top of page

Data protection

Privacy Policy for the online shop of Phino dogs e.U.

(Owner: Sarah Tanner)

Protecting your data is of utmost priority to us. In this privacy policy, we inform you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

Regarding the terms used in this privacy policy, such as "personal data" or "processing," we refer to the corresponding definitions in Article 4 of the General Data Protection Regulation (GDPR).

Contact:

Phino dogs e.U.

Sarah Tanner

Michalekgasse 42/19

1160 Vienna

Email: office@phino.at

Phone: +436603887349

Information on processed data:

  • First names, last names

  • Birthdates

  • Addresses

  • Contact details (email addresses, phone numbers)

  • Usage data (e.g., visited websites, interest in content, access times)

  • Meta/communication data (e.g., device information, IP addresses)

  • Alias names on social media

  • Bank data

  • VAT identification numbers

Data collection on our website:

For security reasons, especially to protect the transmission of personal data and other confidential information, we use SSL/TLS encryption for our website. You can recognize this precaution by the "https://" prefix and the padlock symbol in your browser's address bar.

When you visit our website without completing a purchase and, therefore, without registering, we only collect data that your browser transmits to our server. The following data is collected: date and time of access, amount of data transmitted in bytes, source from which you accessed the page, used browser, operating system, and your IP address. This is technically necessary to display the website to you and is carried out by Article 6(1)(f) of the GDPR. Your data will not be disclosed to third parties. However, in case of unlawful use, we reserve the right to retrospectively check this data.

Processing of special categories of data (Article 9(1) of the GDPR):

No special categories of data are processed.

Categories of data subjects affected by the processing:

  • Visitors and users of our online offering

  • Customers placing orders for the offered goods/services

  • (In the following, the affected individuals are collectively referred to as "users")

Purposes for which the data is processed:

  • Provision of contractual services

  • Service and customer care

  • Provision of the online offering, its content, and features

  • Responding to contact inquiries and communication with users

  • Security measures

 

Legal Bases for Our Data Processing:

Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) or Article 7 of the General Data Protection Regulation (GDPR). The legal basis for processing to fulfill our services and to carry out pre-contractual measures as well as to respond to inquiries is Article 6(1)(b) GDPR. The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR. The legal basis for processing to safeguard our legitimate interests or those of a third party is Article 6(1)(f) GDPR.

Concerning legitimate interests when processing is based on Article 6(1)(f) GDPR: There is a significant and reasonable relationship between the data subject and the data controller, as the data subject is a customer of the data controller. The data subject, by Recital 47 of the GDPR, can reasonably foresee, at the time of data collection and considering the circumstances under which it occurs, that processing will take place for these purposes.

Security Measures:

We implement, by Article 32 of the GDPR (taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons), appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

Wix.com Ltd., Data processor to process our online shop World4You Internet Services GmbH, Data processor to host our website Facebook Inc., Data processor due to the use of the Facebook Pixel.

If, as part of our processing, we disclose data to other individuals and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the data, this is only done based on the appropriate legal permission. For example, this may be necessary for the performance of a contract under Article 6(1)(b) GDPR, with your consent, if a legal obligation requires it, or based on our legitimate interests.

If we engage third parties to process data based on a data processing agreement, this is done by Article 28 GDPR. We have data processing agreements with all data processors listed above.

Contact Form:

If you send us inquiries via the contact form, SMS/messenger, email, or through our social media accounts, your information from the inquiry form, including the contact details provided by you, will be processed to handle the inquiry and, in case of follow-up questions, for processing the contact inquiry and its completion by Article 6(1)(b) GDPR.

We delete the inquiries if they are no longer necessary. We review the necessity every 12 months.

Duration of Storage / Deletion:

Unless expressly stated in this privacy policy, the data stored with us will be deleted as soon as it is no longer necessary for its intended purpose, and there are no legal retention obligations preventing deletion. We will not retain data longer than necessary to fulfill our contractual or legal obligations and to defend against potential liability claims.

Contractual data is stored for a period of three years and two months (statute of limitations of three years according to § 1486 ABGB plus possible duration of service of a possible lawsuit of two months), and invoice data for a period of seven years (legal retention obligation according to § 132 para 1 BAO) based on the aforementioned legal bases.

Provision of contractual services: We process inventory data (e.g., names and addresses, as well as the contact information of users) and contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and provide services by Article 6(1)(b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

Users can place orders. If users place orders, we process the inventory data provided by users (e.g., names and addresses, as well as contact information) and contract data (e.g., services used, names of contact persons, payment information) to fulfill our contractual obligations and provide services by Article 6(1)(b) GDPR.

In the context of using our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the users' interest in protection against misuse and other unauthorized use. In principle, this data is not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so by Article 6(1)(c) GDPR.

Collection of Access Data and Log Files:

We collect data on each access to the server where this service is located, based on our legitimate interests within the meaning of Article 6(1)(f) of the GDPR (General Data Protection Regulation). These data are stored in server log files ("Server Logfiles"). Access data includes the name of the accessed webpage, file, date and time of access, amount of transferred data, message about successful retrieval, browser type and version, user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Logfile information is stored for a maximum period of 31 days and then deleted for security reasons (e.g., for investigating misuse or fraudulent activities). Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.

Cookies:

We use both temporary and permanent cookies, which are small files stored on users' devices. Some cookies serve security purposes or are necessary for the operation of our online offering (e.g., for displaying the website) or to store user decisions when confirming our cookie banner. Additionally, we or our technology partners use cookies for audience measurement and marketing purposes, as users are informed about in the course of this privacy policy.

The legal basis for the use of necessary cookies is Article 6(1)(f) GDPR (legitimate interests). Legitimate interests under the GDPR in this context include the proper and secure functioning of the website as well as the optimization of our offering.

Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that, in this case, not all functions of this online offering may be usable.

We use "session cookies" that are only stored for the duration of the current visit to our online presence. A session cookie contains a randomly generated unique identification number, also known as a session ID. Additionally, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you end the use of our online offering or close the browser.

Users are informed about the use of cookies within the framework of pseudonymous audience measurement in this privacy policy.

If users do not want cookies to be stored on their computer, they can disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions in this online offering.

Users can object to the use of cookies for audience measurement and advertising purposes through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Consent Management with Cookie Script:

To request and store your consent for cookies and other data processing that requires your consent, we use Cookie Script, a service provided by Objectis Ltd., Laisves st. 60, LT-05120 Vilnius, Lithuania.

Cookie Script does not process personal data but only the following information in anonymized form:

  • A random key (key)

  • Your selection (consent)

  • Your IP address in anonymized (shortened) form

  • Date and time of your consent/rejection

  • The URL where you granted/declined consent

  • The used browser and operating system (User Agent String)

The data is processed exclusively in the EU and is permanently stored for documentation of your consent.

Additionally, a cookie is stored in the visitor's browser, containing the random key and the selection made by you (consent). This information can be used later to verify the consent.

The data processing is based on Article 6(1)(f) GDPR (legitimate interests). The legitimate interest within the meaning of the GDPR is the effective and legally flawless collection and storage of your consent.

For information on data processing by Cookie Script, please refer to: https://cookie-script.com/legal/privacy-policy

 

Comments:

When you comment on a blog post on our website, your comment, name, email address, and IP address are stored.

Before your comment is published, we review it for legal violations such as insults or racist or seditious statements. The stored data is necessary to take action against such authors if necessary. The data is deleted as soon as the associated post is removed from the website.

The data processing is based on Article 6(1)(a) GDPR (consent).

Newsletter:

You have the option to subscribe to our email newsletter, in which we inform you about news and send blog posts. For registration, we only need your email address. Additionally, we use the double-opt-in procedure. This means that after signing up for the newsletter, you will initially receive a confirmation email that you must explicitly confirm or agree to. Only with the activation of the confirmation link do you give your consent to the use of your personal data according to Article 6(1)(a) GDPR. As part of your newsletter registration, we store your registered IP address, the date, and time of registration to trace potential misuse of your email address at a later time. The data collected during registration is used exclusively for the newsletter. You can unsubscribe from the newsletter at any time using the designated link in the newsletter or by sending a message to our email address. After unsubscribing, we will delete your email address from our newsletter distribution list.

 

Google Analytics:

This website uses features of "Google Analytics," a web analytics service provided by Google Inc. ("Google"), with your consent. Google Analytics uses so-called "cookies," which are text files stored on your computer and enable an analysis of your use of the website.

The information generated by the cookie about your use of this website is generally transmitted to a Google server in the United States and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide further services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser software accordingly; however, please note that in this case, you may not be able to use all the functions of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

We have concluded a data processing agreement with Google in which Google commits to comply with the standard contractual clauses defined by the EU Commission.

The data processing is based on the legal provisions of § 96 Abs 3 TKG (Telecommunications Act) and Article 6(1)(a) GDPR (consent).

For Google's terms of use and further information on data protection, please refer to the following links: https://www.google.com/analytics/terms/de.html and http://www.google.com/intl/de/policies/privacy/.

Online Presence in Social Networks (Social Media):

We maintain online presences within social networks and platforms to communicate with active customers, interested parties, and users, and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions, as well as the data processing policies of the respective operators, apply.

Unless otherwise specified in our privacy policy, we process user data if they communicate with us within social networks and platforms, for example, by posting on our online presences or sending us messages.

Facebook: Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated into our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our page. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, a direct connection is established between your browser and the Facebook server through the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy (https://www.facebook.com/about/privacy/). If you do not want Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

We have entered into a data processing agreement with Facebook in which Facebook commits to comply with the standard contractual clauses defined by the EU Commission. The data processing is based on Article 6(1)(a) (consent) of the GDPR.

Notes on our Facebook fan page: We operate a Facebook page that can be accessed at https://www.facebook.com/profile.php?id=100083312236404. This is a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Please note that Facebook Insight, provided by Facebook as an integral part of the user relationship free of charge, transmits anonymized statistical data regarding the users of these pages to us. This data is collected using cookies, each containing a unique user code that is active for two years and that Facebook stores on the hard drive of your computer or another storage medium of visitors to the fan page. The user code, which can be linked to your Facebook login data, is collected and processed when accessing the fan pages. The operator of a Facebook fan page has no way to deactivate this function or prevent the processing of the data mentioned. Further information on Facebook Insight is available from Facebook here: https://de-de.facebook.com/help/pages/insights.

Facebook agrees to assume primary responsibility under the GDPR for the processing of Insight data and to fulfill all obligations under the GDPR regarding this data. In particular, Facebook undertakes sole responsibility for personal data processed in this context and to fulfill all related disclosure obligations.

The data transmitted by Facebook to us in connection with the use of the fan page is anonymized so that no conclusions about the identity of individual users can be drawn. However, it is possible to analyze demographic data about users (including trends in age, gender, relationship status, and professional situation), information about users' lifestyles and interests (including information about purchases and online buying behavior of visitors to their page, as well as the categories of goods or services that interest them the most), and geographic data in a statistical evaluation.

We process this data solely for our own evaluation of the reach of our Facebook page and do not disclose it to third parties. The legal basis for this processing is Article 6(1)(f) (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the identification of target groups interested in the content contained on our page.

 

Pinterest:

On our website, we use social plugins from the social network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you access a page containing such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits data to Pinterest's server, which may include your IP address, the addresses of the visited websites that also contain Pinterest functions, the type, and settings of the browser, the date and time of the request, your use of Pinterest, and cookies.

For more information on the purpose, scope, further processing, and use of data by Pinterest, as well as your rights and options to protect your privacy, please refer to Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy.

Instagram: Our website integrates features of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, clicking the Instagram button allows you to link the content of our pages to your Instagram profile. Instagram can then associate the visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by Instagram.

For more information, please refer to Instagram's privacy policy at https://www.instagram.com/about/legal/privacy/.

 

TikTok:

Functions of the TikTok service are also integrated on our website, offered by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. If you are logged into your TikTok account, clicking the TikTok button allows you to link the content of our pages to your TikTok profile. TikTok can then associate the visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and its use by TikTok.

For more information, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

Payment Options

Klarna

On our website, we offer payment options through the services of Klarna. The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna").

Klarna provides various payment options (e.g., installment purchase). If you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. You can find details in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Klarna uses cookies to optimize the use of the Klarna Checkout solution. Optimizing the checkout solution constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Cookies are small text files that are stored on your device and do not cause any harm. They remain on your device until you delete them. Details regarding the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

The transmission of your data to Klarna is based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.

Apple Pay

On our website, we offer payment options through the services of Apple Pay. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA (hereinafter "Apple Pay").

If you choose to pay with Apple Pay, Apple will collect various personal data from you. Details can be found in the privacy policy at the following link: https://www.apple.com/legal/privacy/de-ww/ and here https://support.apple.com/de-at/HT203027#:~:text=Apple%20stores%20the%20data%20associated,linked%20to%20your%20Apple%20ID.

 

PayPal

On our website, we offer payment options through the services of PayPal. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg (hereinafter "PayPal").

If you choose to pay with PayPal, PayPal will collect various personal data from you. Details can be found in the privacy policy at the following link: https://www.paypal.com/webapps/mpp/ua/privacy-full

Google Fonts

On our website, we use so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The use of these fonts is for a consistent representation of our website. To display text and fonts correctly, your browser downloads the required web fonts into your browser cache. In the process, your browser often needs to establish a connection to Google's servers. As a result, Google learns that your IP address has accessed our website, which constitutes a legitimate interest according to Art. 6(1)(f) GDPR. In cases where your browser does not allow web fonts, your computer uses a default font. In our case, your browser directly loads the fonts through Wix and not via Google, preventing your IP address from being transmitted to Google in this context.

Data in Third Countries We explicitly want to point out that we work with data processors outside of Europe. Our website operator "Wix" states that their servers are located worldwide, including in the USA. This is also true for "Google" (through the use of Google Analytics) and "Facebook."

Rights You generally have the rights to information, correction, deletion, restriction, objection, and data portability.

If data processing is based on Art. 6(1)(a) or Art. 9(2)(a), you have the right to revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can object to the use of your personal data for direct marketing purposes at any time and without giving reasons. The objection means that your personal data will no longer be processed for this purpose in the future.

If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated in any other way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority (new address: Barichgasse 40-42, 1030 Vienna).

Changes/Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing we perform make this necessary. We will promptly inform you when changes require your cooperation (e.g., consent).

As of: August 2023

bottom of page