Data protection statement
Thank you very much for your interest in our website chillisy-shop.com. We attach great importance to the protection of your personal data. This data protection statement provides you with information about the type, extent and purpose of the personal data collected and used by us. Furthermore, you will receive details about the rights you are entitled to.
Technical and organisational measures have been taken to ensure that data protection provisions are complied with by us and our service providers.
If you have any further questions regarding data protection in the context of these online services, please contact our data protection officer Mrs Isa Schuetze, at any time.
1. Who is responsible for data processing and who can you contact?
The data controller in the sense of the General Data Protection Regulation (GDPR) is:
CHILLISY®, Lochbödele 23, 6500 Landeck, Austria, Phone +43 (0) 5442 / 93 08 1, firstname.lastname@example.org
2. What is personal data?
Any information that refers to an identified or identifiable natural person (subsequently referred to as “data subject” is considered personal data (Article 4, no. 1 GDPR). This includes, for example, your name and your contact details.
3. Which data do we collect when you visit our website?
If you are simply visiting our website www.en.chillisy-shop.com, without registering or transmitting information in any other way, your browser will automatically transmit information to our website server. This information is saved temporarily in a log file. The following information is recorded and stored until it is erased automatically, without any action on your part:
- IP address of the accessing computer
- Date and time of access
- Name and URL of the accessed file
- Website from which the page was accessed (referrer URL)
- Browser used and possibly your computer’s operating system and the name of your access provider.
We process the data listed above for the following purposes:
- Ensuring that a connection is established smoothly and that our website can be used comfortably,
- Analyses of system security and stability and
- Further administrative purposes.
The legal basis for this data processing is Article 6 paragraph 1 section 1 point f of the GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances will we use the data collected to draw any conclusions about your identity.
In order to transparently explain the way in which we are using cookies, we are going to outline briefly what cookies are, followed by an account of which cookies are used in the context of our website.
4.1. What are cookies?
A cookie is a small text file that is saved to your hard drive. This data record is created by the web server you have used to establish a connection via your web browser, it is then sent to you and saved to your hard drive. Cookies provide that you will be recognised on future visits to our website.
Most browsers are set up to accept cookies automatically. You may configure your browser to reject all cookies or to arrange that you need to actively agree before any cookies are saved. You are also able to erase previously saved cookies from your system at any time. When you visit our page www.en.chillisy-shop.com for the first time, a note will pop up to inform you that we are using cookies. The type of cookies that we use is described below. If you click the button “accept” within this note, a cookie is created to show us that you have seen the note. This cookie will remain saved for future visits. The note mentioned above will not be shown again, when you access our services in the future. However, if you separately erase cookies from your browser, or if you access www.en.chillisy-shop.com using another device, the note will pop up again.
4.2. What types of cookies are there?
While you are using a website, a temporary session cookie, containing a session identification number, is saved to your computer to prevent, for example, that you have to log in again, whenever you switch between pages. Session cookies are erased automatically, after the session expires or when the browser is closed.
A permanent cookie provides for a file to be saved on your computer for a specific period of time. These cookies enable websites to remember your information and settings, when your return to those sites in the future. This makes accessing the websites faster and more convenient. The cookies expire after the specified expiration date.
Essential cookies (type 1)
These cookies are absolutely necessary to allow websites and their functions to work properly.
Function cookies (type 2)
These cookies allow for the comfort and performance of websites to be improved and for various functions to be made available.
Performance cookies (type 3)
These cookies collect information about the way in which you are using websites. Performance cookies help, for example, to identify particularly popular areas of internet services. This allows for the contents of websites to be adjusted more effectively to the users’ requirements and therefore for the services to be improved. Information collected with this type of cookies is not personal.
Third-party cookies (type 4)
These cookies are set by third parties, such as social networks. They are used in particular for integrating social media content such as social plugins on websites.
4.3. Which cookies do we use on this website?
We use both session cookies and essential cookies on our website. We use these cookies based on Article 6 paragraph 1 point f of the GDPR. Our efforts to optimise or enable user guidance on our website and to adjust our website are considered a legitimate interest in the sense of the regulation indicated above.
5. Which data do we collect when you register on our CHILLISY portal?
If you register for our CHILLISY portal on our website, personal data required for pre-contractual measures and for fulfilling the user contract is recorded. This includes your name, address and email address as contact and communication details. As a registered user of our portal, you are granted access to contents that are only available to registered users. If you register as a professional user you are, for example, able to download 2D and 3D data as well as product images and data sheets from the collection and product pages.
After you have registered, we are going to review, whether you will be accepted as a user of our CHILLISY portal. If you are accepted, a confirmation email containing your personal login data will be sent to the indicated email address and your data will be saved. The legal basis for this is Article 6 paragraph 1 section 1 point b of the GDPR. If you are not accepted, your data will be erased within 30 days of your registration being rejected.
You may de-register from our CHILLISY portal at any time. To do so, please inform us about your wish to de-register using the contact options included in this data protection statement. Your data that is not subject to any legal retention requirements, will be erased within 14 days of your de-registration. Any other data is saved for the duration of the legal retention period, and is then erased automatically.
6. Which data do we collect when you contact us via email or using our contact form?
If you contact us by email or using our contact form, we are going to save the data you have communicated to us (your email address and your name). Also data which we pass on to our agencies in the context of press inquiries. We do so for the sole purpose of replying to you, and for possibly contacting you regarding your query at a later time. Data processing for the purpose of establishing contact via our contact form takes place pursuant to Article 6 paragraph 1 section 1 point a of the GDPR, based on your voluntarily granted consent. You have the right to revoke your consent to processing of your personal data at any time. To revoke your consent, please send an email to email@example.com or contact us using the contact data indicated in the imprint. Article 6 paragraph 1 section 1 point b of the GDPR shall apply as the legal basis for data processing, if you request a quote via the contact form or if you have any questions regarding an existing contractual relationship. The legal basis for the processing of any data you have transmitted to us via email is Article 6 section 1 point f of the GDPR. Our legitimate interest is based in our endeavours to handle your inquiry.
Any data that is produced in this context is erased, once storage of such data is no longer necessary, or we are going to restrict processing, if legal retention requirements apply.
7. Which data do we collect when you order our CHILLISY catalogue?
If you order a copy of our CHILLISY catalogue using the form on our website, we are going to save the communicated data (in particular your name and address) to be able to mail the requested catalogue to the indicated address. The legal basis for data processing for the purpose of sending the requested catalogue is Article 6 paragraph 1 section 1 point b of the GDPR. We will erase your personal data, after the catalogue has been dispatched.
By granting your consent, you may subscribe to our newsletter, containing our latest interesting promotions. The data communicated when subscribing, is used solely for sending our newsletter. The only mandatory information you must provide to receive the newsletter is your email address. Any further information that is marked separately, is provided voluntarily and is used to allow us to address you in person.
We are using a double opt-in process for subscriptions to our newsletter. This means that after you have registered, we are going to send an email to the indicated email address, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your data will be blocked and automatically erased after one month. After you have confirmed, we are going to save your email address for the purpose of sending our newsletter. The legal basis for this is Article 6 paragraph 1 section 1 point a of the GDPR. In addition to this, we are saving your IP address, from which you have registered for the newsletter and the date on which you have subscribed, as well as the date of your confirmation email. We will use this data as evidence, in the case of misuse, where an email address is registered for the newsletter without authorisation and it also allows us to verify that you have registered. The legal basis for this is Article 6 paragraph 1 section 1 point f of the GDPR. Our legitimate interest arises from the purposes indicated above.
You may revoke your consent to us sending the newsletter at any time and with effect for the future, by un-subscribing from the newsletter. To revoke your consent, please use the link included in each newsletter email or contact us using the contact data indicated in the imprint.
We forward your data to an external service provider sendinblue that is based in Berlin, and with whom we have concluded a contract data processing agreement.
9. Links to social network services
Our website contains links to the social network service providers Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA), Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) and Pinterest (Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA). The button for the respective social network is integrated as a link on our website.
If you visit our website and click the button of one of the social network service providers, you will be redirected to our page with the respective network service. Your information is only transmitted, if you click the relevant buttons and are redirected to the respective social network’s page. Until you click the button, the social networks are unable to collect any information about you. The legal basis for using links to social network services is Article 6 paragraph 1 section 1 point f of the GDPR. Our legitimate interest arises due to the commercial purpose to promote publicity for our company.
Please note that we have no influence on the ways in which the social network services will process your personal data, or on whether they comply with data protection provisions, when processing your personal data. We do not monitor the social network services, and we are not responsible for any processing of your personal data by such services. Please refer to the respective social network’s data protection information, for details about the handling of your personal data when using these social network services.
10. Google Maps
Maps by “Google Maps”, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated on our website. Data processed may include in particular IP addresses and location data about users, however these are not collected without the users’ consent (this is usually granted as part of the settings of mobile devices). This data may be processed in the USA. Data protection statement: https://www.google.com/policie..., opt-out: https://adssettings.google.com/authenticated.
11. HTML5 storage objects
The interior design planning tool on this website uses HTML5 storage objects, which are saved to your device. These objects will save the required data (current designs, saved designs), regardless of the browser used and they do not have an automatic expiration date. No personal data is saved by the interior design planning tool. You may prevent the use of HTML5 storage objects, by using the private browsing mode of your browser.
11. What are your rights?
Regarding your personal data, you have the following rights towards us:
- Right of information pursuant to Article 15 of the GDPR:
You have the right to demand confirmation of whether personal data about you is being processed. If this is the case, you have the right to receive information about such personal data as well as the information listed in detail in Article 15 of the GDPR.
- Right to demand correction of incorrect personal data or of completion of such data pursuant to Article 16 of the GDPR:
You have the right to demand that incorrect personal data about you is corrected immediately, and that any incomplete data is completed.
- Right of erasure (“right to be forgotten”) pursuant to Article 17 of the GDPR:
Furthermore, you have the right to demand that personal data about you is erased immediately, provided that none of the reasons listed in Article 17 of the GDPR applies, for example if your data is no longer needed for its intended purpose.
- Right of restriction of processing pursuant to Article 18 of the GDPR:
You have the right to demand that processing of your personal data is restricted for the duration of a possible review of whether our legitimate interests override yours, if one of the prerequisites listed in Article 18 of the GDPR is met, for example if you have objected to processing pursuant to Article 21 of the GDPR.
- Right to object to processing pursuant to Article 21 of the GDPR:
If data is collected based on Article 6 paragraph 1 section 1 point f (data processing for the purpose of safeguarding legitimate interests), you have the right to object to such processing at any time, on the grounds that there are reasons that arise from your particular situation. We will not continue to process your personal data in such a case, unless there are demonstrable compelling and legitimate reasons to continue processing, which override your interests, rights and freedoms, or if processing takes place for the purpose of asserting, exercising or defending any legal claims.
- Right of data portability pursuant to Article 20 of the GDPR:
In particular cases, which are listed in detail in Article 20 of the GDPR, you have the right to demand that your personal data is provided to you or to a third party in a structured, common and machine-readable format.
- Right to revoke granted consent pursuant to Article 7 paragraph 3 section 1 of the GDPR: You have the right to revoke granted consent at any time and with effect for the future, without prejudice to the lawfulness of processing that took place based on your consent, up to the revocation,
- Right to complain to a regulatory authority pursuant to Article 77 of the GDPR:
Pursuant to Article 77 of the GDPR, you have the right to submit a complaint to a regulatory authority, if you are under the impression that processing of your personal data is performed in violation of any data protection provisions. Your right to complain can be exercised in particular by contacting a regulatory authority in the Member State in which you reside, in which your workplace is located or in which the presumed infringement takes place.
If you would like to exercise your right of revocation or objection, simply send an email to firstname.lastname@example.org.
12. Who is my data disclosed to?
We generally do not disclose personal data to third parties. In particular, we do not disclose data to third parties commercially. Your personal data will not be disclosed to third parties for any purposes other than those listed below.
Your personal data will only be disclosed to third parties, if:
- You have granted explicit consent to such disclosure pursuant to Article 6 paragraph 1 section 1 point a of the GDPR,
- Disclosure is necessary pursuant to Article 6 paragraph 1 point f of the GDPR for asserting, exercising or defending legal claims, and there is no reason to assume that you have any overriding legitimate interests in non-disclosure of your data,
- Disclosure is legally required pursuant to Article 6 paragraph 1 section 1 point c of the GDPR or
- Such disclosure is legally permissible and necessary for handling contractual relations with you pursuant to Article 6 paragraph 1 section 1 point b of the GDPR.
13. For how long will my data be saved?
We are saving and processing your data for as long as this is required for handling our business relationship with you. We observe the principle of storage limitation. This means that we will erase your data as soon as it is no longer required, and we no longer need to keep it due to legal retention duties.
14. Is data transmitted to any third states?
Your data will generally not be transmitted to any third states, unless explicitly mentioned in this data protection statement.
15. Am I obliged to provide any data?
You only have to provide the personal data that is required for using our portal. You are not obliged to provide any data.
16. Adjustments to the data protection statement
Due to further development of our website and related services, as well as changing legal or regulatory provisions, it may become necessary to make adjustments to this data protection statement. You may access and print the latest version of our data protection statement on our website
https://en.chillisy-shop.com/p... at any time.