Privacy Policy

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the applicable legal provisions (GDPR, Telecommunications Act 2003). In this privacy policy, we inform you about the most important aspects of data processing within the scope of our website.

When you visit our website, your IP address as well as the start and end of the session are recorded for the duration of that session. This is technically necessary and therefore constitutes a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Unless otherwise stated below, this data will not be further processed by us.

1. Controller Responsible for Data Processing

Name, address and contact details of the company or the responsible person operating the online shop.

If applicable, details of the data protection officer (if appointed).

Example:
“The controller responsible for data processing is [Company Name], [Address], [Contact Information], [Email Address].

2. Purposes of Data Processing

A detailed explanation of the purposes for which personal data is processed. In the case of a Shopify shop, these purposes may include:

Contract performance (e.g. orders, payments, delivery)

Customer communication (e.g. sending order confirmations, invoices)

Direct marketing (if applicable)

Analysis and optimisation of the shop (e.g. through cookies or tracking tools)

Example:
“We process your personal data for the purpose of processing orders, communicating about the status of your order, and improving our service offering.”

3. Legal Bases for Processing

An explanation of the legal bases on which data processing is carried out, such as:

Performance of a contract (Art. 6 (1) lit. b GDPR) for order processing

Consent (Art. 6 (1) lit. a GDPR) for marketing measures

Legitimate interests (Art. 6 (1) lit. f GDPR) for the use of analytics tools

4. Recipients of the Data

Who has access to personal data? This may include third parties such as:

Payment service providers (e.g. Klarna, PayPal)

Shipping service providers (e.g. DHL, UPS)

Shopify itself (as the platform provider)

Marketing service providers (e.g. Google, Facebook)

Example:
“Your data will be passed on to [payment service providers], [shipping service providers] and our hosting provider Shopify, insofar as this is necessary for the performance of the contract.”

5. Transfer to Third Countries

If personal data is transferred outside the EU/EEA (e.g. if Shopify uses servers in the USA), an explanation must be provided as to how this complies with the GDPR (e.g. through standard contractual clauses or an adequacy decision by the European Commission).

Example:
“Your data may be transferred to servers operated by Shopify in the United States. Shopify has implemented standard contractual clauses to ensure the protection of your data in accordance with the GDPR.”

6. Data Retention Period

Information on how long personal data is stored, for example:

Order data: for as long as necessary to fulfil the contract

Marketing data: for as long as the user’s consent is valid

Example:
“We store your data only for as long as necessary to fulfil contractual purposes or as required by statutory retention obligations.”

7. Rights of Data Subjects

An explanation of the rights of data subjects under the GDPR, including:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to object (Art. 21 GDPR)

Right to data portability (Art. 20 GDPR)

Right to withdraw consent at any time (Art. 7 (3) GDPR)

Example:
“You have the right to request information about your stored data at any time, to have it corrected or deleted, and to withdraw your consent to data processing at any time.”

8. Cookies and Tracking Technologies

An explanation of the use of cookies and similar technologies on the website. This must be particularly clear and transparent, as consent is required in Austria and the EU for the use of non-essential cookies.

Shopify enables the use of various marketing and analytics tools (e.g. Google Analytics, Facebook Pixel), which must be taken into account in the privacy policy.

Example:
“This website uses cookies to analyse usage and to provide personalised advertising. You can object to the use of cookies by adjusting your browser settings.”

9. Right to Lodge a Complaint with a Supervisory Authority

Information that data subjects have the right to lodge a complaint with a supervisory authority if they believe that their rights have been violated.

Example:
“If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority.”

10. Contact Information

Information on how users can contact the company regarding data protection matters.

Example:
“If you have any questions regarding data protection, please contact us at [email address] or [telephone number].”

If you contact us via a form on the website or by email, the data you provide will be stored by us for six months for the purpose of processing your enquiry and in case of follow-up questions. This data will not be passed on without your consent.

We use cookies to ensure optimal use of the website. Further information and settings can be found here.

This website uses external fonts, Google Fonts. Google Fonts is a service provided by Google Inc. (“Google”).
The integration of these web fonts takes place via a server call, usually to a Google server in the USA. This informs the server which of our pages you have visited. The IP address of the browser of the end device used by the visitor is also stored by Google.

Further information can be found in Google’s privacy policy, available at:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

With regard to your data stored by us, you generally have the right to access, rectification, erasure, restriction, data portability, withdrawal of consent and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with us or with the data protection authority.

You may contact us at any time by email.

You can reach us as follows:
welcome@a-star-is-born.com