Thank you very much for visiting our website. We take the protection of your personal data very seriously. That is why we process your personal data exclusively in compliance with the legal provisions of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG). This privacy notice explains how we use your personal data when you visit our website https://woom.com/en_INT (hereinafter referred to as the 'website').
Hereinafter referred to as 'woom', 'we' and 'us'
2.) Types of data processed, purposes and legal bases
2.1 Contact with us
If you get in touch with us via the contact form on our website, via email or over the phone, we process the personal data you voluntarily provide us (e.g. your name and contact details) and the content of your message. We need this data to process your enquiry and, in the event of further questions, to fulfil our precontractual/contractual duties as per Art. 6 (1) (b) of the GDPR.
2.2 Orders in our online shop
If you place an order in our online shop, we process your name, email address, telephone number, address and payment details to process and fulfil your order. Again, we process your data in this way to fulfil our precontractual/contractual duties under Art. 6 (1) (b) of the GDPR.
In order to offer you Klarna's payment methods, we may need to pass on your personal data to Klarna in the form of contact and order details collected when you are placing your order so that Klarna can verify that you qualify for their payment methods and tailor those payment methods to you. If your personal data is passed on in this way, it will be processed in line with Klarna's own privacy notice.
2.3 Our 'upCYCLING' customer loyalty scheme
If you choose to join our customer loyalty scheme, we need to process your name and payment details to manage your membership. We also process your address and contact details so we can send you your membership card. We process your data in this way to fulfil our precontractual/contractual duties under Art. 6 (1) (b) of the GDPR.
2.4 Competitions and events
We regularly organise competitions and events for our customers. In order to participate, you can register on our website or by email. If you do so, we process your name, your contact details (e.g. email address and telephone number) and your address for the purpose of organising and running the event. Some competitions also require you to submit an entry (e.g. in photo or text form). In that case, we need to process the entries in order to pick a winner. We process your data in this way to fulfil our precontractual/contractual duties under Art. 6 (1) (b) of the GDPR and to comply with the legal obligations associated with competitions as per Art. 6 (1) (c) of the GDPR (e.g. competition taxes). If we process any further data as part of a competition or event, we will inform you separately.
2.5 Customer surveys
We conduct customer surveys in order to constantly develop and improve our products.
2.6 Management of contractual relationships with customers arising from warranty agreements, handling of warranty claims
Conclusion of warranty agreements: Some of the controller's products include manufacturer warranties. Once a warranty agreement has been registered or a warranty claim has been submitted, the warranty agreement provides the legal basis for data processing.
We send out a newsletter to keep you updated about our products and services and invite you to participate in events and competitions.
If we send you our newsletter in the post, we process your name and address. We have a legitimate interest in processing your personal data for the purpose of direct marketing in accordance with Art. 6 (1) (f) of the GDPR.
You also have the option of subscribing to our personalised digital newsletter. Based on your voluntary consent, we process your name, email address, preferred language and information about your buying habits and consumer behaviour so that we can provide you with relevant and interesting information by email about our company, our products and our services. We also process your IP address, your preferred email client, the sign-up source and campaign-related details (receipt, open and click rates) to track the success of our newsletter. You can revoke your consent with immediate effect at any time without providing a reason; for instance, by clicking on the unsubscribe link in the email.
2.8 Usage data
When you visit our website, we store your IP address for seven days in order to prevent targeted attacks that overload servers (denial of service attacks) and other damage to our systems. The legal basis for processing your data in this way is our overriding legitimate interest in keeping our website working and secure as per Art. 6 (1) (f) of the GDPR in conjunction with Section 96 (3) of the TKG.
3.) Automated decision-making
Customers are not subject to automated decision-making that will have a legal effect on them.
4.) External data recipients
We share your personal data with the following external service providers (data processors) where necessary:
- IT service providers and/or providers of services such as data hosting and data processing
- Other service providers and providers of software solutions and tools (e.g. newsletter sending services, survey tools, marketing service providers) that we commission to support us in providing our services
All our data processors only ever process your data on our behalf and on the basis of our instructions for providing the services specified above.
We also share your personal data with the following recipients where necessary:
- Third parties we rely upon to fulfil our obligations to you (e.g. banks used to process your payments and shipping services used to deliver your orders)
- Other external third parties as required, based on our legitimate interests (e.g. auditors, insurance providers and legal representatives)
- Authorities and other government offices as required by law (e.g. financial authorities and data protection authorities)
If we process your data in a third country outside of the European Union (EU) or the European Economic Area (EEA), or if your data is processed through the use of third-party services, it will only be to the extent required for us to fulfil our precontractual/contractual duties or our legal obligations or on the basis of your consent or our legitimate interests. We have implemented appropriate and adequate safeguards to ensure that the transfer of your data to the respective third country is carried out in conformity with privacy protection (e.g. adequacy decisions, binding corporate rules and agreement on standard privacy protection clauses). You can request that we send you a copy of these safeguards if we are processing your data or having your data processed in a third country.
5.) Storage period
We only store your data for as long as it is needed to fulfil its specific purpose. Personal data (especially the IP address) of (non-registered) website users will be stored for seven days for reasons of IT security and will subsequently be deleted.
Data required for us to fulfil our accounting (Section 190 and 212 of the Austrian Commercial Code) and tax obligations (Section 132 of the Austrian Federal Tax Code) within the context of our contractual relationship is stored for seven years. If you sign up for our customer loyalty scheme, we continue to store the associated data for seven years after you cancel your membership.
We store any data associated with your enquiries for six months to allow us to respond to any questions or queries. Data associated with competitions and events is stored until the corresponding competition or event has ended provided that there are no requirements to store it for longer under commercial or tax law.
If you have subscribed to our newsletter, we will continue to process your data until you revoke your consent or object to us processing your data in this way. Otherwise, we will delete your data no later than three years after the last contact.
Data may be stored for longer than specified if required to assert our legal rights or defend against legal claims. In that case, the data will be stored based on our legitimate interests as per Art. 6 (1) (f) of the GDPR.
6.) Rights of data subjects
You have the right to receive information about whether and to what extent your personal data is being processed.
You have the right to ask for inaccurate personal data to be corrected and incomplete personal data to be completed without delay. You also have the right to ask for your personal data to be erased without delay provided that the reasons defined in Article 17 (1) of the GDPR are met.
You have the right to restrict the processing of your personal data provided that the reasons defined in Article 18 (1) of the GDPR are met.
You have the right to object to the processing of your personal data on the basis of an overriding legitimate interest. You also have the right to withdraw your consent with immediate effect at any time without providing a reason.
You also have the right to receive personal data you have provided in a structured, commonly used and machine-readable format.
6.1 Right to lodge a complaint
Data subjects have the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates this regulation.
Austrian Data Protection Authority
1030 Vienna, Austria
Telephone number: +43 1 52 152-0
Email address: [email protected]
Before you lodge a complaint with the supervisory authority or if you have any other questions relating to data protection, you can get in touch with us at any time using the contact details provided above under point 1.