A General Part
I. General information on the collection of personal data
Thank you for visiting our website and for your interest in our offers. The protection of personal data is important to us. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our website and what rights you have with regard to the processing of your personal data.
Personal data is information that can be assigned to you as a specific person, e.g. name, address, e-mail address or your user behaviour).
II. Contact details of the data protection officer
The person responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter referred to as DS-GVO) is:
VIU Ventures AG, Räffelstraße 24, 8045 Zürich, Switzerland
Phone: +41 445087900, E-Mail: hello@shopviu.com
The person responsible has appointed a data protection officer, who can be contacted as follows: Proliance GmbH, Leopoldstrasse 21, 80802 München, Deutschland, E-Mail: datenschutzbeauftragter@datenschutzexperte.de
III. Your Rights
You have the following rights in relation to personal data relating to you:
Possibility to withdraw consent to the processing of personal data
If you have given your consent to the processing of your data, you can revoke this consent at any time, e.g. by sending an e-mail to hello@shopviu.com. Such a revocation affects the lawfulness of the processing of your personal data after you have expressed it to us and has the effect that any further processing of your data based solely on your consent will no longer take place. The lawfulness of the processing carried out on the basis of the consent up to the revocation, however, remains unaffected.
Right of objection
Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) DS-GVO, i.e. in particular if the processing is not necessary for the performance of a contract with you, you have the right to object to the processing of your personal data pursuant to Art. 21 DS-GVO, insofar as there are grounds for doing so that arise from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time without giving reasons. In this case, you have a general right of objection, which will be implemented by us without giving reasons.If you wish to exercise your right of objection, simply send an e-mail to hello@shopviu.com.
IV. Data Security
Within the website visit, we use the widespread SSL procedure (Secure Sockets Layer) in connection with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol of your browser (e.g. in the status or URL field).
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
V. No obligation to provide personal data
You are not obliged to provide us with your personal data. However, this may be necessary for individual functions of our website. These functions will not be available to you or only to a limited extent if you do not provide us with your personal data.
VI. No automated decision making (including profiling)
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
VII. Storage period and data deletion
For the processing operations we carry out, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked.
Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory regulations to which we are subject as the responsible party.
If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
VIII. Cooperation with service providers
If we use contracted service providers for individual functions of our offer, they have been carefully selected by us, will only act according to our instructions and are contractually obligated to comply with the data protection provisions within the meaning of Art. 28 DS-GVO. In the following, we will inform you about the respective processes at the relevant points.
IX. Disclosure to third parties
Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners, or if you have given us your consent to pass on your data. You will receive more detailed information when submitting your personal data or below in the description of the offer.
X. Conditions for the transfer of personal data to third countries
If we transfer personal data outside the European Economic Area (EEA), i.e. to third countries, we ensure that data protection is adequately guaranteed. Some third countries, in particular Switzerland, are certified by the European Commission through so-called adequacy decisions to have a level of data protection that is comparable to the EEA standard (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). In other third countries, however, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. We will inform you about any such transfer of your personal data to third countries and the respective details of the transfer in the following at the relevant points.
XI. Transfer of personal data to third parties; justification basis
The following categories of recipients, which are usually processors, may have access to your personal data:
In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO.
XII. Currency and amendment of the privacy policy
This data protection declaration is currently valid and has the status November 2024. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The currently valid version can be found here on the website at any time. https://shopviu.com can be accessed and printed out by you under the heading Privacy Policy.
I. Collection of personal data when visiting our website
1. Log data
During a mere informative use of our website, i.e. if you do not register or otherwise transmit information to us, only the personal data that your browser transmits to our server is collected, stored and processed temporarily and anonymously. This involves the following data:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access state /HTTP Status code
– Data volume transferred per request
– Website that posted the request
– Browser
– Operating system and its interface
– Language and version of the browser software
This data processing is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO.
1.2 Integration of Cloudflare
We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare) to increase the security and delivery speed of our website. Technically, the information transfer between your browser and our websites is routed via Cloudflare's network. Cloudflare processes the aforementioned log data in the process. The legal basis for the integration of Cloudflare is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest follows from the purpose of integration listed above. Cloudflare maintains servers all over the world and thus also outside the European Economic Area. In order to nevertheless ensure an appropriate data protection standard for the processing of personal data outside the European Economic Area, Cloudflare has undertaken, within the framework of a contract processing agreement, to ensure a level of data protection that complies with EU data protection law by committing to process the data only in accordance with the Privacy Shield Principles and to process the data only strictly in accordance with instructions for our purposes named above. For more information on data protection at Cloudflare, please visit https://www.cloudflare.com/de-de/trust-hub/gdpr/
1.3 Integration of Cookiebot
We use the consent management system Cookiebot of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark to obtain your consent to processing operations requiring consent (use of cookies and related technologies) when you access our website. The legal basis for obtaining consent is Art. 6 (1) lit. c DS-GVO. We are legally obliged to obtain your consent for processing operations that require consent. The use of the Cookiebot service provides us with the necessary technical infrastructure for this purpose as well as always up-to-date, detailed cookie information and enables you to make a convenient and informed selection and management of cookies and similar technologies during your website visit. The legal basis for the integration of Cookiebot is Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest in the integration is based on the convenient integration of the legally required consent for us as well as for you.
Cookiebot collects your individual consent to the use of cookies and similar technologies on our website for the purpose of consent management. Your consent is stored by Cookiebot in the form of a cookie called "CookieConsent". This allows us to continue to record the status of your selected consent to the use of cookies and related technologies on our website during future website visits. The storage period is 12 months, after which consent must be given again.
Your consent is logged and documented by Cookiebot via the registration of the anonymised IP address, your browser type agent, the web URL, the date and time of consent and a unique encrypted key stored in the data centre of Cybot's cloud vendor, Microsoft Ireland Operations Ltd. in Dublin, Ireland. After 12 months, the consent is automatically deleted from Cybot's log and only used in aggregated, anonymised form in the statistics.
For more information about Cookiebot's privacy policy, please visit https://www.cookiebot.com/de/privacy-policy/.
You can revoke your consent to the use of cookies and related technologies at any time in the future. Detailed information on this can be found below under point B. I. 2.4 of this privacy policy.
2. Cookies / HTML5 storage Objekts
In addition to the aforementioned data, cookies are stored on your computer when you use our website.
2.1 What are cookies?
Cookies are small text files that are assigned to the browser you are using and stored on your hard disk by means of a characteristic character string and through which certain information flows to the body that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.
Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.
2.2 What are the different types of cookies and similar technologies?
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
With regard to their function, a distinction is made between cookies:
Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date.
2.3 Manage Cookie Settings
You can give your individual cookie consent at the beginning of your visit to the website and manage it at any time by clicking on the "Cookie settings" button. You will find this button on the website in the black menu bar at the bottom of each page. If you click on "Refuse", no further cookie-based services will be loaded with the exception of necessary cookies. You can revoke your consent at any time by clicking on the "Cookie settings" button to withdraw your consent for the future and delete the relevant cookies in your browser.
In addition, you can use your browser settings to configure the setting of cookies according to your wishes and, for example, refuse to accept third-party cookies, third-party cookies or all cookies or make them dependent on your express consent. As a rule, this can be set via the help function in the menu bar of your web browser. Further information on the administration and deletion of cookies can be found at https://www.aboutcookies.org.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/ as well as via the deactivation page of the network advertising initiative https://optout.networkadvertising.org.
Please note that if you disable cookies, you may not be able to use all the functions of this website.
2.4 Legal basis for the use of cookies and similar technologies
The use of cookies and HTML5 storage objects on our website, with the exception of the mandatory technically required cookies, the legal basis of which is Art. 6 (1) sentence 1 lit. f DS-GVO, is exclusively based on your express consent (Art. 6 (1) sentence 1 lit. a DS-GVO).
II. Additional data collection for further functionality and offers on our website
In addition to the solely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data that we require to provide the respective service and for which the aforementioned data processing principles apply.
1. Collection of personal data in case of contacting us
1.1 Intercom
When contacting us, e.g. by e-mail or live chat, the data you provide will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary for processing your enquiry or restrict the processing if there are statutory retention obligations. Data processing for the purpose of contacting you is carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. a DS-GVO on the basis of your voluntarily given consent and otherwise in accordance with Art. 6 Para. 1 Sentence 1 lit. b DS-GVO also insofar as the data processing is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures, which are carried out in response to your enquiry.
We use the customer service tool Intercom by Intercom R&D Unlimited Company, 124 St Stephen's Green, Dublin 2, DC02 C628, Ireland. With the help of this tool, we can offer you the service of contacting us via live chat or email.
If you use the live chat or contact us via email, the data communicated during the chat will be processed by Intercom. In addition, when you use the live chat tool, certain information from your device is automatically collected and processed by Intercom via various types of technologies, including cookies, "pixels" or "web beacons". This automatically collected information includes the IP address or other device address or ID, the web browser and/or device type, the web pages or websites visited immediately before or after using the Service, the pages or other content the user or visitor views or interacts with on the Service, and the dates and times of the visit, access or use of the Service.
The legal basis for data processing is Art. 6 para. 1 lit. a) DS-GVO. It takes place on the basis of your voluntarily given consent.
In the event that personal data is processed by Intercom outside the European Economic Area, Intercom is committed to ensuring a level of data protection that is compliant with EU data protection law by committing to process the data only in accordance with the Privacy Shield Principles. Intercom will only process the data strictly as instructed as a processor for the provision of the live chat function. For more information on data protection at Intercom, please contact https://www.intercom.com/legal/product-privacy-notice.
You can revoke your consent to the use of cookies and related technologies at any time for the future. You can find detailed information on this under point B. I. 2.4 of this privacy policy.
2. Use of our webshop
2.1 Data processing when ordering via the webshop
If you would like to order from our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide for the processing of your order.
2.2 Support of the webshop by subsidiary companies
VIU Ventures AG provides the webshop as an online platform for online sales. Depending on the country, your contractual partner when placing orders via our webshop is the subsidiary VIU AT GmbH, Neubaugasse 36, 1070 Vienna, Austria or VIU Deutschland GmbH, Residenzstraße 27, 8033 Munich, Germany, which also organises the processing of your order. For this purpose, your order data will be transmitted to VIU AT GmbH or VIU Deutschland GmbH for online purchases via the webshop on our website. Data processing by VIU AT GmbH and VIU Deutschland GmbH is carried out in accordance with VIU Ventures AG's privacy policy.
2.3 Data processing by payment service providers
For the purpose of processing the purchase price payment, we work together with the payment service providers named on the website, Visa, Mastercard. If you choose to pay via such an external payment service provider during the ordering process, we will transmit your payment data required for payment processing to the payment service provider selected by you for this purpose or redirect you to the page of these providers, where you will in turn have to enter the data for payment processing.
For data processing at the payment service providers, the deviating business and data protection provisions of these payment service providers apply. For more detailed information on data processing at these external payment service providers and the contact details of the data protection officers of these payment service providers, please contact the payment service provider you have selected directly, whose data protection provisions are available on the respective websites or transaction applications or can be accessed via the following link-
Visa
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html
Mastercard
https://www.mastercard.de/de-de/datenschutz.html
2.4 Legal basis for data processing
The legal basis for the above data processing is Art. 6 para. 1 sentence 1 lit. b DS-GVO. The data processing described serves to fulfil the contract with you. If you decide to use an external payment service provider, the data transfer is also based on your voluntarily given consent, Art. 6 para. 1 sentence 1 lit. a DS-GVO.
2.5 Storage period
Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years, however, we restrict processing after two years, i.e. your data is only used to comply with legal obligations. The legal basis is Art. 6 para. 1 p. 1 lit. c DS-GVO.
2.6 Data security
To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using SSL technology.
2.7 Payment processing with Adyen
We have commissioned the payment service Adyen, Adyen N.V. Simon Carmiggeltstraat 6,1011 DJ, Amsterdam, Niederlande. For this purpose, components of Adyen are integrated on our website, which handle the payment processing in our webshop. The legal basis for the integration of these services is Art. 6 para. 1 sentence 1 lit. b DS-GVO. The data processing by Adyen is necessary for the fulfilment of contracts, namely the contractual payment processing.
For the purpose of payment processing, Adyen collects transactional data through our website, manages it and sends it to your selected financial service provider, if such selection is available. The purpose of the processing of personal data constitutes the processing of transaction-related data (such as but not limited to requests to authorise a payment) and any ancillary or related activities necessary for the processing of transaction-related data.
Data is collected as soon as you select a payment method during the ordering process in our webshop. In this case, the data required for payment processing (personal master data, communication data (e.g. telephone, e-mail), online identification (IP address, cookie), payment data (details of orders and payments made), contract master data (contractual relationship, order, product or contractual interest), information details (e.g. credit check via payment provider), user behaviour are automatically transmitted to Adyen.
We have concluded a corresponding order processing agreement with Adyen, in which Adyen has undertaken to process the data only in accordance with instructions and for our above-mentioned purposes in compliance with data protection regulations. You can find more information on data protection at Adyen under https://www.adyen.com/de_DE/privacy-policy
2.8 Trustpilot reviews
We participate in the evaluation process of Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.
This enables you to rate our products and, at the same time, to view reviews of our products by other users via the integration of Trustpilot reviews on our website.
If you order a product via our webshop, we give you the option of requesting that a rating request be sent from Trustpilot. If you give your consent to the sending of the rating request, for example by clicking on a checkbox or a corresponding link, you will receive a rating request with a link to a corresponding rating page. In order to ensure that you have actually purchased the product to be rated, Trustpilot requests the necessary data from us in this case, such as your name, your e-mail address and your internal order number. This data is used solely to verify authenticity and to contact you. The legal basis for the processing of your data in the context of the rating procedure is your voluntarily given consent (Art. 6 para. 1 lit. a. DS-GVO).
Furthermore, we have integrated Trustpilot reviews on our website via the Trustpilot widget in order to show you reviews already made by other customers on the corresponding products. When the widget is called up, the web server automatically saves a so-called server log file that contains, for example, your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is automatically overwritten at the latest seven days after the end of your visit to our website. The legal basis in this respect is Art. 6 Para. 1 lit. f DS-GVO. Our legitimate interest here is based on the interest in informing our customers about the quality of our products.
Trustpilot can also use a cookie to collect information about the fact that you have visited our online offer. Trustpilot can store this information in a cookie in order to recognise which online offers that participate in the Trustpilot rating process have been visited by you. The information may also be stored by Trustpilot in a user profile and used for advertising or market research purposes.
The legal basis for the above data processing via cookie is Art. 6 para. 1 lit. a DS-GVO. It takes place on the basis of your voluntarily given consent.
You can revoke your consent to the use of cookies and related technologies at any time. Detailed information on this can be found, for example, in section B.I.2.4 of this privacy policy.
For data processing at Trustpilot, the deviating terms of use and data protection provisions of Trustpilot apply. Further information on the purposes and scope of data collection and the further processing and use of data by Trustpilot is available at https://de.legal.trustpilot.com/end-user-privacy-terms and https://de.legal.trustpilot.com/end-user-terms-and-conditions.
2.9 Use of Shippo
To optimise our shipping, we use the Shippo shipping and order fulfilment service provided by Popout, Inc. DBA Shippo, 215 Clayton Streeet, San Francisco, CA 94117, USA ("Shippo"). Shippo's software helps us manage deliveries and thereby optimise the shipping of our products. Shippo's tracking feature also allows us to track packages until they are delivered to you.
The legal basis for the use of Shippo is Article 6 (1) sentence 1 lit. f DS-GVO. Our legitimate interest follows from the purpose of integration listed above.
Shippo will only process data strictly in accordance with instructions as a processor for the provision of the Shipping and Order Fulfilment Service. Shippo will therefore not access or use Customer Data for its own purposes or disclose it to third parties, except as necessary to maintain or provide the Services or to comply with the law or a valid and binding order of a governmental authority (e.g., a subpoena or court order). For technical reasons, Zapier's services may be provided from the United States.
In order to ensure an adequate standard of data protection when processing personal data outside the European Economic Area, Shippo has committed to ensuring an EU-compliant level of data protection by committing to process data only in accordance with the Privacy Shield Principles. For more information on Shippo's data protection, please visit https://goshippo.com/privacy/.
2.10 Swiss Post
We use the following provider as our transport service provider: Post CH (Schweizerische PostAG, Switzerland, Wankdorfallee 4, 3030 Bern) We will pass on your e-mail address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or notification of delivery is not possible. Consent can be withdrawn at any time with effect for the future from the controller named above or from the provider. In the case of data transfer to the provider's location, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.
2.11 DPD
We use the following provider as our transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany We will pass on your e-mail address and/or telephone number to the provider in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with the provider or notification of delivery is not possible. Consent can be withdrawn at any time with effect for the future from the controller named above or from the provider.
2.12 Data transfer to external manufacturers
We use the following lens manufacturers to manufacture the lenses you have ordered: Optiswiss AG, Lyon-Strasse 26, 4053 Basel, Switzerland (‘Optiswiss’) and optovision Gesellschaft für moderne Brillenglastechnik mbH, Heinrich-Hertz-Straße 17, D-63225 Langen (‘Optovision’). The legal basis for the integration is Art. 6 para. 1 sentence 1 lit. b GDPR. Optiswiss and Optovision use the personal data transmitted (surname and the order data of the selected lenses and the correction values as shown in the order confirmation) strictly in accordance with instructions and for the purpose of producing your individualised corrective lenses. We have concluded a corresponding order processing agreement with Optiswiss and Optovision for this purpose. Further information on data protection from both manufacturers can be found at https://www.optiswiss.com/de/datenschutz/index.php and https://www.optovision.com/datenschutz.html.
2.13 Use of Zapier
We use the Zapier web service provided by Zapier Inc., 548 Market St., 62411, San Francisco, CA 94104-5401, USA ("Zapier"). This allows us to automatically link actions between different web apps and synchronise the applications with each other. This enables us to automate standard processes in our web shop, such as sending e-mails or creating invoices. Zapier's personal data may be processed in the process, such as your address for automated e-mailing or your billing address and information about the ordered goods for the automated creation of the invoice.
The legal basis for the integration of Zapier is Article 6 (1) sentence 1 lit. f DS-GVO. Our legitimate interest follows from the purpose of integration listed above.
Zapier will only process the data strictly in accordance with instructions as a processor for the provision of the Zapier Web Service. Zapier will therefore not access or use Customer Data for its own purposes or disclose it to third parties, except as necessary to maintain or provide the Services or to comply with the law or a valid and binding order of a governmental authority (e.g. a subpoena or court order).
For technical reasons, Zapier services may be provided from the USA. In order to ensure an appropriate standard of data protection when processing personal data outside the European Economic Area, Zapier has undertaken to comply with the standard contractual clauses of the European Union as part of the order processing agreement.
You can find more information about data protection at Zapier at https://zapier.com/privacy.
2.14 Use of Google Cloud Services
We host our systems at Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). Google supports our website through cloud-based delivery of website content. The data you provide as part of the ordering process is stored on Google servers.
The legal basis for the integration of Google is Article 6 (1) sentence 1 lit. f DS-GVO. Our legitimate interest follows from the purpose of integration listed above.
The data is stored exclusively in the European Union. Google will only process the data as a processor strictly in accordance with instructions for the provision of the Google and will not access, use or disclose customer data to third parties for its own purposes, except as necessary to maintain or provide the Services or to comply with the law or a valid and binding order of a governmental authority (e.g., a subpoena or court order).
For technical reasons, it may happen that individual services of Google are performed from the USA. In order to ensure an appropriate standard of data protection when processing personal data outside the European Economic Area, Google has undertaken to comply with the standard contractual clauses of the European Union as part of the order processing agreement. Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=de.
3. Data processing when creating a user account
3.1 General
You can voluntarily create a customer account through which we can save your data for future purchases.
If you create a customer account, we store your data required for the fulfilment of the contract, including information on the method of payment, until you finally delete your access. You can manage and change all details in the protected customer area. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.
To prevent unauthorised access by third parties to your personal data, in particular financial data, the connection is encrypted using SSL technology.
3.2 Login with a Google account
You can also use your Google profile to create a customer account with us and also to gain access to your customer account afterwards. To do this, you will be redirected to Google by clicking on the corresponding button ("log in with Google") in order to log in there with your user name and password. Of course, we do not receive this login data. Google will then inform you which data will be transmitted to us (e.g. public profile, birthday and email address). If you confirm this with the "OK" button, a new customer account will be created for you at winemaker.com with this data in the case of account opening. In the case of access to an existing account, Google will confirm your identity so that it is possible to log in without a password stored on shopviu.com. By using the Google profile when creating or logging into your customer account at shopviu.com, no permanent link is created between the Google profile and your customer account at shopviu.com. The legal basis for the transfer of data to the corresponding login provider as described above is your voluntarily given consent, Art. 6 para. 1 lit. a) DS-GVO, which you give by selecting the corresponding log-in option.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data protection notices of these providers: https://policies.google.com/privacy?hl=de
4. Newsletter service
4.1 Newsletter subscriptions
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your email address. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in section 2.1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record whether you open our newsletter and which parts of the newsletter you click on and deduce your personal interests from this. We link this data to actions you have taken on our website.
The information is stored as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking takes place.
The legal basis for the above data processing is Art. 6 para. 1 sentence 1 lit. a DS-GVO.
You can revoke your consent to receive the newsletter and unsubscribe at any time. You can revoke your consent by clicking on the link provided in every newsletter email, by email to hello@shopviu.com or by sending a message to the contact details given in the imprint.
4.2 Advertising emails via Brevo
We use the tool Brevo, Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany, to create and send our newsletters and confirmation emails when purchasing goods in our webshop. The legal basis for the integration of Brevo is Art. 6 para. 1 p. 1 lit. b DS-GVO. Sendinblue GmbH uses the transmitted personal data (address data and, when sending the order confirmation, the order data as they appear from the order confirmation) strictly in accordance with instructions and for the purpose of sending our newsletter or confirmation emails to you. For this purpose, we have concluded a corresponding order processing contract with Sendinblue GmbH. Further information on data protection at Sendinblue GmbH is available at https://www.brevo.com/de/legal/privacypolicy/
5. Timify
For our online appointment booking function, we use the services of the following provider: TerminApp GmbH, Balanstraße 73, Building No. 24, 3rd floor, 81541 Munich, Germany. For the purpose of making appointments, first and last name and e-mail address (and, if applicable, the telephone number if a telephone appointment is requested) are collected in accordance with Art. 6 para. 1 lit. b GDPR. the telephone number, if a telephone appointment is requested) are collected and transmitted to the provider in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the organisation of appointments. Once the appointment has been held or the agreed appointment period has expired, your data will be deleted by the provider.
6. Social Media Plugins
We do not use social media plugins on our websites. If our websites contain icons from social media providers (e.g. Facebook, Instagram), we only use these for passive linking to the pages of the respective providers.
7. Multimedia Plug-in - Cloudinary
We use the video platform of the following provider to embed videos on our website: Cloudinary Ltd, 3400 Central Expressway, Suite 110, Santa Clara, CA 95051, USA This service allows you to play videos from this video platform directly from our website. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties. For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
8. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses so-called cookies, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, the transfer is secured by suitable guarantees. We have also concluded an order processing contract with Google in accordance with § 28 DS-GVO. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our website for us and compiling reports on website activity.
This website also uses Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".
The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. a DS-GVO (consent). We delete the data as soon as it is no longer required for our recording purposes.
You can revoke your consent to the use of cookies and related technologies at any time. Detailed information on this can be found, for example, in section B.I.2.4 of this privacy policy.
You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Third Party Provider Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, overview on data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/polices/privacy.
9. Online advertisement
9.1 Use of Google Ads Conversion and Remarketing
We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Ads). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and been redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, deleting this setting when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, deleting this setting when you delete your cookies; d) by permanently deactivating them in your browsers Firefox, Internetexplorer or Google Chrome at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
In addition to Ads Conversion, we use the Google Remarketing application. This is a procedure with which we would like to address you again. Through this application, you can be shown our advertisements when you continue to use the internet after visiting our website. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when you visit various websites. In this way, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymisation is used in remarketing.
The legal basis for the integration and use of Google Ads is Art. 6 Abs. 1 S. 1 lit. a DS-GVO.
For data processing by Google, the deviating data protection provisions of Google apply. Further information on data collection and use as well as data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can revoke your consent to the use of cookies and related technologies at any time for the future. Detailed information on this can be found, for example, in section B. I. 2.4. of this privacy policy.
9.2 Use of Google AdSense
This website uses the online advertising service Google AdSense, through which you can be presented with advertising tailored to your interests. We do this in the interest of showing you advertising that may be of interest to you, in order to make our website more interesting for you. For this purpose, statistical information about you is collected and processed by our advertising partners. These advertisements are recognisable by the reference "Google ads" in the respective advertisement.
When you visit our website, Google receives the information that you have accessed our website. For this purpose, Google uses a web beacon to set a cookie on your computer. The data mentioned under B. I. 1.1. of this declaration is transmitted. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period. Your data will be transferred to the USA and evaluated there. If you are logged in with your Google account, your data can be directly assigned to it. If you do not wish your data to be associated with your Google profile, you must log out. It is possible that this data will be passed on to contractual partners of Google to third parties and authorities.
The legal basis for the integration and use of Google AdSense is Art. 6 Abs. 1 S. 1 lit. a DS-GVO. This website does not display third-party ads via Google AdSense.
You can prevent the installation of Google AdSense cookies in various ways: a) by adjusting your browser software settings accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling Google's interest-based ads via the link http://www.google.de/ads/preferences, which setting will be deleted when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, which setting will be deleted when you delete your cookies; d) by permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
For data processing by Google, the deviating data protection provisions of Google apply. For more information on the purpose and scope of data collection and processing, as well as further information on your rights in this regard and setting options for protecting your privacy, please contact: Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Advertising Privacy Policy: http://www.google.de/intl/de/policies/technologies/ads. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You can revoke your consent to the use of cookies and related technologies at any time. You can find detailed information on this under section B. I. 2.4. of this privacy policy.
9.3 Integration of Facebook Pixel and LinkedIn Pixel
We use the Facebook Pixel to display personalised ads from us and third parties to you on the Facebook and LinkedIn platforms. Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook"). LinkedIn operated by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn").
With the help of the Facebook pixel, it is possible for Facebook to determine you as a visitor to our website as a target group for the display of certain ads (so-called "Facebook ads"). Facebook Pixel enables us to display the Facebook Ads we place only to those Facebook users who have also previously shown an interest in the advertised product on our website or who have certain characteristics, e.g. interests in certain topics or products, determined on the basis of the web pages visited. With the help of this pixel, we also want to ensure that our Facebook/ LinkedIn ads correspond to the potential interest of the users and do not have a harassing effect.
For this purpose, Facebook or LinkedIn collects information about your user activities on our website and certain other personal data (such as your pixel ID and the Facebook or LinkedIn cookie) via the respective pixel. This information also includes, in particular, so-called http headers (e.g. your IP address and information about your browser) and click data (i.e. the buttons clicked on our website and their names as well as the web pages visited).
The respective pixel enables the measurement, evaluation and optimisation of the effectiveness of Facebook or LinkedIn advertisements for statistical and market research purposes. We only receive reports from Facebook/ LinkedIn in anonymised form. The data is deleted as soon as it is no longer required for our recording purposes.
The legal basis for the integration and use of the aforementioned pixels is Art. 6 para. 1 p. 1 lit. a DS-GVO.
We have no influence on the scope and further use of the data collected through the use of the pixel by Facebook or LinkedIn. Please note that LinkedIn/Facebook may associate their data in particular with their respective user profile and use the data for their own advertising purposes.
For data processing by Facebook/ LinkedIn, the deviating data protection provisions of the respective pixel provider apply.
a) Facebook
For more information on the collection and use of data by Facebook and LinkedIn, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy (https://www.facebook.com/privacy/explanation (link is external)).
You can obtain further information on data processing by Facebook at www.facebook.com/about/privacy (link is external)
You can revoke your consent to the use of the Facebook pixel at any time with effect for the future by following this link: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen (link is external). You must be logged in to Facebook to do this.
b) LinkedIn
For more information about LinkedIn's privacy and data use, please see LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy (link is external). You can opt out of LinkedIn's analysis of your usage behaviour and the display of interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out (link is external) prevent.
You can revoke your consent to the use of cookies and related technologies at any time. Detailed information on this can be found, for example, in section B. I. 2.4. of this data protection declaration.
9.4 Facebook Custom Audiences
Furthermore, the website uses the "Custom Audiences" remarketing function of Facebook Inc. ("Facebook"). This allows users of the website to be shown interest-based advertisements ("Facebook ads") when visiting the Facebook social network or other websites that also use this procedure. In this way, we pursue the interest of showing you advertisements that are of interest to you in order to make our website more interesting for you.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding web page of our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features. Deactivating the "Facebook Custom Audiences" function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#_möglich.
The legal basis for the integration and use of Facebook Custom Audiences is Art. 6 Abs. 1 S. 1 lit. a DS-GVO.
For data processing by Facebook, the deviating data protection provisions of Facebook apply.Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.
You can revoke your consent to the use of cookies and related technologies at any time for the future. Detailed information on this can be found, for example, in section B. I. 2.4. of this privacy policy.
10. Advertising via letter
On the basis of our legitimate interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and - if we have received this additional information from you as part of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business name in accordance with Art. 6 para. 1 lit. f GDPR and to use them to send you interesting offers and information about our products by post. You can object to the storage and use of your data for this purpose at any time at hello@shopviu.com.