Data privacy statement

1) Information about the collection of personal data and contact details of the Controller

1.1 We appreciate your visit to our website, and your interest in it. Below, we inform you about how your personal data is processed when using our website. Personal data constitutes all data with which you can be personally identified.

1.2 The party responsible (Controller) for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Sigrid Straßegger, Äpfel in Form, Hönigtalweg 28, 8063 Eggersdorf, Austria, tel.: +43 (0) 677 619 745 57, email: aepfelinform(at)gmx.at. The party responsible (Controller) for data processing is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (for example, orders or queries sent to the Controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when you visit our website

If you are simply using our website for information purposes i.e. if you do not register with us or otherwise provide us with information, we only collect data that your browser transmits to our server (“server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
– Our visited website
– Date and time of your visit
– Amount of data sent in bytes
– Source/reference from which you accessed our page
– Browser used
– Operating system used
– IP address used (if need be, in anonymised form)
We process this data in accordance with Article 6 (1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

3) Contacting us

Personal data is collected when you enter into contact with us (e.g. via the contact form or via email). When using a contact form, it is possible to see which data is collected from the respective contact form itself. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Article 6 (1)(f) GDPR. If the aim of contacting us is to conclude a contract, the additional legal basis for the processing is Article 6 (1)(b) GDPR. Your data will be deleted after your enquiry has been fully processed. This is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, and provided that there are no legal storage obligations to the contrary.

4) Data processing when opening a customer account and for the purpose of contract processing
In accordance with Article 6 (1)(b) GDPR, personal data will continue to be collected and processed when you send us said data for the purpose of executing a contract or opening a customer account. It is possible to see which data is collected from the respective input forms. You may delete your customer account at any time, by sending a message to the address of the Controller given above. We store and use the data supplied by you for the purpose of executing the contract. Once the contract has been concluded in full or your customer account has been deleted, your data will be stored in consideration of tax and commercial retention periods, and subsequently deleted once these periods have expired, provided that you have not expressly consented to your data being used further, or a legally permitted further use of data has been reserved by our site.

5) Use for customer details for direct advertising
5.1 Sending the email newsletter to existing customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to email you regular offers on similar goods or services to those purchased from our range. Pursuant to Article 7 (3) of the Law Against Unfair Competition (UWG), we do not need to obtain separate consent to do so. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising pursuant to Article 6 (1)(f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an email. You are entitled to object to the future use of your email address for the aforementioned advertising purpose at any time by notifying the controller named at the beginning of this document In this regard, you only have to pay the transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.

5.2 Newsletter dispatch via ActiveCampaign
Our email newsletter is sent by the technical service provider ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA (“ActiveCampaign”), to whom we forward the data you provide when registering for the newsletter. This disclosure takes place in accordance with Article 6 (1)(f) GDPR and serves our legitimate interest in providing an effective, secure and user-friendly newsletter system. The data you enter for the newsletter subscription (e.g. email address) will be stored on ActiveCampaign’s servers in the USA.
ActiveCampaign uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the sent emails contain so-called web beacons i.e. tracking pixels that represent the one-pixel image files that are stored on our website. We can then determine whether a newsletter message has been opened and which links have been clicked on. With the aid of so-called conversion tracking, we can also analyse whether a pre-defined action (e.g. purchasing a product on our website) has been performed after clicking on the links in the newsletter. Furthermore, technical information is also recorded (e.g. time of visit, IP address, browser type and operating system). The data is collected exclusively under a pseudonym and is not linked to your other personal data. A direct personal reference is thus excluded. This data is used exclusively for the purpose of statistically analysing newsletter campaigns. The results of this analysis can be used to adapt future newsletters better to the recipient’s interests.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
We have entered into a Data Processing Agreement with ActiveCampaign, which obliges ActiveCampaign to protect our customers’ data and not forward it to third parties.
You can view the Data Privacy Statement of ActiveCampaign here: https://www.activecampaign.com/privacy-policy

5.3 – Advertising by post
On the basis of our legitimate interest in personalised direct advertising we reserve the right to store your first name, surname, postal address and – if we have received these additional details from you as part of the contractual relationship – your title, academic qualifications, year of birth and professional title, industry designation or business name pursuant to Article 6 (1)(f) GDPR, and to use these details to send you interesting offers and information about our products by letter post.
You may object to the storage and use of your data for this purpose at any time by sending a message to the Controller.

6.) Data processing for order processing

On our website, we offer customers the chance to order personalised products by sending image files via email. The image supplied will serve as the template for personalising the selected product.
Via the email address provided on the website, the customer can send us one or several image files from the memory system of the end device used. We collect, store and use the data provided to us in this way exclusively for the purpose of preparing the personalised product in respect of the respective service description given on our website. If the image files supplied to us for the purpose of preparing and executing the order are forwarded to a special service provider, you will be explicitly informed of this below. Your data will not be disclosed over and beyond this. If the data i.e. the digital images supplied to us contain personal data (in particular depictions of identifiable persons), all processing procedures described here will take place solely for the purpose of processing your online order pursuant to Article 6 (1)(b) GDPR. Once your order has been processed fully, the image files supplied to us are automatically deleted in full.

6.2 In order to process your order, we work with the service provider(s) listed below, which provide us with full or partial support in executing closed contracts. Certain personal data is disclosed to these service providers, in line with the following information.
The personal data we collect is forwarded to the transport company commissioned with delivery within the scope of executing the contract, insofar as this is required for delivering the goods. We forward your payment details to the commissioned credit institution within the framework of payment processing, insofar as this is required to process payments. If payment providers are used, we explicitly inform you of this below. The legal basis for the transmission of data is Article 6 (1)(b) GDPR.

If goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we forward your email address to Deutsche Post before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to Deutsche Post for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with Deutsche Post i.e. provide a delivery notice.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying Deutsche Post.
– DHL
If goods are delivered by transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we forward your email address to DHL before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to DHL for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with DHL i.e. provide a delivery notice.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider DHL.
– DPD
If goods are delivered by transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we forward your email address and phone number to DPD before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to DPD for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with DPD i.e. provide a delivery notice.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider DPD.
– FedEx
If goods are delivered by transport service provider FedEx (FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach), we forward your email address and phone number to FedEx before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to FedEx for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with FedEx i.e. provide a delivery notice.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider FedEx.

If goods are delivered by transport service provider GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1 – 7, 36286 Neuenstein), we forward your email address to GLS before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice to GLS, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to GLS for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with GLS i.e. provide information regarding the delivery status of the dispatch.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider GLS.
– Hermes
If goods are delivered by transport service provider Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg), we forward your email address to Hermes before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to Hermes for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with Hermes i.e. provide information regarding the delivery status of the dispatch.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider Hermes.
– Österreichische Post
If goods are delivered by transport service provider Österreichische Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we forward your email address to Österreichische Post before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to Österreichische Post for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with Österreichische Post i.e. provide information regarding the delivery status of the dispatch.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider Österreichische Post.
– TNT
If goods are delivered by transport service provider TNT (TNT Express GmbH, Haberstraße 2, 53842 Troisdorf), we forward your email address to TNT before the delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to TNT for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with TNT i.e. provide information regarding the delivery status of the dispatch.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider TNT.
– UPS
If goods are delivered by transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we forward your email address to UPS before delivery of goods pursuant to Article 6 (1)(a) GDPR, for the purpose of agreeing a delivery date i.e. provide a delivery notice, provided you have expressly consented to this in the order process. Otherwise, we only forward the recipient name and delivery address to UPS for the purpose of delivery, in accordance with Article 6 (1)(b) GDPR. This information is only forwarded if it is required for the delivery of goods. In this case, it is not possible to agree in advance a delivery date with UPS i.e. provide information regarding the delivery status of the dispatch.
You may withdraw your consent at any time with effect for the future by notifying the Controller named above or by notifying the transport service provider UPS.

7) Web analytics services

8.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data; we inform you of this below:
– Right of access by the data subject pursuant to Article 15 GDPR: You shall have the right to receive the following information: The personal data processed by us; the purposes of the processing; the categories of processed personal data; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request rectification or erasure of personal data or restriction of processing personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing; the right to information on which safeguards there are pursuant to Article 46 when your data is transferred to a third country.
Right to rectification pursuant to Article 16 GDPR: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and/or the right to have incomplete personal data completed which are stored by us;
– Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR: You have the right to obtain the erasure of personal data concerning you if the conditions of Article 17 (1) GDPR are fulfilled. However, this right will not apply when the processing is required for the purpose of exercising freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
– Right to restriction of processing pursuant to Article 18 GDPR: You have the right to obtain restriction of processing your personal data for the following reasons: As long as the accuracy of your personal data contested by you will be verified. If you oppose the erasure of your personal data because of unlawful processing and you request the restriction of their use instead. If you require the personal data for the establishment, exercise or defence of legal claims, once we no longer need those data for the purposes of the processing. If you have objected to processing on grounds relating to your personal situation pending the verification whether our legitimate grounds override your grounds;
– Right to be informed pursuant to Article 19 GDPR: If you have asserted the right of rectification, erasure or restriction of processing against the Controller, the Controller is obliged to communicate to each recipient to whom the personal data has been disclosed any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
– Right to data portability pursuant to Article 20 GDPR: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to require that those data be transmitted to another controller, where technically feasible;
– Right to withdraw a given consent pursuant to Article 7 (3) GDPR: You have the right to withdraw your consent for the processing of personal data at any time with effect for the future. In the event of withdrawal, we will immediately erase the data concerned, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
– Right to lodge a complaint pursuant to Article 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

8.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

9) Duration of storage of personal data

The duration of storage of personal data is based on the respective legal basis, the purpose of processing, and – if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).
If personal data is processed based on express consent in accordance with Article 6 (1)(a) GDPR, this data will be stored until the data subject withdraws their consent.
If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Article 6 (1)(b) GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfilment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Article 6 (1)(f) GDPR, this data will be stored until the data subject exercises their right to object in accordance with Article 21 (1) GDPR, unless we can demonstrate compelling reasons worth of protection for the processing that outweigh the interests, rights and freedoms of the data subject, or if the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Article 6 (1)(f) GDPR, this data will be stored until the data subject exercises their right to object in accordance with Article 21 (2) GDPR.
Unless otherwise stated in the information contained in this Privacy Statement on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.