DATA PROTECTION

DATA PROTECTION & PRIVACY

1) Introduction and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Weingut Pittnauer GmbH, Neubaugasse 90, 7122 Gols, Austria, Tel.: 004321733407, email: weingut@pittnauer.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (eg orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if necessary: ​​in anonymous form)

The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

- Shopify

We use the system of the following provider to host our website and display the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc.

All data collected on our website is processed on the provider's servers. We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an appropriate level of data protection is guaranteed by an adequacy decision by the European Commission.

For the transmission of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

4) cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), some of these cookies remain on your end device for a longer period of time and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings in your web browser.

If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contact

When contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent required for this. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.

6) Use of Customer Data for Direct Marketing

6.1 Subscribing to our email newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data we collect when registering for the newsletter is used strictly for the intended purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

6.2 If you cancel your purchase from us before completing the order, you have the option of being reminded of the contents of your virtual shopping cart once by e-mail.
The only mandatory information for sending this reminder is your e-mail address. Providing further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending e-mails, which ensures that you only receive a notification if you have expressly confirmed your consent to this by clicking on a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR to send a shopping cart reminder. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data we collect when you register for our e-mail notification service is used strictly for the intended purpose. You can unsubscribe from the shopping cart reminders at any time by sending a message to the person named above. After you have unsubscribed, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use data that goes beyond this, which is permitted by law and about which we will inform you in this declaration .

7) Data processing for order processing

7.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned bank in accordance with Article 6 Paragraph 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provide when ordering (name, address, e-mail address) in order to inform you within the framework of our legal information obligations in accordance with Art. 6 Para 1 lit. c GDPR via a suitable communication channel (e.g. by post or e-mail) about upcoming updates in the period stipulated by law. Your contact details will be used strictly earmarked for notifications about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the information in question.

In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Disclosure of personal data to shipping service providers

- DPD
If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will provide your e-mail address and your telephone number before the goods are delivered in accordance with Article 6 (1) (a) GDPR for the purpose of coordinating a delivery date or for delivery notification to DPD, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or the delivery notification is not possible.
Consent can be revoked at any time with effect for the future from the above-mentioned person responsible or from the transport service provider DPD.
- Austrian post
If the goods are delivered by the transport service provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will provide your e-mail address before the goods are delivered in accordance with Article 6 (1) (a) GDPR for the purpose of coordinating a delivery date or for delivery notification to Austrian Post, provided that you have given your express consent to this during the ordering process. Otherwise, we only pass on the name of the recipient and the delivery address to Austrian Post for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with Austrian Post or the transmission of status information on the delivery of the shipment is not possible.
The consent can be revoked at any time with effect for the future to the person responsible mentioned above or to the transport service provider Österreichische Post.

7.3 Use of payment service providers (payment services)

-Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com /de /webapps /mpp /ua /privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment will be processed by the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we send the information you provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only insofar as it is necessary for this. You can find more information about Shopify Payments data protection at the following internet address: https://www.shopify.com/legal/privacy .
Data protection information on Stripe Payments Europe Ltd. You will find here: https://stripe.com /de /privacy

8) Online Marketing

- Google Ads conversion tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are pursuing the goal of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your end device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. As part of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. come in the US.
Details on the processing triggered by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the Google browser plug-in available under the following link:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
Google's privacy policy can be viewed here: https://www.google.de /policies /privacy /
- Google MarketingPlatform
This website uses the online marketing tool Google Marketing Platform operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").
GMP uses cookies to serve ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, GMP can use cookie IDs to record so-called conversions related to ad requests. This is the case, for example, when a user sees a GMP ad and later, using the same browser, goes to the advertiser's website and buys something through that website. According to Google, GMP cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you as follows based on our level of knowledge: By integrating GMP, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC. come in the US.
All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.
The privacy policy of GMP by Google can be found here: https://www.google.de /policies /privacy /

9) Web Analytics Services

- This website uses the “Google Tag Manager”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). The Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and being able to calibrate, control and attach conditions via a uniform user interface.
The Google Tag Manager itself does not store or read any information on user devices. The service also does not carry out any independent data analyses.
However, the Google Tag Manager transmits your IP address to Google when the page is accessed and may store it there. Also a transmission to servers of Google LLC. In the US it is possible.
This processing will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. Without this consent, Google Tag Manager will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website. We have concluded an order processing contract with Google, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.
Further data protection information on the Google Tag Manager can be found here: https://support.google.com /tagmanager /answer /9323295 ?hl=en
You will receive separate information on data protection-related services and applications that have been combined in the Google Tag Manager in the relevant sections of this data protection declaration.

10) Site Functionalities

10.1 Spotify
Plugins from the Spotify music service, an offer from Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden (“Spotify”), are integrated on this website for the playback of music titles. You can recognize the Spotify plugins by the green logo on our site. You can find an overview of the Spotify plugins at: https://developer.spotify.com .
When you visit this page, a direct connection can be established between your browser and the Spotify servers via the plugin, even if you do not have a Spotify account or are not logged into one. Spotify receives the information that you have visited our site. The information collected in this respect (including your IP address) is transmitted directly from your browser to a Spotify server and stored there. However, the information is not used to personally identify you and is not shared with third parties.
If you click on the Spotify button while you are logged into your Spotify account, Spotify can assign your visit to our site to your user account.
The data processing described above takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the appealing acoustic design of visits to our website.
If you do not want Spotify to be able to associate your visit to our site with your Spotify user account, please log out of your Spotify user account. You can also object to the loading of the Spotify plugin and thus the data processing operations described above with add-ons for your browser for the future, e.g. with the script blocker “NoScript” ( http://noscript.net/ ).
For more information, see Spotify's privacy policy at https://www.spotify.com /de /legal /privacy-policy / .

10.2 Google reCAPTCHA
On this website we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is misused by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and avoiding abuse and spam.
For the visual design of the Captcha window, Google uses "Google Fonts", i.e. fonts downloaded by Google from the Internet. There is no processing of further information than the ones mentioned above, which are already transmitted to Google via the functionality of ReCaptcha.
When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.
Further information on Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com /intl /de /policies /privacy /
For the transmission of data from the EU to the USA, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.

11) Tools and Miscellaneous

11.1 Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies that require consent and cookie-based applications. The "Cookie-Consent-Tool" is displayed to users when the page is accessed in the form of an interactive user interface, on which consent can be given for certain cookies and/or cookie-based applications by ticking the box. By using the tool, all cookies/services that require consent are only loaded if the respective user gives their consent by ticking the box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed here.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and therefore a legally compliant design of our website.
Another legal basis for processing is Art. 6 (1) (c) GDPR. As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
We have concluded an order processing contract with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
Further information on the operator and the setting options of the cookie content tool can be found directly in the corresponding user interface on our website.

11.2 - Google Maps
On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. Using this service will show you our location and make it easier to get there.
As soon as you call up those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there. This can also result in transmission to the servers of Google LLC. come in the US. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of Google's legitimate interest in the display of personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot then be used.
You can read Google's terms of use at https://www.google.de /intl /de /policies /terms /regional.html see the additional terms of use for Google Maps https://www.google.com /intl /de_US/help /terms_maps.html
Detailed information on data protection in connection with the use of Google Maps can be found on the Google website ("Google Privacy Policy"): https://www.google.de /intl /de /policies /privacy /
Insofar as this is legally required, we have obtained your consent in accordance with Art. 6 (1) (a) GDPR to process your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the above-described option to make an objection.

12) Rights of the data subject

12.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis given for the respective exercise requirements:

  • Right to information according to Art. 15 GDPR;
  • Right to rectification according to Art. 16 GDPR;
  • Right to erasure according to Art. 17 GDPR;
  • Right to restriction of processing in accordance with Art. 18 GDPR;
  • Right to information according to Art. 19 GDPR;
  • Right to data portability according to Art. 20 GDPR;
  • Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR;
  • Right to complain according to Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS IN OUR PREVIOUS LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.

13) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed as part of legal or similar obligations on the basis of Article 6 (1) (b) GDPR, this data will be routinely deleted after the retention period has expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Article 6 Paragraph 1 Letter f GDPR, this data will be stored until you exercise your right of objection in accordance with Article 21 Paragraph 1 GDPR, unless we can provide compelling reasons worthy of protection prove the processing that outweighs your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection under Article 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.