Privacy policy
The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
2049 Sustainability GmbH
Glangasse 24/3
1210 Vienna / Austria
Austria
Phone: + 43 676 464 21 06
Email: info@2049.eu
Version of 15.12.2022
1) Data collection when visiting our website
In the case of merely informative use of our website, ie if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following information that is technically necessary for us to display the website:
- Our visited website
- Date and time at the time of access
- Amount of transmitted data in bytes
- Source/reference from which you accessed the site
- Used browser
- Operating system used
- Used IP address (possibly in anonymous form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to retrospectively check the server logfiles should concrete evidence point to unlawful use.
2) Cookies
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, ie after closing your browser (so-called session cookies). Other cookies remain on your device and allow you to recognize your browser the next time you visit it (so-called persistent cookies). If cookies are set, they collect and process specific user information, such as browser and location data as well as IP address values, to an individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of each cookie storage can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent or according to Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or can exclude the acceptance of cookies for specific cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. These can be found for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-dispose
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac
Opera: https://help.opera.com/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
3) contact us
When contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is Article 6 (1) (b) GDPR (required to carry out pre-contractual measures). Your data will be deleted 3 years after your request has been finally processed.
4) Data processing for contract execution
contract management
In accordance with Article 6 (1) (b) GDPR, personal data is collected and processed if you provide it to us in order to execute a contract. Which data is collected can be seen from the respective order form. We store and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, your data will be deleted with regard to the retention periods under tax and commercial law (currently 7 years).
5) Use of your data for direct mail
5.1 Registration for our e-mail newsletter
If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address.
By registering, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. When you register for the newsletter, we save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter is used exclusively for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending us a message. After you have unsubscribed, your e-mail address will be deleted immediately from our newsletter distribution list.
5.2 Sending the email newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for goods or services from our range by e-mail that are similar to those you have already purchased. According to § 174 TKG, we do not have to obtain your separate consent for this. In this respect, the data is processed solely on the basis of our legitimate interest in personalized direct advertising in accordance with Article 6 (1) (f) GDPR and Section 174 TKG. If you initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying us.
5.3 MailerLite
Our e-mail newsletter is sent via the technical service provider MailerLite (UAB “MailerLite”, J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Article 6 (1) (f) GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data you enter for the purpose of subscribing to the newsletter (e.g. e-mail address) will be stored on MailerLite's servers in the EU.
MailerLite uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is only collected in a pseudonymised form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Furthermore, MailerLite can use this data in accordance with Article 6 Paragraph 1 Letter f GDPR itself due to its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine which countries the recipients come from. However, MailerLite does not use the data of our newsletter recipients to write to them or to pass them on to third parties.
We have concluded an order processing contract with MailerLite, with which we oblige MailerLite to protect our customers' data and not to pass it on to third parties.
You can view MailerLite's privacy policy here: https://www.mailerlite.com/legal/privacy-policy
5.4 Advertising by mail
On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and - insofar as we have received this additional information from you as part of the contractual relationship - in accordance with Article 6 (1) (f) GDPR and for sending interesting offers and information about our products by post.
You can object to the storage and use of your data for this purpose at any time by sending us a message.
6) Data processing for order processing
6.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 (1) (b) GDPR.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
6.2 Use of special service providers for order processing and processing
LOGSTA
The order is processed via the service provider “LOGSTA” (LOGSTA Germany GmbH
Elbestrasse 2, 84453 Mühldorf am Inn, Germany). Name, address and, if applicable, other personal data are passed on to LOGSTA exclusively for processing the online order in accordance with Article 6 (1) (b) GDPR. Your data will only be passed on to the extent that this is actually necessary to process the order. Details on LOGSTA's data protection and the data protection declaration of LOGSTA Germany GmbH are available on the LOGSTA website at https://www.logsta.com/de/datenschutz
In order to fulfill our contractual obligations towards our customers, we also work together with other external shipping partners. We give your name and your delivery address and, if necessary for the delivery, your e-mail address and telephone number, exclusively for the purpose of delivering the goods in accordance with Article 6 (1) (b) GDPR to the transport service provider GLS (General Logistics Systems, Austria GmbH, Traunuferstrasse 105a, AT-4052 Ansfelden) or DHL (DHL Express (Austria) GmbH, Viaductstrasse 20, 2353 Guntramsdorf, Austria) or Austrian Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria) or DPD (DPD Deutschland GmbH, Wailandtstrasse 1, 63741 Aschaffenburg) or UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Strasse 1, 41460 Neuss) or FedEx (FedEx Express Germany GmbH, Langer Kornweg 34k, 65451 Kelsterbach).
6.3 Use of payment service providers (payment services)
Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we will transfer your payment data in the course of the payment to PayPal (Europe) Sarl et Cie, SCA, 22- 24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only insofar as this is necessary for the payment process.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. Further data protection information, including information on the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may continue to be entitled to process your personal data, if this is necessary for the contractual payment.
Apple Pay
If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your end device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to help protect your transactions. To release a payment, you have to enter a code that you have previously defined, as well as verification using the "Face ID" or "Touch ID" function on your device.
For the purpose of payment processing, the information you provide during the ordering process and the information about your order are passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the outgoing website to confirm payment success.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction information, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal references. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that personally identifies you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to “Wallet & Apple Pay” and turn off “Allow payments on Mac”.
Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
Google Pay
If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment is processed via the "Google Pay" application of your with at least Android 4.4 ("KitKat") operated and with an NFC function mobile devices by debiting a payment card deposited with Google Pay or a payment system verified there (eg PayPal). To release a payment via Google Pay in the amount of more than € 25, it is necessary to unlock your mobile device beforehand by means of the verification measures set up (such as face recognition, password, fingerprint or sample).
For the purpose of payment processing, the information you provide during the ordering process and the information about your order will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the original website, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time numerical token. In all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the initial website by debiting the payment method deposited with Google Pay.
If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photographs you included with the transaction, the name and email addresses of the seller and buyer, or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Art. 6 Para. 1 lit. f GDPR based on the legitimate interest in correct accounting, the verification of process data and the optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed process data with other information that is collected and stored when Google uses other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
EPS transfer
If you select the "EPS transfer" payment method, payment is processed via the payment service provider PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200, 6 Vienna, Austria, to whom we pass on the information you provided during the ordering process together with the information about your order in accordance with Art 1 paragraph XNUMX letter b GDPR. Your data will only be passed on for the purpose of payment processing with the above-mentioned payment service provider and only to the extent that it is necessary for this. You can find more information about the relevant data protection provisions of PSA Payment Services Austria GmbH at the following Internet address: https://eservice.psa.at/de/datenschutzerklaerung.html
giropay
When paying via "giropay", the payment is processed by giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, to whom we pass on the information you provided during the ordering process together with the information about your order. Your data will be passed on in accordance with Article 6 Paragraph 1 Letter b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this. You can find more information about the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide the information and information you provided during the ordering process pass on your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. You can find more information on Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
7) Online Marketing
7.1 Facebook Pixel
The so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook"), is used within our online offer.
If a user clicks on an ad that is displayed on Facebook, the URL of our linked page will be added by Facebook Pixel. If our site allows pixel sharing of data with Facebook, this URL parameter is written into the user's browser via a cookie, which sets our linked page itself. This cookie is then read out by Facebook Pixel and allows the data to be forwarded to Facebook.
With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to only display the Facebook ads we have placed to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, which are based on the visited website). websites are determined), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by understanding whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook uses the data for its own advertising purposes, in accordance with the Facebook data usage guidelines (https://www.facebook.com/about/privacy/) can use. The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook pixel will only take place if you have given your express consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future.
7.2 –Google Ads
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers with the help of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are pursuing the goal of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an Ads ad placed by Google. Cookies are small text files that are stored on your device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. When using Google Ads, personal data may also be transmitted to the servers of Google LLC. come in the US.
Details on the processing initiated by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.
You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in from Google available under the following link:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be used or may only be of limited use if you have deactivated the use of cookies.
Google's privacy policy can be viewed here: https://www.google.de/policies/privacy/
8) web analytics services
Matomo
Certain user information is collected and stored on this website using the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Matomo"). Pseudonymised usage profiles can be created and evaluated from this information.
The information collected using Matomo technology (including your pseudonymised IP address) is processed on our servers.
This website only uses Matomo without the use of cookies, which means that Matomo never sets cookies on your end device.
All processing described above, in particular the reading out of information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 Paragraph 1 lit. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.
9) rights of the person concerned
9.1 The applicable data protection law grants you comprehensive data subject rights vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:
- Right of access according to Art. 15 GDPR: In particular, you have the right to obtain information about the personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or is being disclosed Period of storage or the criteria for determining the duration of storage, the right of rectification, deletion, limitation of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if they were not collected by us, the Existence of automated decision-making including profiling and, where appropriate, meaningful information about the logic and scope involved and the intended effects of such processing, as well as your right to be informed of what guarantees under Art. 46 DSGVO in case of assignment your data to third countries;
- Right to correction according to Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
- Right to cancellation according to Art. 17 GDPR: You have the right to demand the deletion of your personal data in the presence of the requirements of Art. 17 para. 1 GDPR. However, that right does not apply, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the pursuit, exercise or defense of rights;
- Right to restriction of the processing according to Art. 18 GDPR: You have the right to demand the restriction of the processing of your personal data, as long as the correctness of your data challenged by you is checked, if you refuse a deletion of your data because of inadmissible data processing and instead the Restricting the processing of your data require, if you need your data for the assertion, exercise or defense of legal rights, after we no longer need these data after purpose or if you have objected for reasons of your particular situation, as long as it is not certain, whether our entitled Reasons predominate;
- Right to be informed in accordance with Art. 19 GDPR: If you have the right to rectify, delete or limit the processing to the controller, he / she is obligated to rectify or delete the data or all recipients to whom the personal data relating to you have been disclosed Notify of limitation of the processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, as far as technically feasible;
- Right to revoke granted consent in accordance with Art. 7 para. 3 GDPR: You have the right to revoke a consent once given in the processing of data at any time with future effect. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing can not be based on a legal basis for consentless processing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
- Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in Austria the Data Protection Authority
9.2 Right of objection
If your personal data is processed on the basis of our overriding interest, you have the right at any time to object to this processing with effect for the future. However, further processing is reserved if there are compelling reasons for further processing.
10) Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. corporate and tax retention periods).
In the processing of personal data based on an explicit consent in accordance with Art. 6 para. 1 lit. a DSGVO, these data are stored until the person withdraws his consent.
There are statutory retention periods for data which, in the context of legal or similar obligations, are based on Art. 6 para. 1 lit. b DSGVO are processed, these data are routinely deleted after expiry of the retention periods, if they are no longer required for fulfillment of the contract or for initiating a contract and / or if there is no legitimate interest in the re-storage on our part.
In the processing of personal data for the purpose of direct advertising on the basis of Art. 6 para. 1 lit. f DSGVO these data will be stored until the person concerned exercises his right of objection under Art. 21 para. 2 DSGVO.
Unless otherwise stated in the other information in this Declaration on Specific Processing Situations, stored personal data will be erased if they are no longer necessary for the purposes for which they were collected or otherwise processed.