The protection of your personal data is important to us. Your data will be processed exclusively in accordance with the provisions of the General Data Protection Regulation (DSGVO), the Data Protection Act (DSG) and the Telecommunications Act (TKG).
1.1 Personal data
According to Art 4 line 1 DSGVO, personal data is given if there is information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly. Personal data includes, for example, name, address, IP address, e-mail address, etc.
2. Collection and processing of your personal data
The purpose of processing your data is the operation of the website and the execution of contracts; this also includes related activities (administration of your account, processing of payment and shipping, etc.). Your personal data will only be used if the purpose requires it and there is a justification.
For the purpose of operating our website, the following data is stored and processed:
- Browser type and version;
- Operating system used;
- Website from which you are visiting us;
- Website you are visiting;
- Date and time of your access;
- Your Internet Protocol (“IP”) address.
For the purpose of contract initiation and fulfillment (and related activities), the following data is stored and processed:
- Payment data
The legal basis(s) of the processing of your personal data can be found under point 2.1. Your data will be disclosed to third parties in accordance with point 2.2.
2.1 Legal basis for the processing of personal data
Consent according to Art 6 para 1 lit a DSGVO
Fulfillment of the contract and initiation of the conclusion of the contract pursuant to Art 6 para 1 lit b DSGVO.
The processing of your personal data is permissible in order to initiate a business transaction and to process it after conclusion of the contract.
Fulfillment of legal obligations pursuant to Art 6 para 1 lit c DSGVO.
The processing of your personal data is permitted in order to comply with legal obligations. In particular, the Federal Tax Code and the Business Code stipulate retention obligations (7 years).
The deletion takes place after the expiry of these periods, the necessity of the retention of the data is reviewed every three years.
Legitimate interests pursuant to Art 6 para 1 lit f DSGVO.
The processing of your personal data is permissible if there is a legitimate interest on our part in the processing (e.g. answering your inquiries, etc.).
2.2 Passing on personal data to third parties
Your personal data will only be passed on if your consent exists, if it is necessary for the initiation or fulfillment of a contract or if there are legal obligations. In the further course you will find detailed information about these third parties.
Via our website we offer you the possibility to subscribe to our newsletter. If you subscribe to our newsletter, we will inform you about our offers at regular intervals. In order to offer this service, we use the services of CleverReach GmbH & Co KG.
The processing of your associated data (esp name, IP address and email address) is based on your consent pursuant to Art 6 para 1 lit b DSGVO. We will check the e-mail address you have entered to ensure that you are actually the owner of the e-mail address provided or that its owner has authorized the receipt of the newsletter.
You can cancel your subscription to this newsletter at any time. Details of this can be found in the confirmation email and in each individual newsletter.
We use a so-called hosting service provider to operate our website. This provides us with computing power and storage space. This is Hetzner Online GmbH, which is based in Germany.
This service provider processes data exclusively in the European Union under the permissibility conditions of point 2.1.
Hetzner Online GmbH
Industrial road 25
We use so-called cookies on our website. Cookies are small text files that your Internet browser places and stores on your computer. On the one hand, they serve to optimize our website and our offers. On the other hand, they serve to recognize users. These are mostly “session cookies”, which are deleted after the end of your visit. In individual cases, however, “permanent cookies” are also set, which are not deleted after the end of your visit.
For cookies that are not technically essential, you will be asked for your consent (see point 2.1.). Only if you consent to the processing, your cookies will be processed for the purpose of improving our website for a period of 120 days.
If cookies are functionally absolutely necessary, processing is also possible without your consent pursuant to § 96 TKG, Art 6 para 1 lit f DSGVO.
4. Matomo Analytics
We use the Matomo Analytics tool on our website. This is an open source software of the Matomo organization. Information is collected about your browser type and version, operating system used, the website accessed, date and time of your access and your IP address. This with the purpose of improving user experience and user friendliness.
5. Payment processing by Unzer Austria GmbH
To process your payments, we use the services of Unzer Austria GmbH. The processing of your personal (name, payment information, etc.) data is justified by Art 6 para 1 lit b DSGVO.
6. Shipment processing by Sendcloud GmbH
To process the shipment of your order, we use the services of Sendcloud GmbH. The processing of your personal (name, address, etc.) data is justified by Art 6 para 1 lit b DSGVO.
7. Third-party plugin
This website contains so-called plugins from third-party providers listed below. If you call up one of our sites that contains such a plugin (recognizable by the brand of the third-party provider), a direct connection is established with the provider of the plugin. This transmits your data to the third-party provider; as the operator of the website, we have no influence what personal data is transmitted; in any case, however, the third-party provider receives the information that you have visited our website. If you have an account with one of the third-party providers, your data may be linked.
Google Ireland Limited
Gordon House, Barrow Street
7.2 Google Maps
Google Ireland Limited
Gordon House, Barrow Street
7.3 Trusted Shops
In order to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge of Trusted Shops GmbH is integrated on this website.
When you call up the Trustbadge, your IP address, the date and time of the call-up, the amount of data transferred, etc. are stored. This data is processed exclusively to ensure trouble-free operation and is automatically deleted no later than seven days after the end of your visit to the site (Art 6 para 1 lit f DSGVO).
Further personal data is only transferred if you have consented to this, have decided to use Trusted Shops products after completing an order, or have already registered to use them.
Trusted Shops GmbH
Subbelrather Street 15c
8. Your rights
The GDPR standardizes the following rights:
- Restriction of processing
- Data portability
- Objection to processing
If you wish to exercise any of these rights, please contact firstname.lastname@example.org, providing proof of your identity (e.g. by means of a copy of your identity card).
You also have the right to lodge a complaint with the Austrian data protection authority if you are of the opinion that the processing of your data violates data protection regulations.
9. Data security
We continuously improve our security measures to protect your personal data from access by third parties. All personal data is transmitted in encrypted form.
Despite great care, Magu CBD GmbH is not liable for unlawful interference by third parties.