Last updated: March 2019
Ellbognerstraße 24, 4020 Linz, for the website www.silhouette-internatinal.com (“website”)
1. Data processing during use of the website
Whenever you visit our website, we collect the following data: IP address.
You can visit our website without having to disclose information about yourself. Whenever you access the website, only certain access data (your IP address and other metadata, such as the date and time of access and the requesting provider) are processed with the support of automated processes, particularly for the purposes of security or improvement of the website’s quality. This information does not enable us to identify you personally. Nevertheless, IP addresses are considered personal data under the GDPR. You can visit our website for purely informational purposes, to find out about our products, services and activities, without it becoming possible for us to link such data to you personally.
2. Transfer of your personal data
Within our organisation, your data will be transferred to the offices and/or employees who need it to fulfil our contractual or legal obligations or where we have a legitimate interest to process your data.
Furthermore, your data will be transferred to (external) data processors contracted by us, insofar as they require it to perform their duties (whereby the possibility of accessing personal data is sufficient). All data processors are contractually obliged to treat your data as confidential and only to process in order to provide their services. The following data processors receive your data:
- Customer management
- Analytics tools
- IT service providers contracted by us
- Marketing management
We maintain a current list of types of data recipient and contractors.
Some of the aforementioned recipients are located or process your (personal) data outside the EU. However, we take measures to guarantee that all recipients demonstrate appropriate privacy standards. For example, we agree to standardised contractual clauses which can be provided to you upon request. Alternatively, we use suppliers who are certified under the EU-US Privacy Shield, which is an appropriate level of data protection under the GDPR (as per the adequacy decision by the European Commission).
If we use any data processors, then, as stated, these are bound to our privacy guidelines and your personal data is also handled as strictly confidential. Under no circumstances will data processors transfer your data to third parties or use it without our explicit consent, for any purposes other than for the fulfilment of your obligations towards Silhouette, or for those based on our explicit instructions.
3. Data subject’s rights
One of the main objectives of data protection legislation is to grant you certain options for controlling your personal data after data processing has already begun. For this purpose, data subjects have various rights which we must observe immediately upon your request (or, in any case, within one (1) month of your request). To exercise your rights, contact us at the following e-mail address: firstname.lastname@example.org. Specifically, you have the following rights:
(a) Should you exercise your right to information, and no legal restrictions apply, we will provide you with comprehensive information about our processing of your data. To do so, we will provide you with (i) copies of the data (e-mails, database excerpts, etc.), as well as information related to (ii) specifically processed data, (iii) processing purposes, (iv) categories of data being processed, (v) data recipients, (vi) storage limits and/or criteria for determining these, (vii) the origin of the data, and (viii) other information, as necessary, depending on your specific case. Please note, however, that we cannot issue any documents which could infringe upon the rights of other persons.
(b) With your right to correction, you can request that we correct information that we have recorded incorrectly, that is no longer correct or that is incomplete (for the specific processing purposes in question). Your request will be evaluated, during which time you can request for the data processing in question to be restricted until the evaluation is complete.
(c) The right to (data) deletion can be exercised (i) in the event that there is no necessity with regard to the processing purpose, (ii) in case you withdraw your consent, (iii) in case of a special objection, if the data processing in question is based on Silhouette’s legitimate interests, (iv) in case of improper data processing, (v) in the event that there is a legal requirement to delete the data, and (vi) in case of processing of personal data referring to minors under the age of 16.
(d) In specific cases, the data subject has a right to restriction of processing. After this right is exercised, the data in question can only be stored. In addition to the option of restriction during the evaluation period for data corrections, this extends to (i) unlawful data processing (insofar as no deletion is requested) and (ii) the duration of the evaluation of a special objection.
(e) Furthermore, you have a fundamental right to object to data processing at any time. This only applies whenever the processing is based on Silhouette’s legitimate interests. Please note, however, that legitimate interests can only be invoked as a legal basis for processing activities in specific cases.
(f) You can also exercise your right to complain to supervisory authorities (see point 10).
(g) You also have a right to data portability, under the exercise of which the data in question is to be received in a structured, conventional and computer-readable format and shall be transferred to another controller.
Please also note that in some cases we will be unable to comply with your request due to mandatory, protected reasons for processing (weighing of interests) and/or processing based on the exertion, exercise or defence of legal claims (on our side). The same applies in the case of excessive requests, in which case (as in the case of compliance with manifestly unfounded requests), a fee may be imposed.
4. Data security, data deletion
Silhouette takes all the suitable technical and organisational measures to ensure that, by default, personal data is only processed to the extent strictly necessary for the business purpose in question. The measures taken by Silhouette relate to the quantity of the collected data, the scope of the processing as well as the storage limits and accessibility of the data. Through these measures, Silhouette ensures that personal data is made available by default only to a strictly limited and necessary number of persons. No other persons are granted access to personal data without the explicit consent of the data subject. Furthermore, Silhouette uses various safety mechanisms (back-ups, encryption) to secure its website and other systems. These are intended to provide your (personal) data with the greatest possible level of protection against loss, theft, destruction, unauthorised access, modification or distribution.
All Silhouette employees are adequately informed of all applicable regulations under data protection law as well as internal data protection rules and data security precautions. They are bound to confidentiality with respect to any information made known and/or accessible to them within the scope of their work. The provisions of the GDPR are strictly observed and personal data is only provided to individual employees to the extent necessary with regard to the purpose of the data collection and our obligations arising from it. If Silhouette engages processors, they are bound to us by specific framework agreements to act in accordance with our data protection practice.
In accordance with the provisions of the GDPR, all (personal) data collected by us via our website shall only be stored for as long as necessary with regard to the legal grounds for processing them, unless a longer storage period is stipulated by law. We uphold our obligation to delete data with our company’s own internal data deletion procedure. We can provide you with further information about it, at your request.
5. Links to Third-Party Websites
We use links to the third-party webpages on our website, which consist on the one hand of links to our long-term partners, and on the other, of links to social networks (e.g. Facebook, Twitter, Instagram, Pinterest). If you click on any of these links, you will be redirected directly to the relevant webpage. The only data that the website operators will receive is that you have come via our website. We therefore refer you to the privacy policies of these websites. Please note, however, that if you do not want a particular social network to assign data collected via our website to your profile in that social network, you must log out before clicking on the link and accessing it.
We use small pieces of text data called “cookies” that are stored on your computer when you use our website. These help us to optimise our service to make it more user-friendly and secure, and to make design improvements. In many cases, the cookies installed will be “session cookies”, which will be automatically deleted when you finish your browser session without needing further action on your part. Other cookies (e.g. those that store your language preferences) are stored over a longer period of time and must be deleted manually. Cookies contain absolutely no personal data.
Most browsers automatically accept cookies. However, you can change your browser settings so that cookies are either totally blocked or only certain types are permitted (e.g. you can choose to only block third-party cookies). Please note that you may not be able to enjoy the full functionality of the website if you change your cookie settings. You can find out how to change your settings on the most common browsers using the following links:
Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
7. Social Plugins
On our website, social plugins (“plugins”) for the social media networks Facebook and Google+, as well as the microblogging service Twitter, are used. These services are provided by the companies Facebook Inc., Google LLC and Twitter Inc. (“providers”).
Facebook is operated by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). You can find an overview of the Facebook plugins and their appearances here:
Google+ is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). You can find an overview of the Google plugins and their appearances here: https://developers.google.com/+/web/.
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). You can find an overview of the Twitter buttons and their appearances here: https://help.twitter.com/de/using-twitter/twitter-buttons.
Whenever you visit a page of our website that contains this kind of plugin, your browser establishes a direct connection with the servers of Facebook, Google or Twitter. The content of the plugin is transferred directly from the provider to your browser and embedded into the web page. By embedding the plugin, the provider receives the information that your browser has accessed the specific page of our website, even if you do not have a profile or are not logged in at the time. This information (including your IP address) is transferred by your browser directly to one of the providers’ servers in the USA and stored there. If you are logged in to one of the services, the provider can immediately allocate your visit to our website to your profile on Facebook, Google+ and/or Twitter.
If you do not want Google, Facebook or Twitter to directly allocate the data collected on our website to your social media profile, you must log out of the social media profile in question before visiting our website. You can also use add-ons for your browser to completely block plugins from loading (for example, using the “NoScript” script blocker: http://noscript.net/).
8. Google Analytics
Our website uses Google Analytics, a website analysis tool by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Cookies allow Google Analytics to evaluate your usage of a particular website. We will process your data in accordance with our legitimate interest to collect website visitor statistics in a cost-efficient and convenient way (Art. 6 Para. 1 Letter F of the GDPR regulations).
The information gathered by the cookies about your use of the website will be transmitted to Google’s servers in the USA and stored there. We do not store any data that is generated through Google Analytics. However, due to the activation of IP anonymisation on this website, your IP address will be abbreviated by Google in advance within member states of the European Union or countries within the European Economic Area. In exceptional cases, your full IP address will be sent to the USA and shortened there. Google uses this information to evaluate your website usage for us and to compile reports about your website activity in order to offer us additional services relating to website behaviour and Internet usage. Your IP address will not be associated with any other data held by Google and will not therefore allow your identity to be discerned.
Google is a participant of the EU-US Privacy Shield, which requires Google to uphold the agreement and comply with European data protection standards. The certification for the Privacy Shield can be found at https://www.privacyshield.gov/list.
Using the process described in point 5, you can set up your browser preferences to stop it from storing cookies (or restrict third-party cookies only) on your computer. Moreover, you can prevent Google from collecting and processing data gathered from cookies tracking your website usage (incl. your IP address) by downloading and installing the appropriate browser plugin (http://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can click here (https://www.internetwarriors.de/blog/kein-google-analytics-ohne-opt-out-cookie/ oder https://blog.marketing-factory.de/datenschutz/google-analytics-opt-out/ oder https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable) to install an “opt-out cookie” which will be stored on your device and which also prevents Google Analytics from collecting your data. You will need to repeat this step again if you delete all your cookies. However, we would also point out that you may not be able to enjoy the website’s full functionality if you do so.
You can find more detailed information about your data privacy with regard to Google Analytics and how you can manage it at https://policies.google.com/privacy?hl=en.
9. Contact Form on the Website
On our website you have the option of filling out a contact form to ask us specific questions or get in touch with us. Our processing is based on our prevailing legitimate interests to be able to process requests individually and as quickly as possible (Art. 6.1.f of the GDPR). The information that you submit will only be used to respond to your question and will not be stored.
10. Right of Complaint
If you decide that we have infringed against incumbent data privacy laws, you have the right to file a complaint with the relevant national data protection authority. The requirements for such a complaint are based on § 24ff of the Austrian Data Protection Act (DSG). However, we encourage you to contact us before filing a complaint so that we can resolve any questions or problems.
Below are the contact details of the relevant Data Protection Authority:
Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria
Telephone: +43 1 52 152-0
11. Contact Details for Data Protection Questions, Messages and Requests
Please send questions, notifications or requests regarding data protection law to the following contact address:
Silhouette International Schmied AG