- Deutsch
- English
General Data Protection Policy
Overview
Welcome to www.niceshops.com ! As stipulated in Art 13, Art 14 GDPR as well as § 165 Abs 3 TKG, we'll comprehensively inform you about how your data is processed in this section. Please familiarise yourself with how your personal data (hereinafter referred to as "data") is processed and why, when you:
Visit our website
Subscribe to our online advertising channels
Contact us
Use our webshop
Have a business relationship with us, as well as
How long your data will be stored
Which data we collect from other sources (Art 14 GDPR)
Whether automated decision-making takes place
What rights you have in regard to data processing and
Who the data controller is, the contact details of our Data Protection Officer, and how you can contact us.
For residents of Switzerland: The declarations in this Data Protection Policy also apply mutatis mutandis to persons resident in Switzerland and also fulfil all the data requirements stipulated in Art. 19 of the Swiss Data Protection Act. The terms "personal data", "processing" and "processor" in the Swiss Data Protection Act correspond to the terms "personal data", "processing" and "processor" in the GDPR.
For residents of the United Kingdom: The declarations in this Data Protection Policy also apply mutatis mutandis to persons resident in the United Kingdom and also fulfil the data requirements stipulated in the UK-GDPR.
We may update this data protection policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons.
1) What data do we process when you visit our website?
When you visit our websites, the following categories of your data may be processed:
Selected language
Browser type
Type of end device used to access the site
Operating system
Country
Date, time and duration of access
Partially masked IP address
Pages visited on our website, including entry and exit pages
Data that you enter via a contact form
These categories of data are processed only to the extent necessary in each case. The processing of this data is justified by our legitimate interest in operating our website (Art 6 Para 1 lit f GDPR).
To operate our websites, it may be necessary for us to transmit your data to the following recipients:
Service provider and data protection information of the provider: Hetzner Online GmbH
Description: Website hosting including backup storage
Place of processing: EU/EEA
Legal basis for data transmission: Order processing as per Art. 28 GDPR
Service provider and data protection information of the provider: storyblok GmbH
Description: Website hosting
Place of processing: EU/EEA
Legal basis for data transmission: Order processing as per Art. 28 GDPR
Cookies and other "third party services"
The above categories of data may also be processed by "cookies" or other third party services. Cookies are small text files that are stored on your device and contain information such as personal settings, preferences or browsing history that can be quickly retrieved by the web server at a later time.
"Technical" cookies are used solely to ensure the functionality of our website and do not require your consent. For example, they enable you to place items in your shopping basket or log into your customer account. We use these technical cookies only to the extent absolutely necessary. The placement of these technical cookies is necessary due to pre-contractual measures (Art 6 Para 1 lit b GDPR) or are justified by our overriding legitimate interest in the functionality of our website (Art 6 Para 1 lit f GDPR).
In addition to these technical cookies, we may also use "third party services" (e.g. "marketing cookies", "analysis cookies", "non-essential cookies", "pixels", "fingerprinting", "local/session storage" or similar technologies) subject to your prior voluntary consent. These services enable us to better understand and evaluate your interests. With the help of these services, we can merge your surfing behaviour beyond the boundaries of our website with data from other websites. This enables us to better understand the interests of visitors to our websites and to address them in a more targeted manner. The relevant categories of your data necessary for this purpose will also be transmitted to the respective service provider. We respect that not every visitor to our website wants this. Therefore, we only process your data through these third party services if you give us your consent to do so.
Your consent to the processing of your data by services that process your data within the EU or the EEA, or in countries for which there is a valid EU adequacy decision as stipulated in Art. 45 GDPR, is based on Art 6 Para 1 lit a GDPR. Such an adequacy decision ensures an adequate level of data protection based on a decision of the European Commission.
The European Commission published an adequacy decision for the USA on 10 July 2023. According to the "EU-US Data Privacy Framework (EU-US DPF)", data transfers to those service providers in the USA that are certified in accordance with the "Data Privacy Framework (DPF) Program" are adequate.
Your consent to the processing of your data by services that process your data in countries outside the EU or the EEA for which no such adequacy decision exists or by US service providers that are not (yet) certified in accordance with the "Data Privacy Framework (DPF) Program" is based on Art 6 (1) lit a in conjunction with Art 49 (1) lit a GDPR (except in certain cases). Your rights regarding the processing of your data in such cases cannot be guaranteed, which we hereby expressly point out prior to your consent.
You can manage all your consents or revoke them at any time using our "Cookie Banner". This is the pop-up window that appears the first time you visit our website and which you can call up again at any time by clicking on the "Cookie Settings" link in the footer section located at the bottom of our website pages. You can also independently revoke your consent at any time by deleting the activated services from the browser of your device. In both cases, however, the data processing that took place until the time of revocation remains justified.
The following third-party services will be activated on our website subject to your consent. The third party services available for selection on www.niceshops.com are listed under the "Cookie Banner" window that pops up when we ask for your consent:
Service: Google Analytics
Description: Analysis and statistical evaluation of the website (under settings that respect data protection, in particular by deactivation of Google Signals, User ID, personalised ads, data release for Google products and services as well as restriction of the collection of location and device data to individual regions)
Duration of storage: maximum 14 months
Place of processing: EU/EEA, US
Legal basis for data transfer: Data processing as stipulated in Art. 28 GDPR under certification of the service provider as per the Data Privacy Framework (DPF) Program
Service provider and data protection information of the provider: Google Ireland Limited
Service: LinkedIn Insight Tag
Description: Performance measurement and optimisation of online advertising (the provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service)
Duration of storage: up to 6 months
Place of processing: EU/EEA, US
Legal basis for data transfer: Data processing as per Art. 28 GDPR under certification of the service provider as per the Data Privacy Framework (DPF) Program
Service provider and data protection information of the provider: LinkedIn Ireland Unlimited Company
Service: Meta Pixel
Description: Performance measurement and optimisation of online advertising (the provider may use the data collected to contextualise and personalise the ads of its own advertising network, especially if you are logged into an existing account of the service)
Duration of storage: up to 3 months
Place of processing: EU/EEA, US
Legal basis for data transfer: Joint responsibility as stipulated in Art 26 GDPR under the conclusion of a joint responsibility agreement under certification of the service provider as per the Data Privacy Framework (DPF) Program. The provider is the contact point for exercising the rights as stipulated in Art 15-20 GDPR.
Service provider and data protection information of the provider: Meta Platforms Ireland Limited
Service: Vimeo
Description: Playing Vimeo video services
Duration of storage: up to 24 months
Place of processing: USA
Legal basis for data transfer: Data processing as per Art. 28 GDPR under certification of the service provider as per the Data Privacy Framework (DPF) Program
Service provider and data protection information of the provider: Vimeo.com, Inc
2) What data do we process when you subscribe to our online advertising channels?
E-mail newsletter
The following categories of data may be processed (in addition to the data processed during your visit to our website) when you subscribe to our newsletters over e-mail:
E-mail address
Favourite products that match your personal choice
The processing of this data is based on your voluntary consent (Art 6 Para 1 lit a GDPR). You can revoke this consent at any time by unsubscribing via the link provided in each newsletter or via your existing customer account, whereby the data processed up to the time of revocation remains justified. You are not obliged to provide this data, but we cannot provide you with a newsletter subscription without it.
In order to send our e-mail newsletters, it may be necessary for us to transmit your data to the following recipients:
Service provider and data protection information of the provider: Amazon Web Services EMEA SARL
Description: Sending the e-mail newsletter
Place of processing: EU/EEA
Legal basis for data transmission: Order processing according to Art. 28 GDPR
Service provider and data protection information of the provider: SendinBlue GmbH
Description: Sending the e-mail newsletter
Place of processing: EU/EEA
Legal basis for data transmission: Order processing according to Art. 28 GDPR
Matching customer data with online advertising providers
For subscribing to advertisements via external online advertising providers, the following categories of data may be processed in addition to the data processed during your visit to our website:
E-mail address
Telephone number
First name
Surname
Country
Postal code
Shopping habits and favourite products
On the basis of your prior voluntary consent, we may send you targeted advertisements outside of our websites via advertising channels of the online advertising providers listed below, if you are registered with these providers yourself or use their services. For this purpose, we use your personal data in encrypted form to match it with the customer database of the respective providers. However, we only use data that has been anonymised with an encryption process, thus ensuring that providers who were not already in possession of your data will never receive your data. To accomplish this, we encrypt your data using a hashing process before your data is transmitted to the providers, which results in the generation of a non-reversible character string (hash value) that does not allow any conclusions to be drawn about your data. Only this hash value is transmitted to the providers. The providers encrypt their data using the same method. We then compare our hash value with the hash values of the providers. If this matches the hash value of one or more providers, we can be certain that you are already using the services of the respective provider and that we can therefore send you targeted ads through their advertising channels.
Your consent to processing your data by services that process your data within the EU or the EEA or in countries for which a valid EU adequacy decision as per Art 45 GDPR exists is based on Art 6 para 1 lit a GDPR. Such an adequacy decision ensures an adequate level of data protection based on a decision of the European Commission.
For the USA, the European Commission published an adequacy decision on 10 July 2023. According to the "EU-US Data Privacy Framework (EU-US DPF)", data transfers to those service providers in the USA that are certified as per the " Data Privacy Framework (DPF) Programme " are considered adequate.
Your consent to the processing of your data by services that process your data in countries outside the EU or the EEA for which no such adequacy decision exists or by US service providers that are not (yet) certified under the "Data Privacy Framework (DPF) Program" is based on Art 6 para 1 lit a in conjunction with Art 49 para 1 lit a GDPR (exceptions for certain cases). Your rights concerning the processing of your data in such cases cannot be guaranteed, which we hereby explicitly point out before you give your consent.
We may send you targeted advertisements via the channels of the following online advertising providers, subject to your prior consent. You can revoke your consent at any time via the settings in the footer section located at the bottom of our website pages, whereby the data processing carried out up to the time of revocation remains justified.
Service: Google Customer Match
Place of processing: EU/EEA, USA
Service provider and data protection information of the provider: Google Ireland Limited
Service: Microsoft Customer MatchOrt der
Place of processing: EU/EEA, USA
Service provider and data protection information of the provider: Microsoft Corporation
Service: Meta Custom Audiences
Place of processing: EU/EEA, USA
Service provider and data protection information of the provider: Meta Platforms Ireland Limited
Service: LinkedIn Matched Audiences
Place of processing: EU/EEA, USA
Service provider and data protection information of the provider: LinkedIn Ireland Unlimited Company
Service: Criteo audience match
Place of processing: EU/EEA
Service provider and data protection information of the provider: Criteo SA
Service: TikTok Custom Audience
Place of processing: EU/EEA, USA, China
Service provider and data protection information of the provider: TikTok Technology Limited
Service: Pinterest customer list
Place of processing: EU/EEA
Service provider and data protection information of the provider: Pinterest Europe Ltd.
3) What data do we process when you contact us?
When you contact us, the following categories of your data may be processed (in addition to the data processed during your visit to our website):
Name
Contact details
E-mail address
Telephone number
Any order data
Correspondence data, including any data you provide to us during communication
We process this data for the following purposes:
Handling customer inquiries, customer care and other customer support services via e-mail, chat or telephone.
These categories of data are processed to the extent necessary for each case. The processing of this data is justified by our overriding legitimate interest in efficient and satisfactory communication as well as in protection against spam and the misuse of our contact forms (Art 6 Para 1 lit f GDPR).
For this purpose, it may be necessary for us to transmit your data to the following recipients:
Service provider and data protection information of the provider: Freshworks Inc.
Description: Customer inquiries and customer care services via email or chat
Place of processing: EU/EEA, occasionally USA if you contact us via social media platforms
Legal basis for data transmission: Order processing as stipulated in Art. 28 GDPR under certification of the service provider as per the Data Privacy Framework (DPF) Program
Service provider and data protection information of the provider: CallOne GmbH
Description: Customer inquiries and customer care services via telephone
Place of processing: EU/EEA
Legal basis for data transmission: Order processing per Art. 28 GDPR
Service provider and data protection information of the provider: Friendly Captcha GmbH
Description: Protection against spam and the misuse of our contact forms
Place of processing: EU/EEA
Legal basis for data transmission: Order processing per Art. 28 GDPR
4) What data do we process when you use our webshops?
When you use our webshops, the following categories of your data may be processed in addition to the data processed during your visit to our website:
Name
Contact details
Billing and shipping address
E-mail address
Telephone number
Order and delivery data
Account and payment data
Assigned customer account number
Data that you enter via a contact form
Correspondence data, including all data you provide in connection with your order
Date of birth (in the case of legally required proof of age)
We process this data for the following purposes:
Processing the entire contractual relationship with you
Transfer of orders to payment service providers
Commissioning shipping or forwarding services, including drop-shipping
Communication for processing orders
Legally required storage as defined by the § 132 BAO (Federal Fiscal Code)
Legally permitted direct advertising (e.g.: per mail, e-mail, satisfaction surveys, congratulatory letters, statistical evaluations); We would like to expressly inform you that you can object to the processing of your data for the purpose of direct advertising
Prevention and clarification of cases of fraud or attempted fraud
Assertion and defence of legal claims
Processing these categories of data occurs to the extent necessary in each case and is required for the fulfilment of the contract (Art 6 para 1 lit b GDPR) or is justified by our overriding legitimate interest in smoothly running our business (Art 6 para 1 lit f GDPR).
It may be necessary for us to transmit your data to the following recipients as required for use in our webshops:
Service provider and data protection information of the provider: Credit card companies, banks, payment service providers (data protection information as stated in the website of the selected service provider)
Description: payment processing of orders
Place of processing: Usually EU/EEA – but also third countries in exceptional cases
Legal basis for data transmission: Fulfilment of contract (Art 6 Para 1 lit b GDPR). If the recipient is in a third country without a valid adequacy decision – Art 49 Para 1 b and e GDPR
Service provider and data protection information of the provider: Logistics service providers (data protection information as stated on the website of the selected provider)
Description: Transportation and delivery of orders
Place of processing: Usually EU/EEA – but also third countries in exceptional cases
Legal basis for data transmission: Fulfilment of contract (Art 6 Para 1 lit b GDPR). If the recipient is in a third country without a valid adequacy decision – Art 49 Para 1 b and e GDPR
Service provider and data protection information of the provider: Drop-shipping or route service providers (data protection information as stated on the website of the selected provider)
Description: Execution of orders for products that are not in stock and transfer to logistics service providers for transport
Place of processing: Usually EU/EEA – but also third countries in exceptional cases
Legal basis for data transmission: Fulfilment of contract (Art 6 Para 1 lit b GDPR). If the recipient is in a third country without a valid adequacy decision – Art 49 Para 1 b and e GDPR
Service provider and data protection information of the provider: Debt collection service providers (data protection information as stated on the website of the service provider)
Description: Collecting outstanding debts if required
Place of processing: Usually EU/EEA countries, but also third countries in exceptional cases
Legal basis for data transmission: Overriding legitimate interests (Art 6 Para 1 lit f GDPR). If the recipients are in a third country (non-EU) without a valid adequacy decisions - Art. 49 Para 1 lit e GDPR
Service provider and data protection information of the provider: Amazon Web Services EMEA SARL
Description: Sending automated emails
Place of processing: EU/EEA
Legal basis for data transmission: Overriding legitimate interests (Art 6 Para 1 lit f GDPR), order processing in accordance with Art 28 GDPR
Customer Account
You have the option of registering for a customer account on our websops. If you choose to do so, the following categories of your data may also be processed:
Order history and wish lists
Product data (ratings, testimonials, questions, and answers about products)
Assigned customer number
Customer segmentation
We process this data for the following purposes:
Storage of your information in your customer account, including the publication of your ratings, reviews, questions, and answers about products, insofar as you do this independently
Customer segmentation carried out to offer benefits or discounts.
This data is processed based on your voluntary consent (Art 6 para 1 lit a GDPR) and is justified by our overriding legitimate interest in evaluating our product reviews and customer segmentation (Art. 6 Para. 1 lit f GDPR). You may revoke your consent to the storage of your customer account at any time, whereby the data processed up to the time of revocation remains justified. To delete your customer account and all personal data stored in it, you can select the menu item "Delete my customer account" in your customer account. You are not obliged to register for a customer account, but we cannot provide you with the additional services mentioned above without a customer account.
Sovendus Voucher Network
Based on your prior voluntary consent (Art 6 para 1 lit a GDPR) to the third-party service "Sovendus" through our "cookie banner" (see section 1), we can display offers to you from the Sovendus voucher network after you have completed an order. The pseudonymised and encrypted hash value of your e-mail address and your IP address will be transmitted to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany (legal basis Sovendus: Art 6 para 1 lit f GDPR) for this purpose. The pseudonymised hash value of your email address will be used to take into consideration any objections to advertising from Sovendus (Art 21 (3), Art 6 (1) (c) GDPR). Sovendus will use the pseudonymised hash value of your IP address exclusively for data security purposes which will be usually anonymised after seven days (Art 6 para 1 lit f GDPR). Furthermore, for billing purposes, the order number, order value with currency, session ID, coupon code and time stamp will be transmitted to Sovendus in pseudonymised form (Art 6 para 1 lit f GDPR). If you wish to take advantage of a voucher offer from Sovendus and have not objected to advertising material being sent to your email address, and if you click on the voucher banner that is only displayed in this case, we will also transmit your name, postcode, country and e-mail address in encrypted form to Sovendus for use in the preparation of your voucher (Art 6 Para 1 lit b, lit f GDPR). For more information on the processing of your data by Sovendus, please refer to the online privacy notice at Sovendus.
5) What data do we process if you have a business relationship with us
If you have a business relationship with us as a partner or supplier, we may process the following categories of your data:
Company date
Name
Contact details
E-mail address
Telephone number
Business data, order, delivery and invoice data
Correspondence data, including all data that you provide to us in connection with our business relationship
We process this data for the following purposes:
The initiation, maintenance and processing of our entire business relationship with you (e.g. pre-contractual obligations, invoicing of services, dispatch of documents, communication for processing the contract).
Legally required storage as defined by the § 132 BAO (Federal Fiscal Code)
Internal administration and management of our business relationship to the extent required (e.g.: Processing your business case, forwarding business cases to various departments, filing, archiving purposes, correspondence with you).
Assertion and defence of legal claims
These categories of data are processed to the extent necessary in each case. If you do not provide us with this data, we will unfortunately not be able to process your business transaction.
Processing this data is necessary for the contractual fulfilment of our business relationship (Art 6 Para 1 lit b GDPR), necessary for the fulfilment of our legal obligations in connection with retention periods (Art 6 para 1 lit c GDPR) or justified by our overriding legitimate interest smoothly running our business (Art 6 Para 1 lit f GDPR).
6) How long will your data be stored?
We only store your data for as long as is necessary for the purposes for which we collected your data. In this context, statutory retention obligations must be taken into account. For example, for reasons of tax law, contracts, order data or other documents from a contractual relationship must generally be retained for a period of seven years (§ 132 BAO). Your name, address, goods purchased and date of purchase will also be stored until the product liability expires (after 10 years according to § 13 Product Liability Law). In justified individual cases, such as for the assertion and defence of legal claims, we may also store your data for up to 30 years after the termination of the business relationship.
We store the data that we process in the course of contacting you for up to three years from the time you last contacted us.
7) Collection of data from other sources (Art 14 GDPR)
Data is only collected from other sources if you wish to enter into a business relationship with us as a partner or supplier in accordance with point 5. For this purpose, it may be necessary to carry out research on the business partner. This will only be done to the extent required. For this purpose, data may be retrieved and processed from the following sources:
Source: Company website
Public? Yes
Affected data: Contact/Structure data
Purpose/Justification: Contact for business purposes
Source: Contractor
Public? No
Affected data: Name, address, phone number
Purpose/Justification: Contract fulfilment, delivery
8) Does automated decision-making or profiling take place (Art 13 para 2 lit f GDPR)?
No automated decision-making takes place on our websites. However, over the course of the ordering process, it is possible that the respective payment service provider uses profiling for fraud detection.
9) What rights do you have in regard to data processing?
We would like to inform you that, provided that the legal requirements are met, you have the right to:
request information about what personal data we're processing (see Art 15 GDPR for more details)
demand the correction or completion of incorrect or incomplete data concerning you (see Art 16 GDPR for more details)
delete your data (see Art 17 GDPR for more details), provided there are no legitimate reasons to the contrary
restrict the processing of your data (see Art 18 GDPR for more details)
data portability - receipt of the data you have provided in a structured, common and machine-readable format (see Art 20 GDPR).
object to the processing of your data based on Article 6(1)(e) or (f) GDPR (see Art 21 GDPR). This applies particularly to the processing of your data for advertising purposes.
If we process your data on the basis of your consent, you have the right to revoke this consent at any time. This will not affect the lawfulness of the data processed up to that point (Art 7 (3) GDPR).
If, contrary to expectations, your right to lawful processing of your data is violated, please contact us. We will endeavour to deal with your request promptly, at the latest within the statutory period of one month. You also always have the right to lodge a complaint with the supervisory authority responsible for data protection matters.
10) Who is responsible for data protection and how can you contact us?
The person responsible for Data Processing as presented here (as stipulated in Art 4 Z 7 GDPR) is:
niceshops GmbH
Saaz 99
8341 Paldau
Austria
office@niceshops.com
CEO: Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler
For persons and authorities in the United Kingdom, a representative has been appointed for data protection matters of the niceshops Group as stipulated in Art 27 United Kingdom General Data Protection Regulation (UK GDPR). The contact details of our representative are:
Email: info@rgdp.co.uk
Post: RGDP LLP, Level 2, One Edinburgh Quay, 133 Fountainbridge, Edinburgh, EH3 9QG, Scotland.
When contacting our representative, please state "niceshops / {shop_domain}" in the subject line so your request can be promptly assigned.
Contact Details of the Data Protection Officer
You can contact the Data Protection Officer at the niceshops Groups by post at: niceshops GmbH, c/o The Data Protection Officer, Annenstrasse 23, 8020 Graz, Austria. Or via our contact form:
Please enter the reason for your inquiry
Social Media Privacy Policy
Overview
Welcome to www.niceshops.com ! As per Art 13, Art 14 GDPR and Section 165 Paragraph 3 TKG, we will provide you with comprehensive information about how your data is processed when you visit our social media profiles. Please familiarise yourself with how your personal data (hereafter referred to as "data") is processed and why. Here you will find out:
What data is processed when you visit our social media platforms
About the purposes and legal basis
Which social media platforms we can use and whether there is joint responsibility
How long your data will be stored
What rights you have in regard to how we process your data
who is responsible for data protection and how to contact us.
1) What data do we process when you visit our social media profiles?
The following categories of your data may be processed when you visit our social media profiles:
Country/city
Language
Age/gender
Previously visited websites
Type of end device used
User ID on the respective social media platform
Date and time of actions/interactions, such as when you
view, comment on, share, like, or otherwise interact with (including responding to) our profiles, posts, videos, stories, or other content associated with our profiles,
send direct messages to our profiles;
We can only obtain information about your social media profile or your person if you actively interact with our profiles when you are logged in with your social media profile. Additional data, such as views, is only made available to us anonymously by the respective social media platform and it is, therefore, impossible for us to draw conclusions about your person.
2) Purposes and Legal Basis
We process your data for the following purposes and legal basis:
To set up and manage our social media profiles to promote our products, increase awareness of our presence, and enable interaction among and with visitors to our profiles. The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR).
To process customer inquiries, customer care and other customer support services via our social media profiles. The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR) and occasionally necessary for the fulfillment of the contract (Art 6 Para 1 lit b GDPR).
For anonymous analysis of the use of our social media profiles to optimise our online presence. The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR).
To conduct and promote contests to promote our products and increase awareness of our presence (contests are never linked to social media platforms and are in no way sponsored, endorsed or organised by social media platforms). The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR) and occasionally necessary for the fulfillment of the contract (Art 6 Para 1 lit b GDPR).
Legally required storage according to § 132 BAO (Federal Tax Code in Austria). The processing is necessary to fulfill our legal obligations (Art 6 Para 1 lit c GDPR).
Prevention and investigation in cases of fraud or attempts at fraud. The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR).
Assertion and defense of legal claims. The processing is justified by our overriding legitimate interest in the aforementioned purposes (Art 6 Para 1 lit f GDPR).
3) Which social media platforms can we use and is there joint responsibility?
First of all, we would like to point out that you are responsible for your interactive use of social media platforms. However, when you visit or interact with our profiles on the following social media platforms, the following information is relevant:
Facebook und Instagram
Social media platforms Facebook and Instagram (both are Meta Group platforms) are operated in Europe by Facebook Ireland Limited located at 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Here you will find information regarding general data policy at Meta . Under certain circumstances, we are jointly responsible for processing your data to generate page insights in relation to a visit or other interaction with any of our Facebook or Instagram pages or related content.
Facebook Ireland Limited provides us, as a site operator, with statistics and insights that help us obtain detailed information on the types of actions people take on our sites ("Page Insights"). Page Insights are aggregate statistics generated by specific events recorded by Facebook or Instagram servers when people interact with pages or the content associated with them. As a site operator, we do not have access to the data processed in the context of these events, but only to the summarised Page Insights.
We have entered into an agreement with Facebook Ireland Limited that establishes what obligations are fulfilled by each of us under GDPR. You agree that Facebook Ireland is responsible for providing you with information about the processing of Page Insights and for enabling you to exercise your rights under GDPR. However, you are free to contact any of the parties.
YouTube
YouTube is a video platform operated in Europe by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. You can find the privacy policy at Google here.
We use YouTube to play videos. YouTube has the option to process your personal data when you visit our YouTube profiles where YouTube acts as an independent data controller. "YouTube Analytics" allows us to view anonymous statistics on the use of our YouTube channels without knowing who the users are.
Twitter is a social media platform operated in Europe by Twitter International Company, based at 1 Cumberland Place, Fenian St, Dublin 2, D02 AX07, Ireland. You can find the privacy policy at Twitter here.
When you visit our Twitter profiles, Twitter has the option to process your personal data, as Twitter acts as the data controller independently. "Twitter Analytics" allows us to view anonymous statistics on the use of our Twitter profiles without knowing who the users are.
TikTok
TikTok is a social media platform operated in Europe by TikTok Technology Limited, located at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. You can find the privacy policy at TikTok here. Under certain circumstances, we are jointly responsible for processing your data to create measurement reports and insights about a visit or other interactions with any of our TikTok pages or related content.
TikTok Technology Limited provides us, as the site operator, with statistics and insights that help us understand the types of actions people take on our sites ("Measurement and Insight Reporting"). Measurement and Insight Reports are aggregate statistics generated by specific events recorded by TikTok servers when people interact with pages and the content associated with them. As a site operator, we do not have access to the data processed in the context of events, but only to the summarised Measurement and Insight Reports.
We have entered into an agreement with TikTok Technology Limited that establishes what obligations are fulfilled by each of us under GDPR. It has been agreed that TikTok Technology Limited is responsible for providing you with information on the processing of Measurement and Insight Reports and for enabling you to exercise your rights under the GDPR. However, you have the right to contact any of the parties.
The LinkedIn social media platform is operated in Europe by LinkedIn Ireland Unlimited Company, located at Wilton Place, Dublin 2, Ireland. You can find the privacy policy at LinkedIn here. Under certain circumstances, We are jointly responsible for processing your data to create Page Insights in connection with a visit or other interactions with any of our LinkedIn pages or related content.
LinkedIn Ireland Unlimited Company provides us, as the site operator, with statistics and insights that help us obtain detailed information on the types of actions people take on our sites ("Site Insights"). Measurement and Insight Reports are aggregate statistics created on the basis of specific events recorded by LinkedIn's servers when people interact with the pages and content associated with them. As a site operator, we do not have access to the data processed in the context of events but only to the summarised measurement and insight reports.
We have entered into an agreement with LinkedIn Ireland Unlimited Company that establishes what obligations are fulfilled by each of us under GDPR. It is agreed that LinkedIn Ireland Unlimited Company is responsible for providing you with information on the processing of page insights and for enabling you to exercise your rights under the GDPR. However, you have the right to contact any of the parties.
Pinterest is a social media platform operated in Europe by Pinterest Europe Ltd., located at Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. You can find the privacy policy at Pinterest here .
Pinterest has the option to process your personal data when you visit our Pinterest profiles with Pinterest acting as an independent data controller. "Pinterest Analytics" allows us to view anonymous statistics on the use of our Pinterest profiles without identifying who the users are.
Discord
Discord is a social media platform operated by Discord Inc., located at 444 De Haro Street, Suite # 200, San Francisco, CA 94107, USA. You can find the privacy policy at Discord here .
Discord has the option to process your personal data when you visit our Discord profiles with Discord acting as an independent data controller. "Server Insights" provide us anonymous statistics on the use of our Discord profiles without revealing the identities of the users.
4) How long is your data stored?
Data entered by you on social media platforms remain stored there until they are deleted by you or the social media platform.
We store your data for only as long as is necessary for the purposes for which we collected your data. In this context, statutory storage obligations must be taken into account - e.g. for tax reasons, contracts, order data or other documents from a contractual relationship must be stored for a period of seven years (§ 132 BAO - Austria's Federal Tax Code). In justified individual cases, such as for the assertion and defence of legal claims, we may also store your data for up to 30 years after the termination of the business relationship.
5) What are your rights regarding data processing?
We would like to inform you that, provided the legal requirements are met, you have the right to
request information about what personal data we are processing (see Art 15 GDPR for details)
request the amendment of your data that is incorrect or incomplete (see Art. 16 GDPR for details)
delete your data (see Art 17 GDPR for details), provided there are no conflicting reasons that require the data to be retained
restrict the processing of your data (see Art 18 GDPR for details)
data portability - receipt of the data you have provided in a structured, common and machine-readable format (see Art 20 GDPR for details)
object to the processing of your data based on Art 6 para 1 letter e or f GDPR (see Article 21 GDPR for details). This applies particularly to the processing of your data for advertising purposes
If we process your data on the basis of your consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of the data processing that has taken place up to that point (Art 7 para 3 GDPR).
If, contrary to expectations, your right to the lawful processing of your data is violated, please contact us. We will endeavour to process your request immediately, but within the statutory period of one month at the latest. You also have the right to lodge a complaint with the supervisory authority responsible for data protection matters concerning you.
6) Who is responsible for data protection and how can you contact us?
The person responsible for data protection with regard to our social media profiles in accordance with Art 4 Z 7 GDPR is:
niceshops GmbH
Saaz 99
8341 Paldau
Austria
office@niceshops.com
CEO Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler
For persons and authorities in the United Kingdom, a representative has been appointed for data protection matters of the niceshops Group as stipulated in Art 27 United Kingdom General Data Protection Regulation (UK GDPR). The contact details of our representative are:
Email: info@rgdp.co.uk
Post: RGDP LLP, Level 2, One Edinburgh Quay, 133 Fountainbridge, Edinburgh, EH3 9QG, Scotland.
When contacting our representative, please state "niceshops / {shop_domain}" in the subject line so your request can be promptly assigned.
Contact Details of the Data Protection Officer
You can contact the Data Protection Officer at the niceshops Groups by post at: niceshops GmbH, c/o The Data Protection Officer, Annenstrasse 23, 8020 Graz, Austria. Or via our contact form:
Please enter your query
Data protection policy for job applicants
By applying to niceshops GmbH or the niceshops Group, i.e. to one of the legally independent companies in a business relationship with niceshops GmbH (hereinafter referred to as "niceshops"), you are providing us with some of your personal data (hereinafter referred to as "data").
Data protection is very important to us. In compliance with our legal obligations under the EU General Data Protection Regulation (GDPR), we have taken the necessary technical and organisational measures to ensure the confidentiality of your application and your data.
What data do we process and for what purpose?
During your application process, in addition to your title and name, the usual correspondence data such as postal address, e-mail address and telephone number are stored in our applicant database. In addition, the application documents you provide to us, such as your letter of motivation, curriculum vitae, vocational, educational and further training qualifications, references and all other data submitted to us, are recorded and stored. This data is stored, evaluated, processed or forwarded exclusively within the framework of your application process. They are only accessible to the responsible members of our personnel department, the persons responsible for the selection of niceshops and, if applicable, the tax advisors commissioned. It is only accessible to the responsible employees of our human resources department, the persons responsible for the selection of niceshops and, if applicable, the tax advisors commissioned. Under no circumstances will your data be used for purposes other than those listed here.
You are not obliged to provide us with your data. However, if you do not do so, it will not be possible for us to carry out the application process with you.
How long will my data be stored?
We will store your data for the duration of your application process or until you revoke your consent to keep it on file (if you have given us such consent).
Irrespective of this, we will store your data for as long as there are legal obligations to retain it or any legal claims for the assertion or defense of which the data is required have not yet expired.
In the event of employment with us, your data, or excerpts thereof, will be placed in your personnel file.
Can my application be kept on file?
If you have applied and we are unable to offer you a suitable position at the time, we may keep your application on file with us in case of mutual interest. However, to keep your application on file, we will need your express consent as per Art 6 para 1 lit a GDPR. If necessary, we will provide you with a consent form during the application process which you must sign and return to us.
You are neither obliged to give this consent nor does the submission of your consent have any influence on the filling of a position. You can revoke your consent at any time. To do so, you can contact the relevant department.
Does automated decision-making take place as stipulated in Art 22 GDPR?
Automated decision-making based on your data, including profiling, does not take place.
On what legal basis is my data processed?
We process your data on the legal basis of the need to carry out pre-contractual measures (Art 6 para 1 lit b GDPR) and on the basis of our overriding legitimate interest in carrying out an efficient application process (Art 6 para 1 lit f GDPR).
Who can my data be forwarded to?
Recipient: Tax consultant
Description: Calculation of salaries and preparation of service contracts
Place of processing: EU
Legal basis for data transfer: Art 6 Abs 1 lit b GDPR (necessary for the implementation of pre-contractual measures)
Recipient and, if applicable, recipient's data protection information: BambooHR LLC
Description: Management of job offers and applications
Place of processing: EU
Legal basis for data transfer: Art 6 para 1 lit f GDPR (overriding legitimate interest in an efficient application process), data processing as per Art 28 GDPR under certification of the service provider as per the Data Privacy Framework (DPF) Program
What are my rights as an applicant with regard to my data?
Provided the legal requirements are met, you have the right to
request information about what personal data we're processing (see Art 15 GDPR for more details)
demand the correction or completion of incorrect or incomplete data concerning you (see Art 16 GDPR for more details)
delete your data (see Art 17 GDPR for more details), insofar as this does not conflict with any obligations to retain it
restrict the processing of your data (see Art 18 GDPR for more details)
data portability - receipt of the data you have provided in a structured, commonly used and machine-readable format (see Art 20 GDPR for details)
object to the processing of your data based on Art 6(1)(e) or (f) GDPR (see Art 21 GDPR). This applies particularly to the processing of your data for advertising purposes.
If we process your data on the basis of your consent, you have the right to revoke this consent at any time. This will not affect the lawfulness of the data processed up to that point (Art 7 (3) GDPR).
If, contrary to expectations, your right to the lawful processing of your data has been violated, please contact us. We will endeavour to deal with your request immediately, within the statutory period of one month at the latest. You also reserve the right to lodge a complaint with the supervisory authority responsible for data protection matters concerning you.
Who is responsible for my data?
The person responsible for processing the data in your application as defined in Art 4 Z 7 GDPR is:
niceshops GmbH
Saaz 99
8341 Paldau
Austria
office@niceshops.com | jobs@niceshops.com
CEO: Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler
Contact Details of the Data Protection Officer
You can contact the Data Protection Officer at the niceshops Groups by post at: niceshops GmbH, c/o The Data Protection Officer, Annenstrasse 23, 8020 Graz, Austria. Or via our contact form:
Please enter your query
Data Protection Policy for Events
We, niceshops GmbH and the niceshops group ("niceshops"), are very pleased to welcome you to one of our events!
In accordance with Art 13, Art 14 GDPR as well as § 165 para 3 TKG , we'll provide comprehensive information here about all data processing that may take place in the context of your visit to one of our events.
Purpose
Photos and videos will be taken at our events to document the event, among other things, and will therefore also depict people present at the event in question. It is possible that you or other people may appear in individual photos and videos. We also intend to publish selected footage on our websites, our social media channels and in print media for public relations purposes and to showcase the activities of niceshops in order to raise our profile.
Legal basis
As a rule, our legitimate interests are predominant, as the persons depicted are in the public sphere, were informed in advance and at the event about the taking and use of the photos, and care is taken both while taking and publishing the photos that no legitimate interests of persons depicted are violated. If the rights and freedoms of a person depicted are violated for reasons particularly worthy of consideration, we will take appropriate measures to refrain from further processing. That which has already been issued in the print media cannot be deleted. Deletion on our websites or our social media channels will be carried out within the scope of technical possibilities.
Categories of recipients
Departments at niceshops responsible for processing and publication
The recordings may be made available to the public via our websites, social media channels and print media.
Period of storage
The data will be deleted as soon as they are no longer useful for the purposes of public relations due to lost relevance.
Rights of the data subject
As a data subject, you have the right to information, correction, deletion, restriction, objection and data portability within the framework of the legal provisions.
If, contrary to expectations, your right to the lawful processing of your data is violated, please contact us. We will endeavour to deal with your request promptly, at the latest within the statutory period of one month.
You also reserve the right to lodge a complaint with the supervisory authority responsible for data protection matters concerning you.
Who is the responsible person and how can you get in touch with us?
The person responsible for data processing during visits to our events as defined under Art 4 Z 7 GDPR is:
niceshops GmbH
Saaz 99
8341 Paldau
Austria
office@niceshops.com
CEO: Roland Fink, Mag. Christoph Schreiner, Barbara Unterkofler
Contact Details of the Data Protection Officer
You can contact the Data Protection Officer at the niceshops Groups by post at: niceshops GmbH, c/o The Data Protection Officer, Annenstrasse 23, 8020 Graz, Austria. Or via our contact form: