Data protection

The data controller is Harisch Sales GmbH.

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access data and hosting
 You can visit our websites without providing any personal information. Each time a webpage is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated solely for the purpose of ensuring the smooth operation of the website and improving our services. This serves our legitimate interests, which, in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR, override any conflicting interests, in ensuring the correct presentation of our services. All access data is deleted no later than seven days after the end of your visit to the website.

Hosting services provided by a third-party provider
As part of processing on our behalf, a third-party provider hosts and displays our website. All data collected through the use of this website or via forms provided in the online shop, as described below, is processed on their servers. Processing on other servers only takes place within the scope described here.

This service provider is located within a country of the European Union or the European Economic Area.

2. Data collection and use for contract processing, contacting customers and when opening a customer account
 We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g., via contact form or email). Required fields are marked as such because we absolutely need this data to process your order or your inquiry, and you cannot submit your order or contact request without providing it. The specific data collected is evident from the respective input forms. We use the data you provide in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR for contract processing and handling your inquiries.

If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to open a customer account, we will use your data for the purpose of opening the customer account.
After complete fulfillment of the contract or deletion of your customer account, your data will be restricted from further processing and deleted after the statutory retention periods under tax and commercial law have expired, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope, which is permitted by law and about which we inform you in this statement. You can delete your customer account at any time, either by sending a message to the contact address provided below or by using the corresponding function in your customer account.

3. Data sharing
For the purpose of fulfilling the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we will forward your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select during the ordering process, we will forward the payment data collected for this purpose to the bank commissioned with processing the payment and, if applicable, to payment service providers commissioned by us, or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider with your access data during the ordering process. The data protection policy of the respective payment service provider applies in this respect.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle shipping for us (drop shipping).

Data transfer to shipping service provider
If you have given us your express consent during or after your order, we will, on the basis of this consent and in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, forward your email address to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery notification or coordination.

You can withdraw your consent at any time by contacting us using the contact details provided below or directly with the shipping provider at the contact address listed below. After withdrawal, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this scope, which is permitted by law and about which we inform you in this statement.

CSS GmbH
Triester Straße 10/4/415
A-2351 Wr. Neudorf
Austria

4. Email newsletter / Email advertising with newsletter registration
 When you subscribe to our newsletter, we use the data required for this purpose or data you have separately provided to send you our email newsletter regularly based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

You can unsubscribe from the newsletter at any time, either by sending a message to the contact address provided below or by using the unsubscribe link in the newsletter. After unsubscribing, we will delete your email address from the mailing list unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes permitted by law, which we will inform you about in this privacy policy.

The newsletter is sent by a service provider who processes your data on our behalf, and to whom we pass on your email address for this purpose. This service provider is located within a country of the European Union or the European Economic Area.

5. Cookies and web analytics
To make your visit to our website more attractive and to enable the use of certain functions, to display suitable products, or for market research, we use so-called cookies on various pages. This serves our legitimate interests, which outweigh your interests, in an optimized presentation of our offerings in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e., after you close your browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can find information about the storage duration in the overview in your web browser's cookie settings. You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find this information for the respective browsers at the following links:

Internet Explorer™
Safari™
Chrome™
Firefox™
Opera™

If you do not accept cookies, the functionality of our website may be limited.

Use of Google (Universal) Analytics for web analytics
If you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics for website analysis. This web analytics service is offered by Google Ireland Limited, a company incorporated and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland ( www.google.de ). Google (Universal) Analytics uses methods that enable analysis of your website usage, such as cookies. The information automatically collected about your use of this website is generally transmitted to and stored on a Google server in the USA. By activating IP anonymization on this website, your IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Once the purpose for which Google Analytics was used has ceased and we have ended its use, the data collected in this context will be deleted.

To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can withdraw your consent at any time with effect for the future by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de . This will prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google.

As an alternative to the browser plugin, you can click <a href="javascript:gaOptout()">this link</a> to prevent Google Analytics from collecting data on this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you will be asked for your consent again.

This website also uses Google Signals. This is an extension of Google Analytics that enables so-called "cross-device tracking." This means that if your internet-enabled devices are linked to your Google account, Google can generate reports on usage patterns (especially cross-device user numbers), even if you switch devices. Google uses data for this purpose if you have activated the "personalized advertising" setting in your Google account.
This serves to protect our overriding legitimate interests in an optimized presentation of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
We do not process any personal data in this respect; we only receive statistics generated based on Google Signals.
You can deactivate the "personalized advertising" setting in your Google account at any time, thereby objecting to tracking by Google Signals.

6. Online Marketing
 Google AdSense
 Our website uses Google AdSense to market advertising space for third-party providers and advertising networks. These ads are displayed to you at various locations on this website. As part of the integration of Google AdSense, the so-called DoubleClick cookie from Google is placed on the devices of all website visitors.

This enables the display of interest-based advertising through the automatic assignment of a pseudonymous UserID, which is used to determine interests based on visits to this and other websites. This serves our legitimate interest in the optimal marketing of our website, which outweighs any conflicting interests, pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. The data collected in this context will be deleted once the purpose for processing has ceased and we have discontinued using Google AdSense.

Google AdSense is a service provided by Google Ireland Limited, a company incorporated and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland.
To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can disable the DoubleClick cookie via this link . You can also learn more about cookies and adjust your settings at the Digital Advertising Alliance .

Google Ads Remarketing
We advertise this website via Google Ads in Google search results and on third-party websites. When you visit our website, Google sets a so-called remarketing cookie, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. This serves our legitimate interest in the optimal marketing of our website, which outweighs your interests in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. The data collected in this context will be deleted once the purpose for its collection has ceased and we have discontinued using Google Ads Remarketing.

Further data processing only takes place if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you see on the web. If you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to create target audiences.

Google Ads is a service provided by Google Ireland Limited, a company incorporated and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland ( www.google.de ).
To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.

You can deactivate the remarketing cookie via this link . You can also learn more about cookies and adjust your settings at the Digital Advertising Alliance .

Live chat tool Userlike
If you use the live chat tool to contact us, the data you voluntarily enter there (name, email address, message) will be processed by us in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR for the purpose of answering your inquiry within the framework of contract processing. Furthermore, the use of this tool serves our legitimate interests in effective and improved customer communication, which outweigh your interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f GDPR. The data will then be deleted.
As part of processing on our behalf, the third-party provider Userlike provides the services for making the live chat tool available to us. All data collected during the use of the chat tool is processed on its servers.

Google Maps
This website uses Google Maps to visually display geographical information. Google Maps is a service provided by Google Ireland Limited, a company incorporated and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland ( www.google.de ). This serves our legitimate interests, which outweigh any potential impact on your privacy, in optimizing the presentation of our services and ensuring easy access to our locations, in accordance with Article 6(1)(f) GDPR.
When using Google Maps, Google transmits and processes data about website visitors' use of the map functions, which may include, in particular, the IP address and location data. We have no influence on this data processing.
To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
To disable the Google Maps service and thus prevent data transmission to Google, you must disable JavaScript in your browser. In this case, Google Maps cannot be used, or its functionality will be limited.
Further information about data processing by Google can be found in Google 's privacy policy. The Google Maps Terms of Service contain detailed information about the map service.
Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR, which you can view here .

Adobe Typekit
This website uses the script code "Adobe Typekit" from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (hereinafter: Adobe). This serves our legitimate interest in a uniform presentation of the content on our website, which outweighs any conflicting interests, pursuant to Art. 6 para. 1 lit. f) GDPR. In this context, a connection is established between your browser and Adobe's servers. This allows Adobe to know that our website was accessed via your IP address.
Adobe is certified under the EU-US Privacy Shield. A current certificate can be viewed here . Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield provide an adequate level of data protection.
Further information about data processing within the context of Adobe Typekit can be found in Adobe's privacy policy .

7. Social Media
 Use of social plugins from Facebook, Twitter, Instagram, Pinterest, Xing, using the Shariff solution.
 Our website uses social buttons from social networks.

This serves to protect our overriding legitimate interests in the optimal marketing of our services, as defined in Article 6(1)(f) of the GDPR. To enhance the protection of your data when you visit our website, these buttons are not fully integrated as plugins, but rather embedded using an HTML link. This ensures that when you access a page on our website containing such buttons, no connection is established with the servers of the respective social network provider.

Clicking on one of the buttons will open a new browser window and take you to the page of the respective service provider, where you can (if necessary, after entering your login details) click the Like or Share button, for example.

For information on the purpose and scope of data collection, further processing and use of data by the providers on their websites, as well as contact options and your related rights and settings for protecting your privacy, please refer to the providers' privacy policies:

Our online presence on Facebook, Instagram, Pinterest, LinkedIn
 Our presence on social networks and platforms serves to improve and actively communicate with our customers and potential customers. We use these platforms to provide information about our products and current special offers.

When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. Pseudonymous user profiles are created from this data. These profiles can be used, for example, to display advertisements both on and off the platforms that are likely to match your interests. Cookies are generally used on your device for this purpose. These cookies store information about user behavior and interests. This processing is based on our legitimate interests, which, according to Art. 6 Para. 1 lit. f GDPR, override your interests, in optimizing the presentation of our offerings and communicating effectively with customers and prospective customers. If you are asked by the respective social media platform operators for your consent to data processing, for example, via a checkbox, the legal basis for data processing is Art. 6 Para. 1 lit. a GDPR.
Insofar as the aforementioned social media platforms are headquartered in the USA, the following applies: The European Commission has issued an adequacy decision for the USA. This decision is based on the EU-US Privacy Shield. A current certificate for the respective company can be viewed here .
For detailed information on how the providers process and use your data on their websites, as well as contact options and your rights and settings for protecting your privacy, in particular your right to object (opt-out), please refer to the providers' privacy policies linked below. Should you still require assistance, please feel free to contact us.

Facebook: https://www.facebook.com/about/privacy/
Data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR, which you can view here .
Further information on data processing in connection with visiting a Facebook fan page (information on Insights data) can be found here .

Opt-out option:

8. Contact options and your rights
 As an affected party, you have the following rights:
• pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein;
• in accordance with Article 16 GDPR, the right to request the immediate rectification of inaccurate or incomplete personal data concerning you that we hold;
• In accordance with Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless further processing is necessary.
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation;
- for reasons of public interest or
- for the establishment, exercise or defense of legal claims
is required;
• pursuant to Article 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as
- the accuracy of the data is disputed by you;
- the processing is unlawful, but you object to its deletion;
- we no longer need the data, but you require it for the establishment, exercise or defense of legal claims or
- You have objected to the processing pursuant to Article 21 GDPR;
• In accordance with Article 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
• In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority of your habitual residence, your place of work, or our company's registered office.

If you have any questions about the collection, processing or use of your personal data, for information, correction, restriction or deletion of data, as well as for the revocation of granted consent or objection to a specific use of data, please contact us directly using the contact details in our legal notice.