The protection of your personal data is a special concern of ours. We therefore process your data exclusively on the basis of the legal regulations (EU-GDPR, Austrian data protection law TKG 2003).
Details on the new EU General Data Protection Regulation (EU-GDPR) can be found here: http://www.privacy-regulation.eu/en/index.htm
Since the data protection declaration is very extensive, we would like to list briefly what we do not do:
- No Facebook tracking (pixel, like button etc.) or other social media tracking
- No remarketing, so you will not be followed by our advertising on other websites
- No credit checks by us
- We do not ask for unnecessary data (date of birth, gender etc.)
- No automatic decision making or profiling
We put great emphasis on data security, and therefore use modern cloud software, which is continuously developed and protected by professionals.
We limit access to data as far as possible, all employees and service providers are obliged to data protection and confidentiality.
This data protection declaration serves to inform you about the type, scope and purposes of the collection and processing of your data. We, the Eventlights.shop Team / Thomas Gattinger, are responsible for data processing within the meaning of data protection law. If you have any questions about the collection, processing or use of your personal data, please contact our data protection coordinator in writing:
Or by mail:
Collection and processing of your data
As part of your registration, order, newsletter subscription or visit to our website, we collect and process certain personal data relating to you. The nature, scope and purposes of such data processing are described below.
Registration and order process
In the context of your registration in the webshop and your order we process the data provided by you: E-mail address, telephone number*, company name*, first name, surname, street & house number, additional address*, postcode, city, country, VAT ID*, password*.
The data marked in this way are optional, they will only be processed by us if you have provided them. The password can be set at a later time if required.
In addition, the exact time (date and time) and the IP address of the customer are stored when placing an order in the webshop. Order time and IP address are required for the secure operation of the webshop and stored in accordance with Art 6 para 1 lit f GDPR.
- Paypal: https://www.paypal.com/at/webapps/mpp/ua/legalhub-full?locale.x=de_AT
- Heidelpay (Kreditkarte, Sofortüberweisung, iDEAL, Bancontact): https://www.heidelpay.com/de/datenschutz/
- Sofort GmbH (Sofortüberweisung): https://www.klarna.com/sofort/datenschutz/
- Mollie (Credit card, Sofort, Giropay, EPS, iDEAL, Bancontact etc.): https://www.mollie.com/en/privacy
- Amazon Pay: https://pay.amazon.com/de/help/201751600
The data provided by you will be stored in your customer account, processed for the processing of your orders and for the fulfilment of the contracts existing between you and us. Data processing is carried out on the legal basis of Art 6 para 1 lit a GDPR (consent to the storage of data in the customer account) or Art 6 para 1 lit b GDPR (processing is necessary to fulfil the contract). After complete processing of the contract and complete payment of the purchase price, the order data is archived. After expiry of the tax and commercial retention periods or the periods in accordance with the Product Liability Act, we will delete order data upon request.
We change or delete master data in the customer account on request, insofar as there are no legal retention periods to the contrary. In the event that the purchasing process is terminated without a contract being concluded, we will delete data already stored on request (insofar as there are no legal retention periods to the contrary), please contact us.
We would like to be able to give our existing customers an overview of their master data and past orders at any time, therefore an automatic deletion of customer master data and/or order data is not planned at present. We correct and delete data as far as this is permitted by law (retention periods) at any time on request.
Your personal data will only be passed on or otherwise disclosed to third parties if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent. Within the framework of order processing, the service providers we use here (e.g. mail order companies, warehousing service providers, payment service providers, customer service, accountants, tax consultants), for example, receive the necessary data for order and order processing. In the case of a legal regulation, an order by authorities or an official investigation procedure, however, we are legally obliged to provide the respective data to the authorities.
We have integrated the payment method PayPal in this webshop. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as trustee and offers buyer protection services.
PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you select the payment method "PayPal" in our online shop during the order process, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.
The purpose of data transmission is to process payments and prevent fraud. We will transfer personal data to PayPal in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.
We have integrated the Sofortüberweisung payment method via our payment service provider Heidelpay in this webshop. Sofortüberweisung sends us immediately after execution of the payment a payment confirmation, so the order can be dispatched immediately.
The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
If you select "DIRECTebanking" as the payment option in our online shop during the order process, your data will be automatically transferred to Heidelpay or DIRECTebanking. With a selection of this payment option, you consent to the transfer of personal data required for payment processing.
In the case of purchase transactions via direct bank transfer, the buyer transmits the PIN and the TAN to Sofort GmbH. Immediate transfer then carries out a transfer to the online merchant (via our payment service provider Heidelpay) after a technical check of the account balance and retrieval of further data to check the account cover. The execution of the financial transaction will then be communicated to us automatically.
The personal data exchanged by direct bank transfer is first name, surname, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. The purpose of data transmission is to process payments and prevent fraud. We will also transfer other personal data immediately if there is a legitimate interest in the transfer. The personal data exchanged between Sofortüberweisung and us may be transferred by Sofortüberweisung to credit agencies. The purpose of this transmission is to verify identity and creditworthiness.
Sofortüberweisung passes on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of the company.
You have the possibility to revoke your consent to the handling of personal data at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of Sofortüberweisung can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/
The data protection declaration of the technical service provider Heidelpay can be accessed here: https://www.heidelpay.com/de/datenschutz/
Logistics and Shipping
Shipping is done usually via DPD (Austria and EU) or Primetime (Austria). The shipping service provider only receives the information directly necessary for shipping, i.e. the delivery address and any additional address information necessary for delivery. We do not give the customer's contact details (e-mail address or telephone number) to the shipping service provider, unless this is absolutely necessary for a specific type of shipping (express shipping, forwarding agency shipping).
Other shipping methods for larger orders, custom-made products or particularly urgent orders:
- Shipping from our office in Laakirchen, Austria
- Shipping directly from our suppliers to the customer: We have concluded data processing contracts with all suppliers, obliging them to strict data protection. We only hand over data which are absolutely necessary for the dispatch and which may also only be used for the dispatch of the order.
- Dispatch from a Fulfillment by Amazon warehouse: We only hand over data that are absolutely necessary for dispatch
If you register for our newsletter and give us your consent (Art 6 para 1 lit a GDPR), we process your e-mail address and the chosen language for the purpose of sending our newsletter. The IP address of your computer and the date/time of registration will also be stored. We will send you a confirmation e-mail (double opt-in procedure) when you register.
You can revoke your consent at any time or unsubscribe from the newsletter by sending a message to the e-mail address firstname.lastname@example.org or by clicking on the unsubscribe link at the end of each newsletter or by notifying us in another form.
We are committed to the principle of data economy, and therefore only ask for your e-mail address and the desired language. Therefore you can use our newsletter pseudonym (no real name necessary).
Your personal data will be stored as soon as you register for the newsletter. When you unsubscribe from the newsletter, the time of the unsubscription is saved and the email address is saved as "unsubscribed" to ensure that you will not receive another newsletter.
Our newsletter is sent by the technical service provider Mailchimp (https://mailchimp.com/about/). Mailchimp stores the data in the USA, the data protection is guaranteed by a Privacy Shield certification (https://www.privacyshield.gov/). We have concluded a Data Processing Addendum with Mailchimp.
Our newsletter contains tracking pixels and tracking links to measure the success of online marketing campaigns. This enables us to recognize whether a newsletter has been opened and which links in the newsletter have been clicked by the recipient.
These data are stored and evaluated by us or by the technical service provider Mailchimp to optimize the newsletter dispatch and to adapt the content of future newsletters better to the interests of the recipients.
This personal data will not be passed on to third parties. You are entitled at any time to revoke the relevant separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by us. We automatically interpret a cancellation from the receipt of the newsletter as a revocation.
Webshop software and hosting
Our webshop is operated via the "Software as a Service" application Plentymarkets. Plentymarkets is a product of plentysystems AG, Bürgermeister-Brunner-Straße 15, 34117 Kassel, Germany. The software is developed and operated in Germany according to strict data protection standards (TÜV Saarland - Geprüfte Cloud Sicherheit). Learn more about Plentymarkets' privacy practices:
Plentymarkets uses Amazon Web Services (AWS), Frankfurt am Main, Germany (https://aws.amazon.com/de/region-frankfurt/) for hosting the software and delivering the websites accessed. Further information on AWS data protection:
All data of the webshop software (e.g. customer data, order data, invoice documents) are stored in Germany (AWS Frankfurt, see above). We have concluded a data processing agreement with Plentymarkets GmbH.
When you visit our website, we collect personal data to the technically necessary extent (name of the file accessed, date and time of access, übertragene data volume, message über successful access, browser type and version, user's operating system, referrer URL, user's IP address and the requesting provider). These log files are managed by the server administrators of plentysystems AG, used exclusively for the secure operation of the servers, and overwritten after 2 weeks. We have no access to this data. They can not be assigned by us to certain persons, are not combined with data from other data sources and are under no circumstances used for marketing purposes. Server log files are stored in accordance with art. 6 par. 1 lit f GDPR. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
We would like to point out that cookies are used when you visit our website. Cookies are small files or other types of information that are stored by our web server or third party web servers in your web browser. The cookies used when visiting our website serve only the purpose of simplifying the shopping process (e.g. by saving the items stored in a shopping basket) and the use of certain functions of our web shop. The cookies we use will be deleted from your hard drive after you close your browser (session cookies). These data are collected on the basis of § 96 (3) TKG.
Your contract data will be transmitted SSL encrypted over the internet. We protect our website and other systems by technical and organizational measures against loss, destruction, access, change or distribution of your data by unauthorized persons.
Rights as data subject
You have the right of information about your personal data, as well as the right of rectification or deletion or restriction of the processing. You can also object to the processing and have the right of transmission of your personal data in structured, machine-readable form. For all those rights please contact our data protection coordinator, contact details see the top of this page.
Right of appeal
You also have the right to file a complaint with a regulatory authority. In Austria this is: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, phone: +43 1 52 152-0, e-mail: email@example.com, web: https://www.data-protection-authority.gv.at/.
Copyright and source references to this data protection declaration
The data protection declaration was created by our data protection coordinator Thomas Gattinger on the basis of sample texts. It is continuously adapted to the current data processing processes at Eventlights and to the current legal situation.
Sources of the sample texts:
- Austrian E-Commerce trustmark
- Uni Münster / Dr. Hoeren (https://www.uni-muenster.de/Jura.itm/hoeren/lehre/materialien/musterdatenschutzerklaerung)