be revoked at any time towards us or the transport services provider Österreichische Post.
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will give your e-mail address in accordance with Article 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordination of a delivery date or delivery notification to DHL, provided you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. It will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible. The consent can be revoked at any time with effect for the future vis-à-vis the person responsible or the transport service provider DHL.
9.3 Use of payment service providers
For payment via Paypal we will transfer your payment data for the processing of the payment to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’). The disclosure is made in accordance with Art. 6 (1b) GDPR and only insofar as this is necessary for the payment process.
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if necessary for the contractual payment.
If a Klarna payment service is selected, the payment will be processed by Klarna Bank AB (publ) (https://www.klarna.com/de), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna). In order to enable the processing of the payment, your personal data (name, surname, street, house number, postcode, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, item, delivery method) will be passed on to Klarna for the purpose of identity and credit assessment, provided that you have expressly agreed to this in accordance with article 6 paragraph 1 letter a DSGVO during the ordering process. Here you can see to which credit agencies your data can be forwarded: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of score values includes, but is not limited to, address data. Klarna uses the information obtained on the statistical probability of payment default to make a balanced decision on the establishment, execution or termination of the contractual relationship.
You can withdraw your consent at any time by sending a message to the data controller or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary to process payments in accordance with the contract.
Your personal data will be processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for data subjects based in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy or for persons with registered offices in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy .Apple Pay
If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your terminal.
For the purpose of payment processing, the information you provide during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before sending the data to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website from which the purchase was made can access the payment data. Once the payment has been made, Apple will send your device account number and a transaction-specific dynamic security code to the originating website to confirm payment.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 letter b DSGVO.
Apple retains anonymised transaction information, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. Anonymisation completely eliminates the possibility of personal identification. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or the Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate through an encrypted channel on Apple's servers. Apple does not process or store this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone preferences. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac".
If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device operated with at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited at Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than 25,- € the prior unlocking of your mobile device by the respective verification measure (such as face recognition, password, fingerprint or pattern) is required.
For the purpose of payment processing, the information you provide during the ordering process, together with the information about your order, is passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the source website, which is used to verify that payment has been made. This transaction number does not contain any information about the real payment data of your means of payment deposited with Google Pay, but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google acts only as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 letter b DSGVO.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos that you attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and the offer associated with the transaction, if any.
According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and maintenance of the functionality of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information that is collected and stored by Google when using other Google services.
Further information on data protection at Google Pay can be found at the following Internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. You can find more information on data protection at Shopify Payments at the following Internet address: https://www.shopify.com/legal/privacy.
Data protection information on Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
If you choose to use a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland(hereinafter referred to as ‘Stripe’). Stripe will receive the information you communicated during the ordering process and the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 (1b) GDPR. The transfer of your data is exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. For more information about Stripe's privacy, please visit https://stripe.com/terms
10. Use of Social Media: Social Plugins
10.1 Facebook plugins with Shariff solution
On our website, so-called 'social plugins' ('plugins') from the social media network Facebook are used. This service is provided by the company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, (hereinafter referred to as 'Facebook').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Facebook when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Facebook website and allow you to log-in and interact with the plugins.
10.2 Instagram Plugins with Shariff Solution
On our website, so-called 'social plugins' ('plugins') from the social media network Instagram are used. This service is provided by the company Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA (hereinafter referred to as 'Instagram').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Instagram when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Instagram website and allow you to log-in and interact with the plugins.
10.3 Pinterest Plugins with Shariff Solution
On our website, so-called 'social plugins' ('plugins') from the social media network Pinterest are used. This service is provided by the company Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA (hereinafter referred to as 'Pinterest').
To increase the protection of your data during your visit to our website, the plugins are not directly integrated into the site, but by means of a HTML-Link. This integration ensures that no connection is established at first with the servers of Pinterest when you open a page on our website that contains such plugins. Only when you activate the plugins by clicking on them, a new browser window will open the Pinterest website and allow you to log-in and interact with the plugins.
11. Online Marketing
11.1 Google Adwords Conversion Tracking
This website uses the online advertising program "Google AdWords" and as part of Google AdWords the conversion tracking by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as ‘Google’). We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
The conversion tracking cookie is set when a user clicks on a Google-served AdWords ad. Cookies are small text files that are stored on your computer system. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can not be tracked through AdWords advertisers' websites. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in tracking, you can block this usage by disabling the Google Conversion Tracking cookie through your Internet browser under User Preferences. You will not be included in the conversion tracking statistics. We use Google Adwords based on our legitimate interest in a targeted advertising (Art. 6 (1f) GDPR).
You can permanently deactivate cookie cookies by blocking them by setting your browser software accordingly or by downloading and installing the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=en
12.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as ‘Google’). Google Analytics uses so-called "cookies", which are text files that are stored on your computer and that allow an analysis of your use of this website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transmitted to a Google server in the USA and stored there.
We only use Google Analytics with activated IP anonymization (‘_anonymizeIp()’). This means that the IP address of the users will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 (1f) GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf Google will use this information to evaluate your use of the website, compiling reports on website activity and providing other with website and internet related services to us. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from entering this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you must click this link again): Disable Google Analytics tracking cookies
13. Retargeting & Remarketing
13.1 Google AdWords Remarketing
Our website uses the features of Google AdWords Remarketing to advertise this site on Google's search results, as well as third party websites. Provider is the Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising based on the pages you visited, using a pseudonymous cookie ID. The processing is based on our legitimate interest of optimally marketing our website in accordance with Art. 6 (1f) GDPR.
Any further processing will only take place if you have agreed with Google that your internet and app browsing history will be linked to your Google account by Google and information from your Google account will be used to personalize the ads you see on the Web. In this case, when you log in to Google during the page visit of our website, Google uses your data with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google will temporarily associate your personal information with Google Analytics data to create audiences.
You can permanently deactivate the setting of cookies by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively you can contact the Digital Advertising Alliance on www.aboutads.info who inform you about the setting of cookies and make the corresponding settings. Finally, you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website.
US-based Google LLC. is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
13.2 Facebook Custom Audience on the pixel process
This website uses the so-called ‘Facebook Pixel’ of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as ‘Facebook’). In the case of explicit consent, this may track the behavior of users after they have seen or clicked on a Facebook ad. This process is designed to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help to optimize future advertising efforts. The data collected are anonymous for us, so we cannot draw conclusions about the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage directive (https://www.facebook.com/about/privacy/).
You can enable Facebook and its affiliates to display ads on and off Facebook. Further, a cookie may be stored on your computer for these purposes. These processing operations are carried out exclusively upon granting explicit consent in accordance with Art. 6 (1a) GDPR. A consent in the use of the Facebook pixel may only be declared by users who are older than 13 years old. If you are younger, we ask that you ask your guardians for permission.
Based in the US, Facebook Inc. is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
14. Rights of the person concerned
You have the following legal data protection rights under the relevant legal conditions: Right to information, right to correction, right to deletion, right to restriction of processing, right to data portability, right to withdraw consent as well as the right to object to particular data processing measures. Your further have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated. In Austria, this is the data protection authority.