Data protection
Data security
Patrik Pondorfer
Iselsberg 195
Iselsberg 9992
Austria
Email: austrianspeptides@gmail.com
We are pleased that you are interested in our online shop. The protection of your privacy is very important to us. Below, we provide detailed information about how we handle your data. The processing of your data is carried out on the basis of the GDPR as well as in accordance with § 165 para. 3 TKG (Austria).
1. Access data and hosting
You may visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.
These access data are evaluated exclusively for the purpose of ensuring the smooth operation of the site and improving our offering. This serves to safeguard our legitimate interests in the correct presentation of our offering, which prevail within the framework of a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
All access data are processed only for as long as is necessary to achieve the processing purposes stated above.
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data as well as all data collected in forms provided on this website are processed on their servers.
If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Israel, United Kingdom, USA.
The adequacy decision for the USA serves as the basis for data transfers to third countries insofar as the respective service provider is certified. Certification is in place.
Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the following safeguards: Standard Contractual Clauses of the European Union.
2. Data processing for contract fulfillment and contact
2.1 Data processing for contract fulfillment
For the purpose of contract fulfillment (including inquiries regarding and processing of any existing warranty and performance disruption claims as well as any statutory update obligations) pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we collect personal data if you voluntarily provide them to us as part of your order.
Mandatory fields are marked as such, as in these cases we require the data to process the contract and cannot ship the order without them. Which data are collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment, and shipping processing, can be found in the following sections of this privacy policy.
After complete fulfillment of the contract, your data will be restricted for further processing and deleted after expiry of the tax and commercial retention periods pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this policy.
2.2 Customer account
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of creating the customer account and storing your data for future orders on our website.
You may delete your customer account at any time either by sending a message to the contact option described in this privacy policy or via a designated function in the customer account.
After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this policy.
2.3 Contact
As part of customer communication, we collect personal data for the processing of your inquiries pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR if you voluntarily provide them to us when contacting us (e.g., via contact form or email).
Mandatory fields are marked as such, as in these cases we require the data to process your inquiry. Which data are collected can be seen from the respective input forms.
After complete processing of your inquiry, your data will be deleted unless you have expressly consented to further use of your data pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to further data use that is legally permitted and about which we inform you in this policy.
3. Data processing for the purpose of shipping
For contract fulfillment pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping service provider commissioned with delivery, insofar as this is necessary for the delivery of ordered goods.
If you have any questions about our service providers and the basis of our cooperation with them, please contact the contact option described in this privacy policy.
4. Data processing for payment processing
For payment processing in our online shop, we cooperate with the following partners: technical service providers, credit institutions, payment service providers.
4.1 Data processing for transaction processing
Depending on the selected payment method, we pass on the data required for processing the payment transaction to our technical service providers or to the commissioned credit institutions or to the selected payment service provider, insofar as this is necessary for payment processing.
This serves contract fulfillment pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.
In some cases, payment service providers collect the data required for payment processing themselves, for example on their own website or via technical integration in the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
Depending on the selected payment method, data may be transferred to third countries outside the EU/EEA for which the European Commission has determined an adequate level of data protection by decision.
Where data are transferred to third countries outside the EU/EEA for which the European Commission has not issued an adequacy decision, cooperation is based on the Standard Contractual Clauses of the European Commission.
If you have any questions about our payment processing partners or the basis of our cooperation with them, please contact the contact option named in this privacy policy.
4.2 Data processing for fraud prevention and optimization of our payment processes
Where applicable, we provide the aforementioned service providers with additional data, which they use together with the data required for payment processing for the purposes of fraud prevention and optimization of our payment processes (e.g., invoicing, processing disputed payments, accounting support).
This serves to safeguard our legitimate interests in fraud prevention and efficient payment management pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
Identity and credit check when selecting Klarna payment services
Klarna Pay later (purchase on account), Klarna Slice it (installment purchase)
If you choose the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”), we ask for your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to transmit the data required for payment processing and identity and credit checks to Klarna.
In Germany, the credit agencies named in Klarna’s privacy policy may be used for identity and credit checks.
The information received about the statistical probability of a payment default is used by Klarna for a balanced decision on the establishment, execution, or termination of the contractual relationship.
You may revoke your consent at any time by sending a message to the contact option named in this privacy policy. This may result in us no longer being able to offer certain payment options. You may also revoke your consent to this use of personal data at any time directly with Klarna.
4.3 Installment payment option
When selecting the installment payment option and granting the required data protection consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, personal data (first name, last name, address, email, telephone number, date of birth, IP address, gender) together with transaction-related data (product, invoice amount, due dates, total amount, invoice number, taxes, currency, order date and time) are transmitted to our partner Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, for the purpose of processing this payment method.
To verify the customer’s identity and creditworthiness, our partner conducts inquiries with publicly accessible databases and credit agencies.
The providers from whom information and, if applicable, creditworthiness data are obtained based on mathematical-statistical procedures, as well as further details on data processing after transmission to Klarna Bank AB (publ), can be found in Klarna’s privacy policy, available here: https://www.klarna.com/at/datenschutz/
The information received regarding the statistical probability of payment default is used by our partner Klarna Bank AB (publ) for a balanced decision on the establishment, execution, or termination of the contractual relationship.
You have the option to contact our partner Klarna Bank AB (publ) to present your point of view and contest the decision.
The consent given during the ordering process for data transfer may be revoked at any time with effect for the future, without giving reasons.
Use of Wix Analytics for web analysis
For the purpose of website analysis, data (IP address, time of visit, device and browser information, location data, and information about your use of our website) are automatically collected and stored using technologies of Wix Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (“Wix”), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose.
The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without separate, explicit consent. Wix acts on our behalf.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: Israel, United Kingdom, USA.
The adequacy decision for the USA serves as the basis for data transfers to third countries insofar as the respective service provider is certified. Certification is in place.
Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the following safeguards: Standard Contractual Clauses of the European Union.
5. Social Media
Our online presence on Instagram (by Meta)
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when visiting our online presences on the social networks mentioned above, from which usage profiles are created using pseudonyms.
These may be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose.
Detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and settings to protect your privacy, can be found in the privacy notices of the providers linked below. If you still require assistance, you may contact us.
Instagram (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”).
The information automatically collected by Meta Platforms Ireland about your use of our Instagram online presence is generally transmitted to and stored on a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between joint controllers pursuant to Art. 26 GDPR. Further information (information on Insights data) can be found here.
Our service providers are located and/or use servers in the following countries for which the European Commission has determined an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for data transfers to third countries insofar as the respective service provider is certified. Certification is in place.
Our service providers are located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision by the European Commission for these countries. Our cooperation with them is based on the following safeguards: Standard Contractual Clauses of the European Union.
6. Contact options and your rights
6.1 Your rights
As a data subject, you have the following rights:
pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
pursuant to Art. 16 GDPR, the right to request the immediate rectification of incorrect or completion of your personal data stored by us;
pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required
– for exercising the right to freedom of expression and information;
– for compliance with a legal obligation;
– for reasons of public interest; or
– for the establishment, exercise, or defense of legal claims;
pursuant to Art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as
– the accuracy of the data is contested by you;
– the processing is unlawful, but you oppose deletion;
– we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims; or
– you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your habitual residence, place of work, or our company headquarters.
Right to object
Where we process personal data as explained above to safeguard our legitimate interests that prevail within the framework of a balancing of interests, you may object to this processing with effect for the future.
If processing is carried out for direct marketing purposes, you may exercise this right at any time as described above.
If processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.
After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
This does not apply if processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.
6.2 Contact options
If you have questions regarding the collection, processing, or use of your personal data, requests for information, correction, restriction, or deletion of data, as well as revocation of consents granted or objection to a particular use of data, please contact us directly using the contact details in our legal notice.
Additional note for the privacy policy
Special note regarding product-related inquiries
For inquiries regarding our peptides or research chemicals, personal data are used exclusively to respond to the inquiry.
We do not process health-related data, as our products are not intended for human use.
Inquiries aimed at medical, therapeutic, or cosmetic applications will not be answered.