Data protection

The protection of your personal data is a special concern of ours. We therefore process your data exclusively on the basis of the legal regulations (EU-GDPR, Austrian data protection law TKG 2003). 

Details on the new EU General Data Protection Regulation (EU-GDPR) can be found here:

Since the data protection declaration is very extensive, we would like to list briefly what we do not do:

  • No Facebook tracking (pixel, like button etc.) or other social media tracking
  • No remarketing, so you will not be followed by our advertising on other websites
  • No credit checks by us
  • We do not ask for unnecessary data (date of birth, gender etc.)
  • No automatic decision making or profiling

We put great emphasis on data security, and therefore use modern cloud software, which is continuously developed and protected by professionals. 

We limit access to data as far as possible, all employees and service providers are obliged to data protection and confidentiality.

This data protection declaration serves to inform you about the type, scope and purposes of the collection and processing of your data. We, the Team / Thomas Gattinger, are responsible for data processing within the meaning of data protection law. If you have any questions about the collection, processing or use of your personal data, please contact our data protection coordinator in writing:

Thomas Gattinger

Or by mail:
Thomas Gattinger
Traunfeldstrasse 1
4663 Laakirchen

Collection and processing of your data

As part of your registration, order, newsletter subscription or visit to our website, we collect and process certain personal data relating to you. The nature, scope and purposes of such data processing are described below.

Registration and order process

In the context of your registration in the webshop and your order we process the data provided by you: E-mail address, telephone number*, company name*, first name, surname, street & house number, additional address*, postcode, city, country, VAT ID*, password*.

The data marked in this way are optional, they will only be processed by us if you have provided them. The password can be set at a later time if required.

In addition, the exact time (date and time) and the IP address of the customer are stored when placing an order in the webshop. Order time and IP address are required for the secure operation of the webshop and stored in accordance with Art 6 para 1 lit f GDPR.

The data necessary for the processing of payments by credit card, Paypal, Sofortüberweisung, iDEAL, Bancontact, Amazon Pay will be forwarded to our payment partners or you will be forwarded to the website of our payment partner when you choose the payment method. Our payment partners encrypt your credit card details, bank details or other data via SSL (at least 128 bits) at the data transfer. For more information on data processing by our payment partners, please see their privacy policy:

The data provided by you will be stored in your customer account, processed for the processing of your orders and for the fulfilment of the contracts existing between you and us. Data processing is carried out on the legal basis of Art 6 para 1 lit a GDPR (consent to the storage of data in the customer account) or Art 6 para 1 lit b GDPR  (processing is necessary to fulfil the contract). After complete processing of the contract and complete payment of the purchase price, the order data is archived. After expiry of the tax and commercial retention periods or the periods in accordance with the Product Liability Act, we will delete order data upon request.

We change or delete master data in the customer account on request, insofar as there are no legal retention periods to the contrary. In the event that the purchasing process is terminated without a contract being concluded, we will delete data already stored on request (insofar as there are no legal retention periods to the contrary), please contact us.

We would like to be able to give our existing customers an overview of their master data and past orders at any time, therefore an automatic deletion of customer master data and/or order data is not planned at present. We correct and delete data as far as this is permitted by law (retention periods) at any time on request.

Your personal data will only be passed on or otherwise disclosed to third parties if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent. Within the framework of order processing, the service providers we use here (e.g. mail order companies, warehousing service providers, payment service providers, customer service, accountants, tax consultants), for example, receive the necessary data for order and order processing. In the case of a legal regulation, an order by authorities or an official investigation procedure, however, we are legally obliged to provide the respective data to the authorities.


We have integrated the payment method PayPal in this webshop. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as trustee and offers buyer protection services.

PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you select the payment method "PayPal" in our online shop during the order process, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.

The purpose of data transmission is to process payments and prevent fraud. We will transfer personal data to PayPal in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.

You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing. 

PayPal's current privacy policy can be found at


We have integrated the Sofortüberweisung payment method via our payment service provider Heidelpay in this webshop. Sofortüberweisung sends us immediately after execution of the payment a payment confirmation, so the order can be dispatched immediately.

The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If you select "DIRECTebanking" as the payment option in our online shop during the order process, your data will be automatically transferred to Heidelpay or DIRECTebanking. With a selection of this payment option, you consent to the transfer of personal data required for payment processing.

In the case of purchase transactions via direct bank transfer, the buyer transmits the PIN and the TAN to Sofort GmbH. Immediate transfer then carries out a transfer to the online merchant (via our payment service provider Heidelpay) after a technical check of the account balance and retrieval of further data to check the account cover. The execution of the financial transaction will then be communicated to us automatically.

The personal data exchanged by direct bank transfer is first name, surname, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. The purpose of data transmission is to process payments and prevent fraud. We will also transfer other personal data immediately if there is a legitimate interest in the transfer. The personal data exchanged between Sofortüberweisung and us may be transferred by Sofortüberweisung to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.

Sofortüberweisung passes on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the company.

You have the possibility to revoke your consent to the handling of personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of Sofortüberweisung can be found at

The data protection declaration of the technical service provider Heidelpay can be accessed here:

Logistics and Shipping

The data of orders ready for dispatch are generally passed on to our logistics service provider Schachinger x-LOG GmbH in Linz, Austria. Schachinger x-LOG GmbH receives the information necessary for shipping (e.g. delivery address, products ordered).

Shipping is done usually via DPD (Austria and EU) or Primetime (Austria). The shipping service provider only receives the information directly necessary for shipping, i.e. the delivery address and any additional address information necessary for delivery. We do not give the customer's contact details (e-mail address or telephone number) to the shipping service provider, unless this is absolutely necessary for a specific type of shipping (express shipping, forwarding agency shipping).

Other shipping methods for larger orders, custom-made products or particularly urgent orders:

  • Shipping from our office in Laakirchen, Austria
  • Shipping directly from our suppliers to the customer: We have concluded data processing contracts with all suppliers, obliging them to strict data protection. We only hand over data which are absolutely necessary for the dispatch and which may also only be used for the dispatch of the order.
  • Dispatch from a Fulfillment by Amazon warehouse: We only hand over data that are absolutely necessary for dispatch


If you register for our newsletter and give us your consent (Art 6 para 1 lit a GDPR), we process your e-mail address and the chosen language for the purpose of sending our newsletter. The IP address of your computer and the date/time of registration will also be stored. We will send you a confirmation e-mail (double opt-in procedure) when you register.

You can revoke your consent at any time or unsubscribe from the newsletter by sending a message to the e-mail address or by clicking on the unsubscribe link at the end of each newsletter or by notifying us in another form.

We are committed to the principle of data economy, and therefore only ask for your e-mail address and the desired language. Therefore you can use our newsletter pseudonym (no real name necessary).

Your personal data will be stored as soon as you register for the newsletter. When you unsubscribe from the newsletter, the time of the unsubscription is saved and the email address is saved as "unsubscribed" to ensure that you will not receive another newsletter.

Our newsletter is sent by the technical service provider Mailchimp ( Mailchimp stores the data in the USA, the data protection is guaranteed by a Privacy Shield certification ( We have concluded a Data Processing Addendum with Mailchimp.

Newsletter Tracking

Our newsletter contains tracking pixels and tracking links to measure the success of online marketing campaigns. This enables us to recognize whether a newsletter has been opened and which links in the newsletter have been clicked by the recipient.

These data are stored and evaluated by us or by the technical service provider Mailchimp to optimize the newsletter dispatch and to adapt the content of future newsletters better to the interests of the recipients.

This personal data will not be passed on to third parties. You are entitled at any time to revoke the relevant separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by us. We automatically interpret a cancellation from the receipt of the newsletter as a revocation.

Webshop software and hosting

Our webshop is operated via the "Software as a Service" application Plentymarkets. Plentymarkets is a product of Plentymarkets GmbH, Bürgermeister-Brunner-Straße 15, 34117 Kassel, Germany. The software is developed and operated in Germany according to strict data protection standards (TÜV Saarland - Geprüfte Cloud Sicherheit). Learn more about Plentymarkets' privacy practices:

Plentymarkets uses Amazon Web Services (AWS), Frankfurt am Main, Germany ( for hosting the software and delivering the websites accessed. Further information on AWS data protection:

All data of the webshop software (e.g. customer data, order data, invoice documents) are stored in Germany (AWS Frankfurt, see above). We have concluded a data processing agreement with Plentymarkets GmbH.

Visiting the Website / Use of Cookies

When you visit our website, we collect personal data to the technically necessary extent (name of the file accessed, date and time of access, übertragene data volume, message über successful access, browser type and version, user's operating system, referrer URL, user's IP address and the requesting provider). These log files are managed by the server administrators of Plentymarkets GmbH, used exclusively for the secure operation of the servers, and overwritten after 2 weeks. We have no access to this data. They can not be assigned by us to certain persons, are not combined with data from other data sources and are under no circumstances used for marketing purposes. Server log files are stored in accordance with art. 6 par. 1 lit f GDPR. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user. 

We would like to point out that cookies are used when you visit our website. Cookies are small files or other types of information that are stored by our web server or third party web servers in your web browser. The cookies used when visiting our website serve only the purpose of simplifying the shopping process (e.g. by saving the items stored in a shopping basket) and the use of certain functions of our web shop. The cookies we use will be deleted from your hard drive after you close your browser (session cookies). These data are collected on the basis of § 96 (3) TKG.

In addition, we use cookies for statistical analysis of the use of our website as part of the web analysis service Google Analytics (see below). These data are collected on the basis of Art 6 para 1 lit f GDPR. Other cookies and services used are listed below.

Google Analytics

We use Google Analytics (with the anonymizer function) in this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics we use the application "_gat. _anonymizeIp". By means of this application your IP address of the Internet connection is abridged by Google and anonymised when accessing our websites.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Google Analytics stores a cookie in your browser. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call to one of the individual pages of this site, your browser will automatically submit data through the Google Analytics component for the purpose of web analytics and online advertising. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as your IP address, which serves Google, inter alia, to understand the origin of visitors and clicks.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by you. With each visit to our Internet site, such personal data, including the IP address of your Internet access, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

You may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie in your browser. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, you have the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, you must download a browser add-on under the link and install it. This browser add-on tells Google Analytics through JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If your computer or browser is later deleted, formatted, or newly installed, then you must reinstall the browser add-on to disable Google Analytics.

Further information and the applicable data protection provisions of Google may be retrieved under and under Google Analytics is further explained under the following link

We have selected the shortest possible storage period (as of May 2018) in the Google Analytics settings: User and event data are stored for 14 months. We have deactivated the function "Reset on new activity", so a new visit will not extend the storage period beyond these 14 months.


We have integrated Google AdWords in this website. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google's search results is only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.

The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google.

If you reach our website via a Google ad, a conversion cookie is stored in your browser. A conversion cookie loses its validity after 30 days and is not used to identify you. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and we can understand whether a person who reached our website via an AdWords ad generated sales.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify you.

The conversion cookie stores personal information, e.g. the Internet pages visited by you. Each time you visit our Internet pages, personal data, including your IP address, is transmitted to Google in the USA. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical procedure to third parties.

You may, at any time, prevent the setting of cookies by our website, by configuring the corresponding setting of your browser. This way you can permanently deny the setting of cookies. Such a setting in your browser would also prevent Google from placing a conversion cookie on your computer. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.

You have the possibility of objecting to the interest based advertisement of Google. Therefore, you must access from each of the browsers in use the link and set the desired settings.

Further information and the applicable data protection provisions of Google may be retrieved under

Bing Ads

Our website uses Bing-Ads (UET - Universal Event Tracking) technology to collect and store data from which user profiles are created using pseudonyms. This is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website when they come to our website via ads from Bing Ads. If you access our website via such an advertisement, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code used in connection with the cookie to store some non-personal data about the use of the website. This includes the time spent on the website, which areas of the website were called up and via which ad the users accessed the website. Information about your identity is not collected.

The information collected is transmitted to Microsoft servers in the United States and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by deactivating the setting of cookies. This may restrict the functionality of the website.

In addition, Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, enabling you to display personalized advertising on or in Microsoft Web pages and apps. You can disable this behavior at

For more information about Bing Ads' analytics services, please visit the Bing Ads website ( For more information about Microsoft and Bing's privacy practices, please see Microsoft's privacy policy (

Google Tag Manager

Google Tag Manager is a solution that allows webshop operators to manage website tags through a single interface, such as the tags from Google Analytics, Adwords or Bing. The Tool Tag Manager itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain for all tracking tags implemented with Google Tag Manager.

Youtube Videos

On our website we use components (videos) from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the "extended data protection mode" option provided by YouTube. When you access a page that has an embedded video, it connects to the YouTube servers and displays the content on the page by notifying your browser. According to YouTube, only data is transmitted to the YouTube server in "extended data protection mode", especially which of our websites you visited when you watch the video. If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website. For more information about YouTube's privacy, visit the following link:

Web Fonts

We use so-called web fonts provided by Google on this website for the uniform display of fonts. When you call up a page, your browser loads the fonts you need into your browser's cache to display texts and fonts correctly. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of the Webshop (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). For more information about Google Web Fonts, visit and read Google's privacy statement:

Use of Live Agent

Liveagent is a customer service software that we use to communicate with our customers. We process incoming emails with this software and answer inquiries that are received via the contact form and the chat.

Liveagent provides customer service chat (at the bottom right of each page in the webshop). To be able to offer the chat button, chat functions and the contact form, cookies are stored. These cookies are necessary for the for a proper functioning of the customer service software, they are stored on the basis of art. 6 par. 1 lit. f GDPR. 

Detailed information about these cookies is provided by Liveagent:

The data of the Liveagent software is stored exclusively on servers in the EU. We have a data processing agreement with this software provider (Quality Unit, s.r.o. Vajnorská 100/A, 83104 Bratislava, Slovakia).

Further information on GDPR at Liveagent:


Data protection

Your contract data will be transmitted SSL encrypted over the internet. We protect our website and other systems by technical and organizational measures against loss, destruction, access, change or distribution of your data by unauthorized persons.

Rights as data subject

You have the right of information about your personal data, as well as the right of rectification or deletion or restriction of the processing. You can also object to the processing and have the right of transmission of your personal data in structured, machine-readable form. For all those rights please contact our data protection coordinator, contact details see the top of this page.

Right of appeal

You also have the right to file a complaint with a regulatory authority. In Austria this is: Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna, phone: +43 1 52 152-0, e-mail:, web:

Copyright and source references to this data protection declaration

The data protection declaration was created by our data protection coordinator Thomas Gattinger on the basis of sample texts. It is continuously adapted to the current data processing processes at Eventlights and to the current legal situation.

Sources of the sample texts: