Data protection declaration from www.kraenzelhof.it

This application collects personal data from its users.

Users can be subject to different protection standards, so that more comprehensive standards may apply to some of them. Users can find more information about the protection criteria in the section on applicability.

This document can be printed out using the "Print" command in the browser for storage purposes.

Provider and person responsible 

Count von Pfeil Franz Kränzelhof
Gampenstrasse 1 39010 Tscherms
VAT / P.IVA: 01472290210

Provider's email address: shop@kraenzelhof.it

Types of data collected 

Among the types of Personal Data that this Application collects, by itself or through third parties: Cookies; Usage data; E-mail; First name; Last name; Birth date; Phone number; Password; Tax ID; VAT ID; Country; User identification; Billing address; Shipping address; Data transmitted while using the service; different types of data. 

Complete details on each type of processed personal data are provided in the sections of this data protection declaration provided for this purpose or in specific explanatory texts that are displayed before the data is collected.
Personal data can be provided voluntarily by the user or, in the case of usage data, collected automatically when this application is used.
Unless otherwise specified, it is mandatory to provide all data requested by this application. If the user refuses to provide the data, this can mean that this application cannot provide its services to the user. In cases where this application expressly states that the provision of personal data is voluntary, users may choose not to provide this data without any consequences for the availability or the functionality of the service.
Users who are unsure which personal data are mandatory can contact the provider.
Any use of cookies - or other tracking tools - by this application or third-party service providers used by this application serves the purpose of providing the service requested by the user and all other purposes outlined in this document and, if available, as described in the cookie policy.

Users are responsible for all personal data of third parties that are obtained, published or passed on through this application and confirm that they have obtained consent to the transmission of personal data from any third parties to this application.

Type and place of data processing

Processing methods

The provider processes the user data in a proper manner and takes appropriate security measures to avoid unauthorized access and the unauthorized forwarding, modification or destruction of data.
The data processing is carried out by means of computers or IT-based systems according to organizational procedures and procedures that are specifically geared towards the stated purposes. In addition to the person responsible, other persons could also be internal (personnel management, sales, marketing, legal department, system administrators) or external - and, if necessary, named by the person responsible as processors (such as providers of technical services, delivery companies, hosting providers, IT companies or Communication agencies) - operate this application and thus have access to the data. A current list of these participants can be requested from the provider at any time.

Legal basis for processing

The provider may only process personal data of users if one of the following points applies:

• The users have given their consent for one or more specific purposes. Note: In some legislations, the provider may be allowed to process personal data until the user objects to such processing ("opt-out") without having to rely on consent or any of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law;

• the data collection is necessary for the fulfillment of a contract with the user and / or for pre-contractual measures resulting therefrom;

• the processing is necessary for the fulfillment of a legal obligation to which the provider is subject;

• the processing is in connection with a task that is carried out in the public interest or in the exercise of official powers that have been assigned to the provider;

• The processing is necessary to safeguard the legitimate interests of the provider or a third party.

In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the disclosure of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

location

The data are processed in the provider's branch and in all other locations where the bodies involved in the data processing are located.

Depending on the location of the user, data transfers can include the transfer of the user's data to a country other than your own. To find out more about the place of processing of the transmitted data, users can consult the section with the detailed information on the processing of personal data.

If more comprehensive standards are applicable, the following also applies:

The users also have the right to inquire about the legal basis of the data transfer to a country outside the European Union or to an international organization that is subject to international law or was founded by two or more countries, such as the UN, as well as about the provider to clarify the security measures taken to protect their data.

If such a transfer takes place, the user can find out more by checking the relevant sections of this document or by contacting the provider using the information provided in the contact section.

Storage period

Personal data are processed and stored for as long as the purpose for which they were collected requires.

Therefore:

• Personal data that are collected for the purpose of fulfilling a contract concluded between the provider and the user will be stored until this contract has been fully fulfilled.

• Personal data that are collected to safeguard the legitimate interests of the provider will be stored for as long as is necessary to fulfill these purposes. Users can obtain more information about the legitimate interests of the provider in the relevant sections of this document or by contacting the provider.

In addition, the provider is permitted to store personal data for a longer period of time if the user has consented to such processing, as long as the consent is not revoked. In addition, the provider may be obliged to store personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority.

After the retention period has expired, personal data will be deleted. Therefore, the right to information, the right to erasure, the right to correction and the right to data portability cannot be asserted after the retention period has expired.

Purposes of processing

Personal data about the user is collected so that the provider can provide the service and also meet its legal obligations, respond to enforcement requests, protect its rights and interests (or those of the user or third parties), and uncover malicious or fraudulent activities. In addition, data is collected for the following purposes: access to third-party profiles, analytics, contacting the user, interaction with external social networks and platforms, tag management, remarketing and behavioral targeting, registration and authentication, handling of payments, interaction with live -Chat platforms, heat mapping and session recording and data transfer outside the EU. 

Users can find further detailed information on these processing purposes and the personal data used for the respective purpose in the corresponding sections of this document.

Facebook permissions required for this application

This application may require certain Facebook permissions in order to carry out actions with the user's Facebook account and to obtain information therefrom, including personal data. This application connects to the user profile on the social network Facebook, provided by Facebook Inc.

For more information about the following permissions, please refer to the documentation on Facebook permissions and the Facebook privacy policy .

The following permits are required: General Disclosures and Accessing Private Data.  

• Registration and authentication

With registration or authentication, users authorize this application to identify them and grant them access to specific services.
Depending on what is specified below, third-party providers may provide login and authentication services. In this case, this application can access some of the data stored by these third parties for login or identification purposes.

Direct login (this application)

Users register by filling out the registration form and providing their personal data directly through this application.

Processed personal data: user identification; E-mail; Country; Shipping address; Last name; Password; Billing address; Tax ID; Phone number; VAT ID; First name.  

• Data transfer outside the EU

The provider may only transfer personal data that is collected within the EU to third countries (ie to countries that do not belong to the EU) in accordance with a certain legal basis. Such data transfer is based on one of the legal bases described below. The user can inquire with the provider about which legal basis applies to which service.

Data transfer from the EU and / or Switzerland to the USA in accordance with the Privacy Shield (this application)

If this is the legal basis, the transfer of personal data from the EU or Switzerland to the USA takes place in accordance with the EU - USA or Switzerland - USA Privacy Shield (also known as the data protection shield).
In particular, personal data is transmitted to recipients who certify themselves within the framework of the Privacy Shield framework and thus guarantee an appropriate level of protection for this transmitted data. Such third party services are listed in the appropriate sections of this document. Those services that have joined the Privacy Shield can be filtered out by checking the respective data protection guidelines and possibly also the official Privacy Shield list.
Privacy Shield also guarantees users certain rights, as outlined in their most up-to-date form on the US Department of Commerce website.
Personal data can only be transmitted from the EU or Switzerland to the USA to recipients who are not or are no longer part of the Privacy Shield if there is a valid legal basis for this. To find out more about such a legal basis, the user can contact the provider.

Personal data processed: various types of data.  

• Interaction with external social networks and platforms

This type of service enables interaction with social networks or other external platforms directly through this application.
The interaction and the information collected via this application are always subject to the privacy settings made by the users for the respective social network.
This type of service can continue to collect web traffic data for the pages on which the service is installed even when users are not using it.
It is recommended to log out of the respective services in order to ensure that the processed data via this application is not connected to the profile of the user again.

"Like" button and social widgets for Facebook (Facebook, Inc.)

The Facebook Like button and social widgets are services for interacting with the Facebook social network provided by Facebook, Inc.

Processed personal data: cookie; Usage data. 

Place of processing: United States - Privacy Policy . Privacy Shield member. 

"Pin it" button and social widgets for Pinterest (Pinterest)

The "Pin it" button and social widgets for Pinterest are services for interacting with the Pinterest social network from Pinterest Inc.

Processed personal data: cookie; Usage data. 

Place of processing: United States - Privacy Policy .  

• Interaction with live chat platforms

With this type of service, users can interact with third-party live chat platforms directly through this application in order to contact or be contacted by the support team responsible for this application.
If a corresponding service is installed, it can possibly collect navigation and usage data on the pages on which it is installed even if users are not actively using the service. Live chat conversations may also be logged.

Tawk.to widget (tawk.to ltd.)

The Tawk.to widget is a service for interacting with the live chat platform Tawk.to from tawk.to ltd.

Processed personal data: cookie; Usage data; Data transmitted while using the service. 

Place of processing: United Kingdom - Privacy Policy .  

• Contact the user

Mailing list or newsletter (this application)

By subscribing to the mailing list or newsletter, the user's email address will be added to the contact list of people who may receive email messages containing commercial or promotional information related to this application. In addition, your email address can be added to this list when you have signed up for this application or after you have made a purchase.

Processed personal data: email; Birth date; Last name; First name. 

Contact form (this application)

By filling out the contact form with their data, users authorize this application to use their details to respond to requests for information, offers or other inquiries that are specified in the header of the form.

Processed personal data: email; Last name; First name.  

• Remarketing and behavioral targeting

With this type of service, this application and its partners can analyze how this application was used in previous sessions of the user in order to distribute, optimize and deploy advertising in a targeted manner.
This activity is done by tracking usage data and using cookies - information that is sent to the partners responsible for the remarketing and behavioral targeting campaigns.
Some services offer a remarketing option based on email address lists.
In addition to each exclusion option (or opt-out option) offered by the services listed below, the user can opt out of the use of cookies by third-party services by visiting the opt-out page of the Network Advertising Initiative .

Remarketing with Google Analytics (Google Ireland Limited)

Remarketing with Google Analytics is a remarketing and behavioral targeting service from Google Ireland Limited that connects the tracking activities of Google Analytics and its cookies with the Google Ads advertising network and the "DoubleClick" cookie.

Processed personal data: cookie; Usage data. 

Place of processing: Ireland - Privacy Policy . Privacy Shield member. 

Google Ads Remarketing (Google Ireland Limited)

Google Ads Remarketing is a remarketing and behavioral targeting service from Google Ireland Limited, which connects the activity of this application with the Google Ads advertising network and the DoubleClick cookie.

Users can refuse the use of cookies by Google by calling up the Google ad settings.

Processed personal data: cookie; Usage data. 

Place of processing: Ireland - Privacy Policy - Opt Out . Privacy Shield member.  

• Tag management

This type of service helps the provider to centrally manage the tags or scripts that are required for this application.
This leads to the user's data flowing through these services and possibly being saved.

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Processed personal data: usage data. 

Place of processing: Ireland - Privacy Policy . Privacy Shield member.  

• Handling payments

With payment services, this application can process payments by credit card, bank transfer, or other methods. In order to ensure a particularly high level of security, this application only forwards the information that is necessary for the execution of the transaction with the financial intermediaries processing the transaction.
Some of these services can also provide for the sending of timed messages to the user, such as e-mails with invoices or notifications regarding payment. ​

• Access to third party profiles

Using this type of service, this application reads profile information from your profiles at third-party providers and converts them into actions.
These services are not activated automatically, but require the explicit consent of the user.

Access to the Facebook profile (this application)

This application connects to the user profile on the social network Facebook, provided by Facebook, Inc.

Requested permits: Access private data. 

Place of processing: United States - Privacy Policy . Privacy Shield member. 

More information about personal data

• On-line sales of goods and services

The personal data collected are used to provide users with services or to sell goods; this includes payments and possibly deliveries.
The personal data that is collected to carry out the payment can be details of the credit card, the bank account used for the transfer or other payment methods provided. The type of data this application collects depends on the payment system used.

User rights

Users can exercise certain rights in relation to their data processed by the provider.

Users who are entitled to more comprehensive standards can exercise all of the rights described below. In all other cases, the user can inquire with the provider which rights apply to him.

In particular, users have the right to do the following:

• Revoke your consent at any time. If the user has previously consented to the processing of personal data, he can revoke his own consent at any time.

• Object to the processing of your data. The user has the right to object to the processing of his data if the processing takes place on a legal basis other than consent. More information on this is given below.

• Receive information about your data. The user has the right to find out whether the data is being processed by the provider, to receive information about individual aspects of the processing and to receive a copy of the data.

• Check and have it corrected. The user has the right to check the accuracy of his data and to request that it be updated or corrected.

• Request restriction of the processing of your data. Under certain circumstances, users have the right to restrict the processing of their data. In this case, the provider will not process the data for any purpose other than storage.

• Request deletion or other removal of personal data. Under certain circumstances, users have the right to request the provider to delete their data.

• Receive your data and have it transferred to another person in charge. The user has the right to receive his data in a structured, common and machine-readable format and, if technically possible, to have it transmitted to another person responsible without hindrance. This provision applies if the data is processed automatically and the processing is based on the consent of the user, on a contract to which the user is a party, or on pre-contractual obligations.

• Give a complaint. Users have the right to lodge a complaint with the competent supervisory authority.

Details on the right to object to processing

If personal data are processed in the public interest, in the exercise of a sovereign authority transferred to the provider or to safeguard the legitimate interests of the provider, the user can object to this processing by providing a reason for justification that relates to his particular situation.

Users are informed that they can object to the processing of personal data for direct mail at any time without giving reasons. Users can find out whether the provider processes personal data for direct marketing purposes in the relevant sections of this document.

How the rights can be exercised

All inquiries to exercise user rights can be directed to the provider using the contact details given in this document. Applications can be exercised free of charge and will be processed by the provider as early as possible, at the latest within one month.

Applicability of more comprehensive standards

While most of the provisions in this document apply to all users, some provisions expressly only apply if the processing of personal data is subject to more comprehensive protection standards.

Such broader standards are applicable when the processing:

• is carried out by a provider established in the EU;

• relates to the personal data of users who are located in the EU and at the same time relates to the offer of paid or unpaid goods or services to these users;

• concerns the personal data of users located in the EU and enables the provider to monitor the behavior of these users in the EU.

More information about the collection and processing of data

Legal action

The personal data of the user can be processed by the provider for the purposes of legal enforcement within or in preparation of legal proceedings that result from the fact that this application or the associated services were not used properly.
The user declares that he is aware that the provider could be obliged by the authorities to disclose personal data.

More information about the user's personal data

In addition to the information listed in this data protection declaration, this application can, on request, provide the user with further context-related information relating to certain services or to the collection and processing of personal data. 

System logs and maintenance

This application and the services of third-party providers may collect files for operational and maintenance purposes that record the interaction taking place via this application (system logs) or use other personal data (e.g. IP address) for this purpose.

Information not contained in this data protection declaration

Further information on the collection or processing of personal data can be requested from the provider at any time using the contact details listed.

How do not track requests are handled

This application does not support "Do Not Track" requests from web browsers.
Information on whether integrated third-party services support the no-tracking protocol can be found in the privacy policy of the respective service.

Changes to this data protection declaration

The provider reserves the right to make changes to this data protection declaration at any time by informing users on this page and, if necessary, about this application and / or - as far as technically and legally possible - by sending a message about the user's contact details available to the provider. Users are therefore advised to visit this page regularly and, in particular, to check the date of the last change given at the bottom of the page.

Insofar as changes affect data usage based on the consent of the user, the provider will - if necessary - obtain new consent.

Definitions and legal notices 

Personal data (or data)

All information by which the identity of a natural person is or can be determined directly or in connection with other information.

Usage data

Information that this application (or third party services that this application uses) collects automatically, e.g. E.g. the IP addresses or domain names of the computers of users who use this application, the URI addresses (Uniform Resource Identifier), the time of the request, the method used to send the request to the server , the size of the received response file, the numerical code that shows the status of the server response (successful result, error, etc.), the country of origin, the functions of the browser and operating system used by the user, the various time information per call (e.g. B. how much time was spent on each page of the application) and information about the path that was followed within an application, in particular the order of the pages visited, as well as other information about the operating system of the device and / or the IT environment of the user .

Users

The individual using this application who, unless otherwise specified, coincides with the Data Subject.

Affected

The natural person to whom the personal data relates.

Processors (or data processors)

Natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, as described in this data protection declaration.

Responsible (or provider, sometimes also owner)

The natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data and the means used for this purpose, including the security measures relating to the operation and use of this application. Unless otherwise stated, the person responsible is the natural or legal person through whom this application is offered.

This application

The hardware or software tool with which the personal data of the user is collected and processed.

service

The service provided by this application as described in the relative terms (if available) and on this page / application.

European Union (or EU)

Unless otherwise stated, all references in this document to the European Union refer to all current member states of the European Union and the European Economic Area (EEA).

Cookie

Small file that is saved on the user's device.

Legal notice

This data protection declaration was drawn up on the basis of provisions of various legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this application, if not stated otherwise within this document.