Privacy & Cookie Policy
Privacy & Cookie Policy
The protection of your personal data is very important to us. Therefore, we process your data exclusively on the basis of the legal regulations in Austria (DSGVO, TKG 2003). Our Privacy Policy describes how we collect and process your Personal Data through our website (www.baronfilou.com) and at events. We encourage you to read this Privacy Policy as well as our Terms and Conditions of Use.
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING IN THE EUROPEAN UNION AS DESCRIBED IN THIS PRIVACY POLICY.
Note to Residents of the European Union: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European consumers and users, this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR.
Information about your personal data
This Privacy Policy relates to data about you, your devices, and your interaction with our Services.
“Personal Data” is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers, physical characteristics such as gender and dress size.
Collection, processing and utilization of personal data.
You can visit our website without providing any information about yourself. We only store access data without personal references, such as the name of your Internet service provider. This data is used for improving our Internet service only and is processed in a way that cannot be traced back to you in person.
We collect personal data only when you provide it to us, by ordering merchandise, opening a customer account, registering for our newsletter or voluntarily participating in a promotional sweepstakes. We use the data that you have provided without your separate consent exclusively for the purpose of fulfilling and processing your order. With completion of the contract and full payment of your purchase, your data will be blocked for further use and deleted after expiration of the tax and commercial storage periods, unless you expressly consent to the further use of your data. When registering for the newsletter, your e-mail address is for our own advertising purposes, until you unsubscribe from the newsletter. You can unsubscribe at any time.
If you contact us via the form on the website or by e-mail, your data will be stored for six months to process the request and in case of follow-up questions. We will not share this information without your consent.
Collection of personal data in sales promotions
We use your information only for the fulfillment and processing of the competition for which you actively registered. After completion of the competition, the announcement of the winners and distribution of prizes, data will be blocked for any other use and deleted after a period of one year, unless you expressly consent for participation in the further use of your data.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are the browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request, IP address. These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Contacting Us
On our website we offer you the opportunity to contact us, either by email and/or by using a contact form. In such event, information provided by the user is stored for the purpose of facilitating communications with the user. No data is transferred to third parties. Nor is any of this information matched to any information that may be collected by other components of our website.
Newsletter Subscription
When you register for our e-mail newsletter, we will regularly send you information about our offers. Only your e-mail address is required for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have explicitly confirmed that you consent to receiving newsletters. We will send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on an appropriate link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 (1) lit. a DSGVO. When you register for the newsletter, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your e-mail address later. The data collected by us when you register for the newsletter is used exclusively for the purpose of addressing you in an advertising manner by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this, which is permitted by law and about which we inform you in this declaration.
- Newsletter Delivery by Sendinblue
Our e-mail newsletter is sent via the technical service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 (1) lit. f DSGVO and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e. g., e-mail address) is stored on Sendinblue’s servers in the EU. In accordance with the requirements of the GDPR, we have a data processing agreement with Sendinblue. Within this agreement it is outlined how your data is shared. You can find the data processing agreement here.
Sendinblue uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e. g., time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data. Direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, Sendinblue may use this data itself in accordance with Art. 6 (1) lit. f DSGVO based on its own legitimate interest in designing and optimizing the service in line with demand, as well as for market research purposes, for example to determine which countries the recipients come from. However, Sendinblue does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
We have concluded an order processing agreement with Sendinblue, with which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties.
You can view Sendinblue’s privacy policy here.
Use of Cookies
On several pages, we use cookies to make visiting our site more attractive and to enable certain features. Cookies are small text files that are stored on your computer. Most of the cookies that we use are deleted from your hard drive at the end of the browser session (session cookies). Other cookies remain on your computer and allow us to recognize your computer on your next visit (persistent cookies). These cookies are used to greet you with your username and to spare you from having to re-enter your password and data on forms when you re-order. Our partner companies are not allowed to collect, process, or use personal information obtained by cookies on our website.
If you want to learn more about the cookies we use and what their purpose is or if you wish to reconfigure your cookie settings, click on the button below.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you allow this only in individual cases.
Using your personal information
Your data is disclosed as necessary to parties involved in sending or picking up your goods. Baron Filou GmbH receives no payment data.
Data storage
We point out that for the purpose of easier shopping and subsequent contract processing by the web shop operator in the context of cookies, the IP data of the subscriber are stored, as well as the name, address, e-mail address, telephone number and credit card number of the buyer.
The data provided by you are required to fulfil the contract or to carry out pre-contractual measures. Without this data we cannot conclude the contract with you. A transfer of data to third parties does not take place, except for the transfer of the credit card data to the processing bank / payment service provider for debiting the purchase price, to the transport company / shipping company commissioned by us to deliver the goods and to our tax advisor to fulfil our tax obligations. Baron Filou also uses external IT service providers, that may be given access to your personal data, for the purpose of improving the website, the shopping experience and ensuring the functionality of the website.
In the case of a contract, all data from the contractual relationship are stored until the expiry of the tax retention period (7 years).
The data name, address, purchased goods and date of purchase are also stored until the end of product liability (10 years). Data processing takes place based on the statutory provisions of § 96 (3) TKG and Art. 6 para. 1 lit. a (consent) and / or lit b (necessary for fulfilment of the contract) of the GDPR.
Right of Access
In general, you have the right to information, correction, deletion, restriction, portability, revocation and opposition. If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority. In Austria, this is the data protection authority.
Children
We do not knowingly collect Personal Data online from children under 16. If you become aware that a child has provided us with Personal Data without parental consent, please contact us on office@baronfilou.com. If we become aware that a child under 16 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel the child’s account.
Contact for Privacy Policy
For questions regarding the collection, processing or use of personal data, the disclosure, correction, blocking or deletion of data and revocation of consents granted, please contact:
office@baronfilou.com
Baron Filou GmbH
Elisabethstrasse 101
8010 Graz
AUSTRIA
Use of Facebook Plug-ins
Our website uses Facebook plugins by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). The plugins are identifiable by a Facebook logo or the “Like” button on our website. For a full list of all social Plugins, please see: http://developers.facebook.com/docs/plugins/.
When you visit a page of our website that contains a social plugin, your browser establishes a direct connection to Facebook servers. Facebook receives information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to correlate your visit of our site with your user account. We wish to point out that we as providers of the website, do not receive information about the content of the transferred data nor its use from Facebook. For more information, please see Facebook’s privacy policy at http://de-de.facebook.com/policy.php
If you do not wish for Facebook to be able to trace your visit of our website to your Facebook user account, please log out of your Facebook account before visiting our website.
Facebook Pixel
If you agree through your settings, we use “conversion pixels” by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) for our online offering.
The Facebook pixel set allows us to see how successful a Facebook ad is. From Facebook we only receive statistical data without direct personal reference.
If you are logged into Facebook, you should review Facebook’s privacy policy at www.facebook.com/about/privacy/.
In addition to opting in, to our site, you can check your personal settings on Facebook at www.facebook.com/ads/preferences/.
The legal basis for the processing of personal data using cookies in connection with the use of Facebook “Conversion Pixel” for analysis purposes is, if you have given your consent to this, in accordance with Art. 6 para. 1 lit. a DSGVO. In addition, we have a legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO, because we have an interest in the optimization of our online offer, our advertising presence, and our marketing measures on Facebook.
You can contradict a given consent to the data processing described above at any time by changing the settings regarding the permitted cookies or by changing the settings in your browser.
Use of Snapchat Plugins
Snap pixel and website custom audiences:
We use the so-called “snap pixel” of the social network Snapchat, which is operated by Snap Inc, Market Street, Venice, CA 90291, USA (“Snapchat”), for the purpose of analyzing and optimizing our website and services.
With the help of the snap pixel, Snapchat is on the one hand able to determine the visitors of our website as a target group for the display of ads (so-called “snapchat ads”). Accordingly, we use the Snapchat Pixel to display the Snapchat Ads placed by us only to those Snapchat users who have also shown an interest in our website or who have certain characteristics (e.g. interest in certain topics or products determined by the websites visited) which we submit to Snapchat (so-called “custom audiences”).
We also want to use the Snap Pixels to ensure that our Snapchat Ads match the potential interest of users and are not annoying. The snap pixel also helps us to monitor the effectiveness of Snapchat ads for statistical and market research purposes by showing us whether users are redirected to our website after clicking on a Snapchat ad (so-called “conversion”).
The processing of data by Snapchat is governed by Snapchat’s Data Use Policy. Accordingly, general guidance on the display of Snapchat ads, in Snapchat’s Data Usage Policy: https://www.snap.com/en-US/privacy/privacy-center/.
You can contradict a given consent to the data processing described above at any time by changing the settings regarding the permitted cookies or by changing the settings in your browser.
Use of Google +1
Collection and distribution of information:
The Google +1 button is a way for you to share information publicly with the world. The Google +1 button helps you and other users to receive personalized content from Google and its partners. The fact that you +1’d something will be recorded by Google, along with information about the page you were viewing when you clicked on the +1 button. Your +1’s may appear to others as an annotation with your profile name and photo in Google services (such as in search results or on your Google Profile) or elsewhere on websites and ads on the Internet.
Google will record information about your +1 activity in order to provide you and other users with a better experience on Google services. In order to use the Google +1 button, you need to have a public Google profile that is visible to the world, which at a minimum includes the name you chose for the profile. That name will be used across Google services and in some cases, it may replace another name you’ve used when sharing content under your Google Account. Google may display your Google Profile identity to people who have your email address or other identifying information.
Use of the information collected:
In addition to the above-described uses, the information you provide will be subject to Google’s main privacy policy. Google may share aggregate statistics related to users’ +1 activity with the public, or distribute these to other users and partners, such as publishers, advertisers, or linked sites.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under http://tools.google.com/dlpage/gaoptout?hl=de.
Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this, you can disable it using AdManager (http://www.google.com/settings/ads/onweb/?hl=en).
Google-Tag-Manager
We also use Google Tag Manager. Google Tag Manager itself does not collect any personal data. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and orientation towards target groups, and to test and optimize websites. If you have performed deactivation, Google Tag Manager takes this deactivation into account. http://www.google.de/tagmanager/use-policy.html
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is used by your computer.
Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. Data processing is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Use of Google Maps
We use the “Google Maps” component of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google.”
Google sets a cookie in order to process the user configuration and data when the page with the integrated “Google Maps” component is displayed. As a general rule, this cookie is not deleted by closing the browser, but rather expires after a certain time, as long as it is not previously manually deleted by you.
If you do not agree with this processing of your data, you may choose to deactivate the “Google Maps” service and thereby prevent the transfer of data to Google. To do this, you must deactivate the Java Script function in your browser. However, we would like to point out that in this case you will not be able to use “Google Maps” or at least only to a limited extent.
The use of “Google Maps” and the information obtained through “Google Maps” is according to Google’s Terms of Use http://www.google.de/intl/de/policies/terms/regional.html
as well as the additional Terms and Conditions for “Google Maps” https://www.google.com/intl/de_de/help/terms_maps.html.
Use of Google Ads
This website uses Google Ads. Ads is an online advertising program of Google Ireland Ltd, Gordon House, Barrow Street Dublin 4 IE (“Google”). Within the framework of Google Ads, we use the so-called advanced Conversion- tracking. This requires consent, which you can object to.
Extended conversions are a function that supplements existing conversion tags. This allows conversion data collected on the website itself to be sent to Google in encrypted form.
When a conversion is run on a website, in most cases users such as a name, email address, or mailing address are collected. These can be captured and hashed in your conversion tracking tags. To do this, the data is encrypted using a one-way hash algorithm SHA256. The hash values of your user data are then passed to Google and used to improve your conversion measurement.
If Consent-Mode the cookie banner is accepted, the tracking tags will work as usual and capture the associated conversions and click information. In case of cookie refusal, Consent-Mode sends only a ping information. The so-called pings work without cookies. They may contain information such as the timestamp and the referral URL. No personally identifiable information is stored. In addition, the pings allow Consent Mode to contrast opt-in with opt-out rates. This information is then used to model conversions from users who declined the cookie banner.
When you click on an ad placed by Google, a cookie is set for advanced conversion tracking. Cookies are small text files that the internet browser places on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users.
Each Google Ads customer receives a different cookie. The cookies cannot be tracked through Ads clients’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. For example, customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
You can find more information about Google Ads and Google enhanced conversion tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Use of “FAST”
- General scope and description of the processing of data
We use FAST to correctly assign the success of an advertising medium. The data is automatically deleted after 90 days. No profiling takes place. FAST uses a unique key that third parties cannot assign and thus users are not traceable. Personalized advertising is not possible with FAST.FAST establishes a connection between a click on an advertising medium, e.g., an advertisement, and an action, e.g., a purchase or a registration.
The information transmitted to us is used solely for the purpose of correctly assigning the success of an advertising medium and the corresponding billing.
FAST does not store cookies or cookie-like data on your terminal device.
When generating the device fingerprint, only non-personal parameters are merged (browser settings, time zone, CPU class, color depth, browser language, etc.).
- Scope and description of the processing of data when using Google Ads / Microsoft Ads
In the case of an action, the order number and the shopping cart value of the order are usually also transmitted and stored by us for 90 days. Personal data such as name, telephone number or address are explicitly not collected or stored.In addition, the following values may be transmitted:
– ID (consecutive number)
– ClickID
– Time of purchase
– Currency
– Conversion name (store order or lead)The processing of the Device Fingerprint takes place on the server of the respective customer. In case of integration via Google Tag Manager, the device fingerprint is processed via the Smarketer Host-Europe server in Strasbourg.
Through high security standards, such as an HTTPS connection, the sending of the conversion data takes place on our HOST-Europe server located in Strasbourg. The transfer of the export file and the processing of the data (ClickID, conversion name, timestamp, order value, currency) is done according to Google Ads / Microsoft Ads on an American server.
The software is set so that no profiling takes place.
- Purposes of processing
The information transmitted to us serves the sole purpose of a correct allocation of the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO. - Duration of storage
The data of the processing described here will be automatically deleted after a storage period of maximum 90 days.Operator:
Name: Smarketer GmbH
Postal address: Alte Jakobstraße 83/84, 10179 Berlin, Germany
E-mail: info@smarketer.de - Objection and removal possibility
You can prevent tracking by using an opt-out link on the respective page to disable FAST tracking.
Use of Instagram
We promote the service Instagram on our website. Instagram is a service of Instagram Inc. By means of the integrated “Insta” button on our page, Instagram receives the information that you have accessed the corresponding page of our website. If you are logged into Instagram, Instagram may assign the visit to our site to your Instagram account and link the data by this means. The data transmitted by clicking the “Insta” button is stored by Instagram. You can find more information regarding the purpose and scope of data collection, its processing and use, as well as your related rights and settings options for protecting your privacy in the Instagram data protection notice under https://help.instagram.com/155833707900388.
To prevent your visit to our site from being accessed by your Instagram account, you must log out of your Instagram account before visiting our site.
YouTube Plugins
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
PayPal
We use PayPal as one of our payment processors. You must agree to PayPal’s Acceptable Use Policy, Terms and Conditions and any other legal requirements of operating a PayPal account. Any information you provide to PayPal is subject to its policies and procedures as outlined in its privacy policy, and we are in no way responsible for PayPal’s use of your information or its privacy practices.
Mollie
We also use Mollie as one of our payment processors. Please see Mollie’s privacy statement at https://www.mollie.com/en/privacy
December, 2021