Privacy Policy

1. Privacy Policy

The protection of your personal data is a particular concern of ours. Therefore, when collecting and processing your personal data, we strictly adhere to all legal requirements, in particular the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Austrian Data Protection Act. Below, we would like to explain their most important aspects and inform you about the scope and purpose of our data processing and your rights as a data subject:

2. Controller and Contact Point

The services offered and provided by us are operated or offered and provided by Weingut Christoph Donabaum. Weingut Christoph Donabaum is therefore also the controller under data protection law for the associated data processing. If you have any questions regarding data protection, you are welcome to send them directly to
office@weindonabaum.at.

3. Handling of Personal Data

3.1. Contacting us for business relationships

When you contact us, your details will be processed for the purpose of handling the contact request and its processing in accordance with Art. 6 (1) (b) GDPR. The purpose of the data processing is therefore to establish contact on the one hand, and on the other hand to exercise or fulfill the rights and obligations arising from the business relationship, its fulfillment and administration, as well as the processing of your concerns.

In particular, data from interested parties for our offers is only processed to the extent necessary for the transmission of targeted information to the interested parties. If necessary, logistics companies receive the necessary data (delivery data) in order to be able to deliver goods on our behalf.

For the purpose of processing these (pre-/post-)contractual relationships, the following personal data in particular are processed:

  • personal identification details and contact information (e.g., title, name, address, date of birth, email address, telephone number);
  • payment data (e.g., bank details);
  • data from the fulfillment of our contractual obligations (e.g., delivery addresses, addresses of objects with repair orders, billing data);
  • advertising and sales data (e.g., information on consents granted or revoked).

In addition, we process data that we permissibly receive from publicly accessible sources (e.g., commercial register, land register, register of associations, etc.).

3.2. Webshop and payment process

If you order goods or services in our webshop, we process the data you entered into the input masks of the webshop and other transaction-related data (in particular purchase contract number, order number, order date, delivery type, estimated delivery time, product purchased, price, shipping method, payment method) for the processing of your order.

Depending on the goods/services ordered, it may be necessary to carry out age verification. For this purpose, the date of birth is processed for the age query, a copy of an ID card may also be requested and processed, and if necessary, a technical age verification is carried out with the data entered.

Depending on the desired payment method, it is also necessary to transmit the personal data, including information required to process the payment, to the respective payment service provider or the credit institution commissioned with the payment or the company behind the selected payment process. These process the payment transaction independently and act as their own data protection controller.

In principle, the data required for this—credit card holder, number, expiration date, and Card Validation Code—are processed by the respective payment service provider and, if necessary, also used to verify the data provided for the purpose of excluding abusive use. We ourselves only store payment data for payment transactions to a limited extent (if applicable, means of payment, selected credit card, and the last four digits of the credit card number). Payment by credit card is voluntary. Specifically, Stripe is currently involved in payment processing.

3.3. Voluntarily disclosed data

If you voluntarily disclose data that has not been requested, you thereby grant your express consent to the processing of this data in accordance with this privacy policy. You have the right to revoke any consent granted at any time, in whole or in part.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent. The processing of the data entered into the contact form is therefore based exclusively on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. An informal notification by email to us is sufficient for this. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you enter in the contact form remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

If you have also provided us with your email address in connection with the sale of goods or a service, we may, based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, send you direct advertising by email in the form of information and mailings for our own or similar services. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising. In this context, we may also carry out the following data processing—in each case on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR:

  • Internal procurement market analysis,
  • Internal data processing and analysis to ensure a customer-specific approach with tailored offers,
  • Internal data processing and analysis for the purpose of improving and developing intelligent and innovative services and products,
  • Assertion of legal claims and defense in legal disputes,
  • Presentation of our company;
  • Maintenance of proper customer and business contact.

3.4. Newsletter

If you have provided us with your email address for this purpose, you will receive our regular newsletter. We only use your email address for this and provide information about our services and activities, other news within our company, and our own events. Like all consents, this can also be revoked by email or—if technically integrated—by unsubscribing from the newsletter via the button/link in the newsletter itself. We also use your data to send you occasion-related information about innovations in our company or invitations to events. These purposes find their legal basis in your consent and in our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in a proper customer relationship.

Newsletter distribution with Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Brevo is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on the servers of Sendinblue GmbH in Germany. If you do not want any analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Data analysis by Brevo

With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and whether links were clicked, if applicable. If you do not want any analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Detailed information on the functions of Brevo can be found at:
https://www.brevo.com/en/.

Legal basis

Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage duration

The data you have stored with us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. For more details, please refer to Brevo’s privacy policy at:
https://www.brevo.com/en/legal/privacypolicy/.

Data processing agreement

We have concluded a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law, which ensures that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3.5. ACCESS DATA

We are the controller of our website under data protection law. When using our website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 (1) sentence 1 (f) GDPR):

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website,
  • the sub-websites accessed,
  • the date and time of access to the website,
  • an Internet Protocol address (IP address),
  • the internet service provider of the accessing system, and
  • other similar data and information used for security purposes in the event of attacks on our information technology systems.

The purpose of this data processing is to maintain our website, in particular faster error localization and correction, as well as monitoring the load and, if necessary, making adjustments or improvements. In particular, the collection of this general data is not used by the controller to draw conclusions about the data subject, but rather to:

  • deliver the content of our website correctly,
  • ensure the permanent functionality of our information technology systems and the technology of our website, and
  • provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Insofar as a personal reference is given, the data security to be guaranteed and the maintenance of the online presentation represent our legitimate interests within the meaning of Art. 6 (1) (f) GDPR and thus the legal basis.

We further attempt to dispel data protection concerns by storing the data only for a limited period. As an alternative to deletion, the IP address of your computer is anonymized by shortening. In the case of hacking attacks, longer storage may be necessary to ensure the security of our website.

4. COOKIES

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your end device and do not contain viruses, Trojans, or other malware. Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we gain immediate knowledge of your identity. The data stored in our cookies is not linked to your name or address.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific fixed period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again. These cookies therefore serve to make it easier for you to use our website and our webshop. These cookies remain stored on your computer until you manually delete them from your browser or they are reset due to a longer absence.

Cookies are used for the demand-oriented design and continuous optimization of our website.

Again, our legitimate interests within the meaning of Art. 6 (1) (f) GDPR (in the purposes mentioned above) and—if applicable—consent represent our legal basis. Most browsers accept cookies automatically. We do not use any additional cookies that would require consent. However, you can also generally prohibit the use of cookies entirely through the appropriate setting in your browser. However, completely deactivating cookies may mean that you cannot use all the functions of our website. Further information can be found in the Cookie Policy.

5. Google Maps

We use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. By using the functions of this map, data is transmitted to Google. You can read about which data is collected by Google and what this data is used for at

https://www.google.com/intl/en/policies/privacy

.

6. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at

https://developers.google.com/fonts/faq

and in Google’s privacy policy:

https://www.google.com/policies/privacy/
.

7. General Information on Data Processing

7.1. Source of data

Insofar as we have not received the personal data listed above from you yourself, it will be transmitted to us by your relatives, legal adult representatives, or other persons you trust.

7.2. Revocation of consent

You can revoke any consent given at any time and without giving a reason by email to
office@weindonabaum.at
. Where processing is based solely on your consent and we are not legally obliged to store it, the relevant data will then be irrevocably deleted. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

7.3. Transmission of data

Disclosure, transmission, or transfer of data to natural or legal persons who are neither processors nor authorized to process data under our direct responsibility or under the responsibility of one of our processors (third parties) only takes place in accordance with the respectively applicable legal provisions.

We do not transmit your personal data to third parties, except

  • we are legally obliged to do so,
  • this is necessary within the framework of the business relationship,
  • we are otherwise commissioned by you to do so, or
  • the transfer corresponds to the purpose of the data processing.

In addition to our employees and independent personal caregivers, transport services, lawyers, or tax consultants in particular may receive your personal data if necessary. Processors employed by us may also receive data. These are, for example, companies in the categories of postal and printing service providers, IT service providers, IT support (hardware and software), sales partners, web service companies, credit agencies, debt collection service providers, and other processors that we use within the framework of order processing.

Any recipients are and will be obliged by us to comply with data protection regulations. A corresponding data processing agreement has been concluded with processors. A transmission of personal data to third countries or international organizations does not take place.

7.4. Retention period and storage period

We do not process and store the data in personal form permanently, but only in accordance with the periods prescribed in the respectively applicable legal provisions, but in any case as long as this is necessary for the purpose of complete processing of the agreement (including the expiration of any limitation periods and the final termination of any administrative or judicial proceedings). In particular, reference should be made to our obligation to retain tax-relevant documents for 7 years in accordance with the Federal Fiscal Code.

Subject to the existence of other conditions of legality within the meaning of Art. 6 GDPR, stored data will be deleted immediately and not processed further as a result of a revocation of consent pursuant to Art. 7 (3) GDPR or a legitimate objection pursuant to Art. 21 GDPR.

8. Miscellaneous

The storage and backup of the data takes place in the EEA. Your data will not be used for automated decision-making.

8.1. Data security measures

Taking into account the criteria of Art. 32 GDPR, we take appropriate and suitable technical and organizational measures (TOMs) for the security of the data and data processing and ensure that the data is protected against unauthorized or unlawful processing and against loss, damage, and alteration. The TOMs are subject to technical progress and further development. We are therefore entitled to change, reduce, expand, or implement alternative adequate TOMs at any time at our own discretion. In the event of a breach of data protection, we will fully comply with our notification obligations under the GDPR.

8.2. Disclaimer

Despite all precautions and measures, it cannot be ruled out that data disclosures, losses, damage, and alterations may occur and that you may suffer damage. The use of our services is at your own risk and peril under data protection law. We therefore assume no responsibility or liability for damage and consequential damage arising from or in connection with data disclosures, losses, damage, and alterations, unauthorized and/or manipulative access to or interference with data processing and transmission, as well as violations of data protection provisions (GDPR, DSG) which were not caused by us unlawfully and culpably.

We are liable for damages—with the exception of personal injury as well as property damage and financial loss as a result of a breach of primary contractual obligations—only in the event of intent or gross negligence.

The above disclaimers or limitations of liability also apply to our bodies, employees, representatives, and attributable vicarious agents as well as to processors involved and to all persons involved by them.

8.3. Changes to the Privacy Policy

We reserve the right to change or supplement the privacy policy including attachments at any time and without giving reasons, in order to comply with the respectively applicable legal provisions and to accommodate your interest (in particular regarding transparency of processing). Insofar as your consent is required for this, the changes will only be made with your consent.

8.4. Your Rights

As a data subject, you have the following rights and remedies available to you:

  • Right of access
    You have the right to request information as to whether—and if so: which—personal data about you is being processed. In order to prevent information being given to unauthorized persons, it may be necessary to verify your identity in the event of an application.
  • Right to rectification and erasure
    You can request the rectification/completion of your incorrect personal data as well as the erasure of your data. We will comply with this immediately, provided that no legal obligations prevent us from doing so.
  • Right to restriction of processing
    You have the right to restrict the processing of your personal data.
  • Right to data portability
    You can request the transfer of collected personal data to a third party.
  • Right to object
    If such reasons arise from your particular situation, you can object to the processing of your personal data at any time.

You can assert these rights directly with us as the responsible data processor either by post or by email to
office@weindonabaum.at
. You can also contact us at any time by email for questions regarding data protection.

We would like to point out to you now that—regardless of the handling of your requests—we are obliged to establish your identity in order to prevent any data protection violations (e.g., providing incorrect information to the wrong person). For this reason, we must go through an identity verification procedure with you for every request.

Furthermore, if you suspect violations of data protection regulations, in particular your rights as a data subject, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Telephone: +43 1 521 52-25 69, Email:
dsb@dsb.gv.at
as the competent supervisory authority.