Privacy policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to briefly as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “Online Offering”).

The terms used are not gender-specific. Status: July 16, 2024

 

Controller (Responsible Party)

Best4you Handels-GmbH
Rosenweg 2
8662 St. Barbara im Mürztal

Austria

Management: Prim. Dr. Erich Schaflinger MSc., Dipl. Bw. Franz Hohensinner MBA, Dr. Roland Naglis

Phone: +43 (0) 664 / 182 6057

Email: office@bestyou.at

Legal Notice: https://bestyou.at/en/contact/legal-notice/

 

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data (e.g., names, addresses).

  • Content data (e.g., entries in online forms).

  • Contact data (e.g., email, telephone numbers).

  • Meta/communication data (e.g., device information, IP addresses).

  • Usage data (e.g., websites visited, interest in content, access times).

  • Location data (information on the geographical position of a device or a person).

  • Contractual data (e.g., subject matter of the contract, duration, customer category).

     

  • Payment data (e.g., bank details, invoices, payment history).

     

Categories of Data Subjects

  • Business and contractual partners.

  • Interested parties.

  • Communication partners.

  • Customers.

  • Users (e.g., website visitors, users of online services).

     

Purposes of Processing

  • Provision of our online offering and user-friendliness.

  • Evaluation of visit actions.

  • Office and organizational procedures.

  • Cross-device tracking.

  • Direct marketing (e.g., by email or post).

  • Interest-based and behavioral marketing.

  • Contact requests and communication.

  • Conversion measurement.

  • Profiling (creating user profiles).

  • Remarketing and reach measurement.

  • Security measures.

  • Provision of contractual services and customer service.

Relevant Legal Bases

We process personal data based on the General Data Protection Regulation (GDPR). The following legal bases apply:

  • Consent (Art. 6 (1) (a) GDPR).

  • Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

  • Legal obligation (Art. 6 (1) (c) GDPR).

  • Legitimate interests (Art. 6 (1) (f) GDPR).

 

Security Measures

We take appropriate technical and organizational measures (TOMs) in accordance with legal requirements to ensure a level of protection appropriate to the risk. This includes:

  • SSL Encryption (HTTPS): To protect your data transmitted via our online offering.

  • Confidentiality and Integrity: Control of physical and electronic access to data.

 

Data Processing in Third Countries

If we process data in a third country (i.e., outside the EU or EEA), this is done only in compliance with legal requirements, such as the EU-U.S. Data Privacy Framework (DPF), standard contractual clauses, or based on an adequacy decision by the EU Commission.

 

Use of Cookies

Cookies are small text files stored on end devices.

  • Consent: We use cookies based on your prior consent, unless they are technically strictly necessary for the operation of the website.

  • Storage Period: * Temporary cookies (Session cookies): Deleted after you leave the website.

    • Permanent cookies: Remain stored for up to two years to recognize returning visitors.

  • Opt-Out: You can deactivate cookies in your browser settings or via specialized services like youronlinechoices.com.

 

Commercial and Business Services

We process data of our contractual partners for the fulfillment of contractual obligations, administration, and organization.

  • Retention Period: Data is generally deleted after 4 years (statutory warranty) or 10 years (tax archiving requirements).

  • Customer Account: Users can create an account. This data is not public and cannot be indexed by search engines.

  • E-Commerce: Data is processed for product selection, ordering, payment, and delivery.

 

Payment Service Providers

We use external payment services (e.g., PayPal, QENTA) to ensure efficient and secure transactions. These providers process payment data (bank details, credit card numbers) independently. We only receive confirmation or rejection of the payment.

 

Web Analysis and Marketing

We use tools to analyze user behavior and display targeted advertising:

  • Google Analytics: Pseudonymous analysis of visitor flows. IP masking is active (shortening of the IP address).

  • Google Tag Manager: Management of website tags.

  • Meta Pixel: Target group formation (Custom Audiences) for Facebook and Instagram ads.

  • Google Ads: Conversion measurement to analyze the success of our advertising measures.

 

Social Media Presence

We maintain profiles on social networks (Instagram, Facebook, LinkedIn, Pinterest, TikTok, X, YouTube, Xing) to communicate with users. Please note that user data may be processed outside the EU (mostly in the USA) by these providers.

 

Rights of Data Subjects

Under the GDPR, you have the following rights:

  1. Right to Object: Object to processing based on legitimate interests or for direct marketing.

  2. Right to Withdraw Consent: At any time for the future.

  3. Right of Access: Request information about your stored data.

  4. Right to Rectification: Correction of incorrect data.

  5. Right to Erasure (“Right to be forgotten”): Deletion of your data.

  6. Right to Data Portability: Receive your data in a machine-readable format.

  7. Right to Lodge a Complaint: With a data protection supervisory authority.