Data privacy information
It gives you a comprehensive overview on which technologies we use, what this means to you and who you can contact in case of any questions.
We strictly comply with the legal obligations of the GDPR when processing personal data and would like to inform you below in more detail how data is being processed on our website.
This data protection policy only applies to www.orloffs.at and the associated sub-pages and not to websites controlled and operated by any third parties.
1. Contact details
Justin Rafael Orloff e.U.
A-1150 Wien, Braunhirschengasse 6/1
Privacy contact: Justin Rafael Orloff
2. Data protection:
Data protection is our highest concern. Our defined goal is to take all appropriate and necessary technical and organizational measures that protect your personal data, inter alia, against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
The communication and the data transfer on our website are carried out with the SSL procedure (Secure Socket Layer). As a result, all information is transmitted securely and encrypted. The measures taken are subject to regular review and are adjusted to the state of the art.
3. Definition of personal data
Personal data is any information relating to individuals whose identity is identified or identifiable, such as name, contact information, billing information or IP address.
4. Personal data we collect and how we process it
4.1 Information we collect
When visiting our website, so-called cookies automatically record data. For more information about how cookies are used on our website, see 6.
4.2 Data provided by you
Personal data that you transmit electronically on our website, e.g. in contact forms (name, e-mail address, postal address or other personal information) or when making a purchase transaction in our online shop (name, address, e-mail address, telephone number, payment method) is only used by us for the specified purpose, processed in accordance with the applicable data protection regulations, stored securely and will not be passed on to third parties – such as address publishers and direct advertising companies.
Personal data you provide us will be processed for the purposes described below.
We will only send you information if you have registered for relevant services and we have your consent to do so.
4.3 Processing of personal data by partners
Your personal data will only be passed on to third parties in regulation with the applicable law, i.e for the purpose of processing your order, fulfilling billing and payment, for marketing purposes or if you have given your prior consent. When processing your purchase we use partners such as banks, tax consultants, payment service etc that will receive the necessary data for order processing. The data passed on in this way may only be used by our partners to fulfill their task.
The partners have been carefully selected and take appropriate technical and organizational measures to ensure that your data is processed in accordance with data protection regulations and that your rights are protected. The partners are not permitted to use the personal data provided for their own or advertising purposes or to pass them on to third parties.
5. Non-obligatory data processing:
5.1 General contact form
- Contact form: When using the contact form, the following personal data will be processed: first and last name, address, e-mail, contact information and text of your request:
- Purpose: To respond to your inquiry, to contact you in the course of business initiation, customer acquisition/customer care, for efficient communication.
- Justification: legitimate interest in accordance with Art. 6 para. 1 lit. b GDPR
- Storage duration: 6 months. In the event of the conclusion of a contract, the data will be deleted after compliance with the retention periods of 7 years under tax law or the relevant retention periods of 10 years under product liability law.
5.2 Order and payment processing in our online shop and customer account
- Order processing: during the order process in the Woocommerce online shop, the following personal customer data is processed: first and last name, address, e-mail, payment method. Optionally, users can create a user account. Users are informed which mandatory information will need to be provided during the registration process.
- Payment processing: by using the online payment service Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, the following personal data is processed: first and last name, address, e-mail address, telephone number, payment method
- Shipping processing: by linking the shipping platform Sendcloud GmbH, Fürstenrieder Str. 70, 80686 Munich, with the online shop, the shipping of the ordered products is processed automatically and personal data such as first and last name and address are processed. Parcels are delivered by General Logistics Systems Austria GmbH (GLS) Traunuferstraße 105a 4052 Ansfelden, where the following personal recipient data is processed: first and last name and address.
- Purpose: Provision of contractual services as part of an online shop for order and purchase processing, billing, delivery and customer service.
- Justification: for the processing and fulfilling of the contract in accordance with Article 6 para. 1 lit. b GDPR
- Storage period: the data is stored for as long as it is necessary to fulfill the purpose for which it was collected or to execute the contract. After the purchase has been completed, there may be a need to store data in order to comply with contractual or legal obligations.
6. Data processing operations requiring consent:
- ● We use the service provider Zoho Corporation B.V. Beneluxlaan 4B, 3527 HT, Utrecht, Netherlands to send out newsletters. We use the data you provide (title, name, e-mail address) and need your consent that you, as the owner of the e-mail address, agree to receive mails via so-called double opt-in. You can unsubscribe at any time using the unsubscribe link in the newsletter.
- Purpose: Sending information about products, services and events.
- Justification: Consent according to Art 6 para. 1 lit a GDPR.
- Storage duration: As long as the newsletter is sent and there is no objection.
Cookies are small text files that are sent to your computer or mobile device from a website and are then stored by your web browser.
There are two different types of cookies. So-called session cookies, which are deleted as soon as you close your browser, and permanent cookies, which remain on your data medium until you delete them manually in your browser.
We use permanent cookies to recognize you the next time you visit our website. These cookies help us to design and optimize our offering on the website to facilitate the use, for example by saving certain entries form you in such a way, that you do not have to constantly repeat them.
7. Embedded Social Media Elements
We integrate elements of social media services on our website in order to display images, videos and texts.
By visiting pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.
The following links will take you to the pages of the these social media services, where it is explained how they handle your data:
- Facebook data policy: https://www.facebook.com/about/privacy
- Vimeo data policy: https://vimeo.com/privacy.
7.1 Facebook (Meta)
On this website we use functions from Facebook, a social media network from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
You can read about the functions (social plug-ins) provided by Facebook at https://developers.facebook.com/docs/plugins.
By visiting our website, information can be transmitted to Facebook. If you have a Facebook account, Facebook can associate this data with your personal account. If you do not wish to do so, please log out of Facebook.
7.2 Instagram (Meta)
We use functions of the social media network Instagram from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland on our website.
Using Instagram content embedding features (embed function) allows us to display images and videos.
Data (IP address, browser data, date, time, cookies) is transmitted to Instagram, stored and evaluated.
If you have an Instagram account and are logged in, this data will be assigned to your personal account and the data stored in it. If you do not want this, please log out of Instagram.
We are embedding videos from the “Vimeo” platform of the provider Vimeo Inc., 555 West 18th Street New York, New York 10011, USA, on this website.
8. Analysis and marketing measures
8.1 Google Analytics
This website uses Google Analytics, a service of Google Ireland Limited
Gordon House, Barrow Street Dublin 4, Ireland, to analyze how users use our website. The service uses “cookies” – text files that are stored on your device. The information automatically collected by cookies about your use of the website is usually transmitted to a Google server in its global infrastructure and stored there. IP anonymization takes effect on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area and there is no personal reference. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
You have the option of preventing the storage of cookies on your device by changing the relevant settings in your browser. There is no guarantee that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.
You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc.
The following link takes you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Here you find further information on the use of data by Google: https://support.google.com/analytics/answer/6004245?hl=en
8.2 Google AdWords
We use Google AdWords Conversion Tracking to measure the success of our advertising measures. After certain goals have been achieved on our website (“conversions”) – such as completing a booking or registering for our newsletter – this goal achievement is recorded by Google. Google can use it to measure the number of goals achieved. In addition, on the basis of previously set cookies, Google will assign which advertisements were previously clicked on and were therefore decisive for achieving the goal.
For the placement of Google Ads in the Google advertising network, we use the plugin of the shop system WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland. The use of advertising cookies can be deactivated here: https://myadcenter.google.com/?sasb=true
9. Tools we use
If we collect and process your personal data as stated, we use the following service providers and tools which – as recipients in terms of the GDPR – could have access to your data. As processors, these service providers are contractually obliged to comply with the data protection regulations:
Zoho Corporation B.V.
Beneluxlaan 4B, 3527 HT, Utrecht, Niederlande
Zoho Corporation Pvt. Ltd.
Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India
WooCommerce Ireland Ltd.
Grand Canal Dock, 25 Herbert Pl
Dublin, D02 AY86
60 29th Street #343
San Francisco, CA 94110
Fürstenrieder Str. 70
General Logistics Systems Austria GmbH (GLS)
Google Ireland Limited
Gordon House, Barrow Street Dublin 4, Ireland
1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Stripe Payments Europe Limited
1 Grand Canal Street Lower
Grand Canal Dock
Dublin, D02 H210, Ireland
354 Oyster Point Boulevard
South San Francisco, California, 94080, USA
One World Trade Center, 87th Floor
New York, NY, 10007, USA
We would like to point out that the services mentioned above may result in the processing of personal data and this may be carried out in the USA or other third countries. The European Court of Justice does not see an adequate level of data protection in the USA since the fall of the Privacy Shield. There is therefore a theoretical risk that US authorities may have access to your data for control and monitoring purposes. However, all of our third-party providers have the applicable standard contractual clauses in place. If data is accessed outside of the European Economic Area (EEA), an appropriate level of data protection is guaranteed by using the applicable version of the EU standard contractual clauses.
In the consent banner you can actively agree to the use of the technologies mentioned and the transmission of data to third parties in third countries (including the USA). You can revoke this consent at any time. Please note that based on the settings you have made yourself, it is possible that not all the functions of the site will be available.
10. Your rights and choices:
You have the following data subject rights to information, access, rectification, erasure (to be forgotten), correction, restriction of processing, objection, data portability and to withdraw data protection consent.
You can assert these data subject rights by sending a message to the e-mail address E-Mail: firstname.lastname@example.org.
We will also notify you immediately in the event of a breach of personal data protection, if these violations are likely to endanger your rights and freedoms.
Furthermore, you have the right to lodge a complaint with the supervisory authority. In Austria the data protection authority is responsible.
We reserve the right to change the data protection policy from time to time to reflect changes of relevant laws, new services or data processing.