Privacy policy
Privacy Policy
Controller for Data Processing:
Crystalp GmbH
Austrasse 51
Fritzens
Austria
Phone: +43 5224 55550
We appreciate your interest in our online shop. The protection of your privacy is very important to us. Below, we provide you with detailed information on how we handle your data. The processing of your data is based on the GDPR and in accordance with § 165 para. 3 TKG.
1.Access Data and Hosting
You can visit our websites without providing any personal information. With each visit to a webpage, the web server automatically stores a so-called server log file, which includes, for example, the name of the requested file, your IP address, date and time of access, transferred data volume, and the requesting provider (access data), and documents the access. These access data are evaluated solely for the purpose of ensuring smooth operation of the site and improving our offer. This serves to safeguard our predominant legitimate interests in a correct representation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. All access data is deleted at the latest two weeks after the end of your visit to our site.
2.Data Processing for Contract Handling and Contact
2.1 Data Processing for Contract Handling
For the purpose of contract handling (including inquiries about and processing of any existing warranty and performance claims, as well as any legal obligation to update) in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data when you voluntarily provide it to us as part of your order. Mandatory fields are marked as such because we need these data for contract processing in these cases, and without their provision, we cannot send the order. The data collected can be seen from the respective input forms.
For more information about the processing of your data, especially regarding the transfer to our service providers for the purpose of order processing, payment, and shipping, please refer to the following sections of this privacy policy. After complete execution of the contract, your data will be restricted for further processing and deleted after the retention periods under tax and commercial law have expired, in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permissible and about which we inform you in this statement.
2.2 Customer Account
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to open a customer account, we will use your data for the purpose of opening the customer account and storing your data for future orders on our website. You can delete your customer account at any time, either by sending a message to the contact option described in this privacy policy or by using the function provided for this purpose in the customer account. After deleting your customer account, your data will be deleted, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permissible and about which we inform you in this statement.
2.3 Contact
As part of customer communication, we collect personal data in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us when contacting us (e.g. via contact form or email). Mandatory fields are marked as such because we need these data to process your contact request in these cases. The data collected can be seen from the respective input forms. After complete processing of your inquiry, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is legally permissible and about which we inform you in this statement.
3. Data Processing for the Purpose of Shipping
For the purpose of fulfilling the contract in accordance with Art. 6(1)(b) of the General Data Protection Regulation (GDPR), we disclose your data to the shipping service provider responsible for the delivery, to the extent necessary for the delivery of ordered goods.
4. Data Processing for Payment Processing
When processing payments in our online shop, we collaborate with the following partners: technical service providers, financial institutions, payment service providers.
4.1 Data Processing for Transaction Processing
Depending on the selected payment method, we provide the necessary data for processing the payment transaction to our technical service providers, who act as processors on our behalf, or to the appointed financial institutions or the chosen payment service provider, to the extent necessary for processing the payment. This is for the purpose of fulfilling the contract pursuant to Art. 6(1)(b) GDPR. In some cases, payment service providers collect the data required for payment processing themselves, e.g., on their own website or through technical integration in the order process. The data protection policy of the respective payment service provider applies in this regard. For questions about our partners for payment processing and the basis of our cooperation with them, please contact the contact information provided in this privacy policy.
4.2 Data Processing for the Purpose of Fraud Prevention and Optimization of Payment Processes
If necessary, we provide our service providers with additional data that they use along with the data necessary for payment processing as our processors for the purpose of fraud prevention and optimization of payment processes (e.g., invoicing, processing disputed payments, supporting accounting). This is for the purpose of safeguarding our predominant legitimate interests in fraud prevention or efficient payment management pursuant to Art. 6(1)(f) GDPR.
5. Cookies and Other Technologies
General Information
To make your visit to our website appealing and to enable the use of certain functions, display relevant products, or for market research purposes, we use so-called cookies on various pages. This serves to protect our predominant legitimate interests in an optimized presentation of our offers in accordance with Art. 6(1)(f) GDPR and is carried out in accordance with the legal provisions of § 96(3) of the Austrian Telecommunications Act (TKG). Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can find the duration of storage in the overview in your web browser's cookie settings. You can configure your browser to inform you about the setting of cookies and individually decide on their acceptance, or to exclude the acceptance of cookies for specific cases or in general. (Detailed instructions on how to configure your browser settings can be found below.) However, if you do not accept cookies, the functionality of our website may be restricted. Below you will find information about the cookies we use and how to configure your browser settings.
Privacy Protection on Devices
When using our online services, we use absolutely necessary technologies to provide the expressly desired telemedia service. The storage of information on your device or access to information already stored on your device does not require your consent.
For non-essential functions, the storage of information on your device or access to information already stored on your device requires your consent. We would like to point out that if you do not give your consent, parts of the website may not be fully usable. Any consent you have given will remain in effect until you adjust or reset the corresponding settings on your device.
Subsequent Data Processing through Cookies and Other Technologies We use technologies that are essential for the use of certain functions of our website (e.g., shopping cart function). These technologies collect and process IP addresses, time of visit, device and browser information, as well as information about your use of our website (e.g., information about the contents of your shopping cart). This serves to protect our predominant legitimate interests in an optimized presentation of our offers pursuant to Art. 6(1)(f) GDPR.
We also use technologies to fulfill legal obligations (e.g., to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.
If you have given your consent pursuant to Art. 6(1)(a) GDPR for the use of technologies, you can revoke your consent at any time by sending a message to the contact information provided in the privacy policy.
How can I configure my browser's cookie settings? Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers at the following links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
Types of Cookies Used:
Analytical / Performance Cookies: These cookies enable the collection of anonymized data about the usage behavior of our visitors. We then analyze this data to, for example, enhance the functionality of the website and display interesting offers to you.
Necessary Cookies: These cookies are essential to enable the operation of our website. They include, for example, cookies that allow you to log into the customer area or add items to the shopping cart.
Functional Cookies: These cookies are used for specific functionalities of our website, such as suggesting a better navigation flow on our website or displaying personalized and relevant information (e.g., "interest-based advertisements").
6. Use of Cookies and Other Technologies
To the extent that you have given your consent in accordance with Art. 6(1)(a) GDPR, we use the following cookies and other technologies from third-party providers on our website. After the purpose has been fulfilled and the respective technology is no longer in use by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information about your options for revocation can be found in the section "Cookies and Other Technologies." Further information, including the basis of our cooperation with each provider, can be found with each respective technology. For questions about the providers and the basis of our cooperation with them, please refer to the contact information described in this privacy policy.
Use of Google Services
We use the following technologies provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your usage of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on the standard data protection clauses of the European Commission. If your IP address is collected through Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. If no deviations are indicated for the individual technologies, data processing is based on an agreement concluded between joint controllers in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.
Google Analytics
For the purpose of web analysis, data (IP address, time of visit, device and browser information, and information about your usage of our website) is automatically collected and stored using Google Analytics, from which usage profiles are created using pseudonyms. Cookies can be used for this purpose. Your IP address is not generally combined with other data from Google. Data processing is based on an agreement for data processing with Google.
For the purpose of optimizing the marketing of our website, we have enabled data sharing settings for "Google products and services." This allows Google to access and use the data collected and processed by Google Analytics to improve Google services. The data sharing with Google under these data sharing settings is based on an additional agreement between controllers. We have no influence on the subsequent data processing by Google.
For creating and conducting tests, we also use the extension function of Google Analytics, Google Optimize.
For the purpose of optimized marketing of our website, we use the so-called User-ID function. With this function, we can assign a unique, permanent ID to your interaction data in one or more sessions on our online presence, allowing us to analyze your user behavior across devices and sessions.
For web analysis and advertising purposes, the extension function of Google Analytics, Google Signals, enables so-called "cross-device tracking." If your internet-enabled devices are linked to your Google account and you have activated the setting "personalized advertising" in your Google account, Google can create reports about your usage behavior (especially cross-device user numbers) even if you change your device. We do not process personal data in this regard; we only receive statistics generated based on Google Signals.
For web analysis and advertising purposes, the extension function of Google Analytics, the so-called DoubleClick cookie, enables recognition of your browser when visiting other websites. Google will use this information to compile reports on website activities and provide further services related to website usage.
Google reCAPTCHA
For the purpose of protecting against abuse of our web forms and spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information, and information about your usage of our website) and conducts an analysis of your usage of our website through a so-called JavaScript and cookies. In addition, other cookies stored by Google services in your browser are evaluated. No reading or storage of personal data from the input fields of the respective form takes place.
7. Integration of Trusted Shops Trustbadge/Other Widgets
If you have given your consent pursuant to Art. 6(1)(a) GDPR, Trusted Shops widgets for displaying Trusted Shops services (e.g., trustmark, collected reviews) as well as offering Trusted Shops products to buyers after an order are integrated on this website.
The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are jointly responsible according to Art. 26 GDPR. In the context of this privacy policy, we will inform you below about the essential contents of the contract pursuant to Art. 26(2) GDPR.
In the context of the joint responsibility between us and Trusted Shops AG, please address privacy-related questions and the exercise of your rights primarily to Trusted Shops using the contact information provided in the privacy information. Regardless, you can always contact the responsible party of your choice. If necessary, your request will be forwarded to the other responsible party for response.
7.1 Data Processing in the Integration of Trustbadge/Other Widgets
The Trustbadge is provided by a US-based CDN provider (Content-Delivery-Network). Adequate data protection is ensured through standard data protection clauses and other contractual measures.
When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also includes your IP address, date and time of access, transferred data volume, and the requesting provider (access data) and documents the access. The IP address is immediately anonymized after collection, so the stored data cannot be attributed to your person. The anonymized data is used especially for statistical purposes and error analysis.
7.2 Data Processing after Order Completion
If you have given your consent, after order completion, the Trustbadge accesses order information stored in your end device (order amount, order number, possibly purchased product) and your email address is hashed using cryptographic one-way function. The hash value is then transmitted to Trusted Shops along with the order information pursuant to Art. 6(1)(a) GDPR. This serves to verify whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not consent to automatic recognition through the Trustbadge, you will subsequently have the opportunity to manually register for the use of the services or complete the security measures as part of your existing usage agreement, if applicable.
For this purpose, after completing your order, the Trustbadge accesses the following information stored in your end device: order amount, order number, and email address. This is necessary so that we can offer you buyer protection. Transmission of the data to Trusted Shops only occurs when you actively decide to complete buyer protection by clicking on the corresponding button in the so-called Trustcard. If you choose to use the services, further processing will be based on the contractual agreement with Trusted Shops pursuant to Art. 6(1)(b) GDPR, in order to complete your registration for buyer protection, secure the order, and potentially send you review invitations by email afterward.
Trusted Shops uses service providers in the areas of hosting, monitoring, and logging. The legal basis is Art. 6(1)(f) GDPR for the purpose of ensuring smooth operation. Processing may take place in third countries (USA and Israel). Adequate data protection is ensured in the case of the USA through standard data protection clauses and other contractual measures, as well as in the case of Israel through an adequacy decision. Further information can be obtained here.
8. Social Media
8.1 Social Plugins by Facebook (by Meta), Instagram (by Meta)
On our website, we use social buttons from social networks. These are embedded into the page as HTML links, so no connection is made to the servers of the respective provider when you visit our website. When you click on one of the buttons, the website of the respective social network opens in a new window of your browser. There, you can, for example, activate the like or share button.
8.2 Our Online Presence on Facebook (by Meta), Instagram (by Meta), LinkedIn
If you have given your consent pursuant to Art. 6(1)(a) GDPR to the respective social media operator, when you visit our online presences on the aforementioned social media platforms, your data will be automatically collected and stored for market research and advertising purposes, from which pseudonymous usage profiles are created. These can be used, for instance, to display ads within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and privacy protection settings, please refer to the privacy policies linked below. If you still need assistance in this regard, you can contact us.
Facebook (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your usage of our online presence on Facebook (by Meta) is usually transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our collaboration with them is based on the European Commission's standard data protection clauses. The data processing in the context of visiting a Facebook (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (Information on Insights data) can be found here.
Instagram (by Meta) is an offering of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your usage of our online presence on Instagram is usually transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our collaboration with them is based on the European Commission's standard data protection clauses. The data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (Information on Insights data) can be found here.
LinkedIn is an offering of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your usage of our online presence on LinkedIn is usually transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, and stored there. There is no adequacy decision by the European Commission for the USA. Our collaboration with them is based on the European Commission's standard data protection clauses.
9. Contact Options and Your Rights
9.1 Your Rights
As a data subject, you have the following rights:
Pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein; Pursuant to Art. 16 GDPR, the right to demand immediate rectification or completion of your personal data stored by us; Pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, provided that further processing is not required for exercising the right of freedom of expression and information; to fulfill a legal obligation; for reasons of public interest; or for asserting, exercising, or defending legal claims; Pursuant to Art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as the accuracy of the data is disputed by you; the processing is unlawful, but you oppose its erasure; we no longer need the data, but you need it to assert, exercise, or defend legal claims; or you have objected to processing pursuant to Art. 21 GDPR; Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller; Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or place of work or our company headquarters.
Right to Object
Insofar as we process your personal data for the purpose of safeguarding our legitimate interests as part of a balance of interests, you can object to this processing with effect for the future. If processing is carried out for purposes of direct marketing, you can exercise this right at any time as described above. If processing is carried out for other purposes, you have a right to object only if there are reasons arising from your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if processing serves the assertion, exercise, or defense of legal claims.
This does not apply if processing is carried out for purposes of direct marketing. In that case, we will no longer process your personal data for this purpose.
9.2 Contact Options
Data Protection Officer:
Mag. Jutta Recheis
Austrasse 51
6122 Fritzens
Austria
For questions regarding the collection, processing, or use of your personal data, for information, correction, restriction, or deletion of data, as well as for the revocation of granted consent or objection to a specific data use, please contact us directly using the contact details in our imprint.
