Privacy Policy

Protecting your personal data is very important to us. We process your data exclusively based on legal regulations (EU GDPR, Austrian TKG 2003).

Details about the new EU General Data Protection Regulation (GDPR) can be found here: https://www.privacy-regulation.eu/en/index.htm

As this privacy policy is extensive, we want to briefly list what we do not do:

• No Facebook Tracking (Pixel, Like Button, etc.) or other social media tracking*

• No Google Analytics, Google Ads, Bing Ads, or Google Tag Manager Tracking*

• No remarketing, so you will not be followed by our ads on other websites

• No credit checks by us

• We do not ask for unnecessary data (e.g., birth date)

• No automated decision-making or profiling

Check for yourself: With the browser add-on uMatrix (Firefox / Chrome), you can see which external services are used on a website.

We place great importance on data security, using modern cloud software that is continuously developed and protected by professionals.

We limit access to data as much as possible; all employees and service providers are committed to data protection and confidentiality.

This privacy policy provides information about the type, scope, and purposes of the collection and processing of your data. We, the Eventlights.shop team / Thomas Gattinger, are responsible for data processing in terms of data protection law. If you have any questions about the collection, processing, or use of your personal data, please contact our Data Protection Coordinator in writing:

Email:
Thomas Gattinger
datenschutz@eventlights.shop

Or by post:
Eventlights.shop
Thomas Gattinger
Traunfeldstraße 1
A-4663 Laakirchen

Collection and Processing of Your Data

When you register, place an order, or visit our website, we collect and process certain personal data about you. The type, scope, and purposes of this data processing are described below.

Registration and Order

During registration on the webshop and when placing an order, we process the data you provide: email address, phone number*, company name*, first name, last name, street & house number, address addition*, postcode, city, country, VAT ID*, password*.

*The marked details are optional and will only be processed if provided by you.

Additionally, when placing an order in the webshop, the exact order time (date and time) and the customer's IP address are stored. The order time and IP address are needed for the secure operation of the webshop and are stored according to Art. 6 (1) lit. f GDPR.

The data necessary for payment processing is forwarded to our payment partners, or you are redirected to the payment partner's website when selecting the payment method. Our payment partners encrypt your credit card data, bank data, or other data via SSL (at least 128-bit) during data transmission. More information about data processing by our payment partners can be found in their privacy policies at:

• Paypal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

• Mollie (Credit card, SEPA transfer, EPS, iDEAL, Bancontact and other payment methods): https://www.mollie.com/en/privacy

The data you provide will be stored in your customer account, processed for order fulfilment, and for fulfilling the contracts between you and us. Data processing is based on Art. 6 (1) lit. a GDPR (consent to store data in the customer account) and Art. 6 (1) lit. b GDPR (processing necessary for contract fulfilment). After the contract has been fully executed and the purchase price has been fully paid, the order data will be archived. After the expiration of the tax and commercial retention periods or the periods according to the Product Liability Act, we will delete the order data upon request.

We will amend or delete master data in the customer account upon request, provided no legal retention periods oppose this. If the purchase process is terminated without a contract being concluded, we will delete the already stored data upon request (provided no legal retention periods oppose this), please contact us for this.

We always want to give our existing customers an overview of their master data and past orders, hence automatic deletion of customer master data or order data is not currently foreseen. We correct and delete data as allowed by law (retention periods) upon request.

Your personal data will only be shared or otherwise disclosed to third parties if necessary for contract execution or billing or if you have given prior consent. For example, service providers used by us (e.g., shipping companies, logistics service providers, payment service providers, customer service, accountants, tax advisors) receive the necessary data for order and contract processing. In case of a legal provision, an official order, or an official investigation, we are legally obliged to provide the respective data to the authority.

Privacy Policy for PayPal as a Payment Method

We have integrated the PayPal payment method in this webshop. Payments are processed via PayPal accounts, which are virtual private or business accounts. PayPal also allows virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, hence there is no classic account number. PayPal allows online payments to third parties or receiving payments. PayPal also offers trustee functions and buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you select "PayPal" as the payment method during the ordering process in our online shop, data about you will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal usually includes first name, last name, address, email address, IP address, phone number, mobile phone number, or other data necessary for payment processing. Personal data related to the respective order is also required to fulfil the purchase contract.

The data transmission aims to process payments and prevent fraud. We will transmit personal data to PayPal, especially if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. This transmission aims to check identity and creditworthiness.

PayPal may share the personal data with affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the company.

You can revoke your consent to PayPal's handling of personal data at any time. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

The applicable privacy policy of PayPal can be found at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Logistics and Shipping

We usually ship orders either from our location in Laakirchen (Austria) or via the logistics service provider Orange Connex (Orange Connex Global Germany GmbH, Potsdamer Platz 10, House 2, 10785 Berlin, Germany).

When shipping via Orange Connex, the data of ready-to-ship orders will be forwarded to our logistics service provider Orange Connex Global Germany GmbH. Orange Connex receives the information necessary for shipping (e.g., order ID, name, company name, delivery address, email address, and if provided, phone number, ordered products).

Shipping is usually done via DPD (shipping from Laakirchen warehouse) or DHL/GLS (shipping from Orange Connex warehouse). The shipping service provider receives the necessary customer data for shipping, such as the name, delivery address, any additional address information, the email address (for parcel notification), and if provided, the phone number (for quickly resolving delivery problems). These data are used exclusively for order processing.

Additional shipping methods for larger orders, custom orders, or particularly urgent orders:

• Shipping directly from our suppliers to the customer: We only provide the data necessary for shipping, which can only be used for shipping the order.

• Shipping from an Amazon Fulfillment warehouse: We only provide the data necessary for shipping.

Webshop Software and Hosting

Our webshop is operated via the “Software as a Service” application Plentymarkets. Plentymarkets is a product of plentysystems AG, Bürgermeister-Brunner-Straße 15, 34117 Kassel, Germany. The software is developed and operated in Germany according to strict data protection standards (TÜV Saarland - Certified Cloud Security). More information about Plentymarkets' privacy policy can be found here: https://www.plentymarkets.com/en/privacy-policy/

Plentymarkets uses Amazon Web Services (AWS), based in Frankfurt am Main, Germany, for hosting the software and delivering the accessed websites.

All data of the webshop software (e.g., customer data, order data, invoice documents) are stored in Germany (AWS Frankfurt, see above). We have concluded a data processing agreement with plentysystems AG.

Visiting the Website / Use of Cookies

When you visit our website, we collect personal data to the extent technically necessary (name of the accessed file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL, IP address of the user, and the requesting provider). These log files are managed by the server administrators of plentysystems AG, used exclusively for the secure operation of the servers, and overwritten after 2 weeks. We do not have access to these data. They cannot be assigned to specific individuals by us, are not merged with data from other data sources, and are not used for marketing purposes. The storage of server log files is based on Art. 6 (1) lit. f GDPR. The collection of data for providing the website and the storage of data in log files is mandatory for operating the website. Therefore, there is no possibility for the user to object.

We inform you that cookies are used when you visit our website. Cookies are small files or other types of information storage that are transferred to the user's web browser by our web server or third-party web servers and stored there for later retrieval. The cookies used when visiting our website are only for the purpose of simplifying the purchasing process (e.g., by storing items in a shopping cart) and enabling the use of certain functions of our webshop. The cookies we use are deleted from your hard drive after you close your browser (session cookies). The collection of these data is based on § 96 (3) TKG.

We do not store cookies for statistical/marketing purposes or other purposes that are not essential for operating the Plentymarkets webshop system.

Use of Matomo

We use the open-source web analytics software Matomo (www.matomo.org) to create statistics on user behaviour. Data collection is based on Art. 6 (1) lit. f GDPR ("legitimate interest"). The software is operated by us on the server stats.eventlights.shop (located in Germany); data is stored and processed only by us and not shared with other companies.

No cookies are stored by Matomo. The collected IP addresses are anonymised (removing the last 3 digits of the IP address: 000.000.000.xxx).

We respect the "Do not track" setting in the browser. Simply enable "Do not track" in your browser's privacy settings to object to data collection with Matomo.

Data Security

Your contract data is transmitted encrypted via SSL over the internet. We secure our website and other systems by technical and organisational measures against loss, destruction, access, modification, or distribution of your data by unauthorised persons.

Rights as a Data Subject

You have the right to information about your personal data (Art. 15 GDPR), as well as the right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR).

You can also object to the processing (according to Art. 21 GDPR, if the processing is based on the legal basis Art. 6 (1) lit. e or f GDPR) and have the right to data portability in a structured, machine-readable format (Art. 20 GDPR).

Further rights: Right to notification (Art. 19 GDPR) and right to withdraw consent (Art. 7 (3) GDPR). For all the mentioned rights, please contact the responsible party's contact details.

Right to Complain

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). For Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Phone: +43 1 52 152-0, Email: dsb@dsb.gv.at, Web: https://www.dsb.gv.at/.

Copyright and Sources of this Privacy Policy

This privacy policy was created by our Data Protection Coordinator Thomas Gattinger based on template texts. It is continuously adapted to the current data processing processes at Eventlights and the current legal situation.

Sources of the template texts:

• Austrian E-Commerce Quality Seal

• University of Münster / Dr Hoeren

• Privacy Policy Generator of the German Society for Data Protection (Template Privacy Policy: https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de/) in cooperation with the data protection lawyers of the law firm WILDE BEUGER SOLMECKE | Lawyers (https://www.wbs.legal/)