Terms of condition

Privacy Statement

Data Privacy Statement for Milford Tee Austria GmbH

Europewide in place are the regulations of the General Data Protection Regulation (continuingly called GDPR). Herewith we want to inform you about the collection and processing of private data by our company with respect to this regulative (Articles 13 and 14 DSGVO). In case you have any questions or remarks with respect to this data privacy statement, you can address them via the email-address stated under 2 resp. 3 below.

 

Overview of Contents:

  1. Overview
  2. Validity
  3. Responsibility
  4. Data security person
  5. Data security
  6. The data processing in detail
  7. In General about data processing
  8. Call the website / application
  9. Contact form
  10. Raffles
  11. Promotions
  12. Tracking

III.    Affected rights

  1. Right to objection
  2. Right to knowledge
  3. Right to correction
  4. Right to cancellation („right to be forgotten“)
  5. Right to restriction of processing
  6. Right to data portability
  7. Withdrawal with consent
  8. Right of appeal

 

 

I.               Overview

In this part of the data privacy statement you can find information on its validity, the responsible for data processing, its data security responsible and on data security.

1.              Validity

Data processing by Milford Tee Austria GmbH can basically be divided into two categories:

–             For the means of executing contracts Milford Tee Austria GmbH processes all data that are necessary for executing the contract. If also external service companys form part in executing the contract, private data are shared with them only in the necessary amount.

–             When Opening the website/application of Milford Tee Austria GmbH, different kids of informations are transmitted between your devide and our server. Among these can also be private data. The by this means generated information are used e.g. to optimize the website or to display advertisements in the browser of our device.

 

This data privacy statement is valid for the following services:

–          our online offer accessible via www.milford.at and www.milford-tea.com

–          in any case, if in any of our offers (e.g. websites, subdomains, mobile applications, web services or integration on third-party websites) immer dann, wenn sonst aus einem unserer Angebote (z.B. Websites, Subdomains, mobilen Applikationen, Webservices oder Einbindungen in Drittseiten) is referred to this data privacy statement, no matter how you access or use them.

All this offers are referred to as „services“.

 

2.              Responsibility

Responsible for the processing of data – the entity deciding on the means and use of processing private data – in context with the services is

Milford Tee Austria GmbH Schlöglstrasse 53 6060 Hall in Tirol ÖSTERREICH

Tel.: 05223 5800-0 Fax: 05223 5800-20 E-Mail: info@milford.at

 

3.              Data security person

You can contact our data security person by the following contact information:

Contact form:

https://www.dsextern.de/anfragen

DS EXTERN GmbH

Dipl.-Kfm. Marc Althaus

Bredkamp 53a

D-22589 Hamburg

4.              Data security

For the development of the measures pointed out in Art. 32 GDPR and to reach an adequate level of protection , we established the information secutiry standard according to VdS 3473 in our company.

 

The directives of VdS – Cyber-Security for small and medium enterprises (KMU) of VdS Schadenverhütung GmbH highlight requirements and tips for implementing an information security management system as well as concrete measures fort he organisational and technical protection of IT infrastructure. They are pointed out with the goal of providing an adequate level of protection.

 

II.             The data processing in detail

In this section we inform you in detail about the processing of private data in executing our services. For better redability we divide the information in different parts according to the purpose of our services. While using our services different functionalities and different processing steps can be executed at the same time or one after the other.

1.              In General about data processing

The following is valid for all of our data processing, if not stated differently:

a.     No obligation to declare

There is no contractual nor judicial obligation to declare private data. You are not obliged to declare personal information.

b.     Consequences of non-declarance

If data are mandatory (data that are marked as „mandatory“ in the entering form) the non-declarance has the consequence that the service cannot be executed. In other cases the non-declarance can have the consequence, that our services cannot be executed in the same form or quality.

c.      Agreement

In different cases you have the possibility to give us your agreement for further processing of your data (or part of your data) within the below described services. In this case we inform you with a separate declarance of agreement about all modalities and the extent of your agreement as well as which purpose is behind the processing.

 

d.     Transmission of private data in third countries

In case we transmit data in third countries, meaning countries outside the Europea Union, we transmit them exclusively obliging the legal requirements.

These legal requirements are regulated in Art. 44 -49 GDPR.

e.     Hosting via external service providers

Our data processing is executed in large extent via hosting service providers, that place server capacity and processing capacity at our disposal and also process private data for us on our behalf. The service providers process data exclusively within the European Union or we have guaranteed an adequate level of data security by the EU standard contractual clauses for the transfer of personal data.

 

  • Transmission of private data to state authorities

We transfer personal data to governmental authorities (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) (c) GDPR) or to assert, exercise or defend legal claims is required (legal basis Art. 6 para. 1 f) GDPR).

g.     Storage Time

We do not store your data longer than we need for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, these are deleted on a regular basis, unless their temporary retention is still necessary. Reasons for this may e.g. Be the following:

  • The fulfillment of commercial and tax-related retention requirements
  • The receipt of evidence for legal disputes within the framework of the statutory limitation regulations

 

 

Likewise it is possible for us to store your data further with us, if you have expressly given your consent.

 

h.     Categories of recipients

In addition to the categories of recipients listed below, personal data are also transmitted to the following categories of recipients: shipping service providers, telephone and fax providers.

 

i.       Data Categories

      • Account data: Login / user ID and password
      • Personal data: title, salutation / gender, first name, last name, date of birth
      • Address data: Street, house number, if necessary adresses, postal code, city, country
      • Contact data: Telephone number (es), fax number (es), e-mail address (es)
      • Credentials: information about the service you have signed up for; Dates and technical information on registration, confirmation and deregistration; at the registration of you specified data
      • Access data: date and time of visiting our service; the page from which the accessing system came to our site; pages accessed during use; Session identification data; and the following information about the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information

 

2.              Call the website / application

Here’s how we process your personal information when you visit our services. In particular, we point out that the transmission of access data to external content providers (see b.) Is inevitable due to the technical functioning of the information transfer in the Internet.

 

a.               Information about processing

Data category Functional specifications Legal basis Possibly legitimate interest Storage duration
Access data Establishing a connection, presenting the contents of the service, detecting attacks on our site due to unusual activity, fault diagnosis Art. 6 (1) (f) GDPR proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference with information systems 7 days

 

b.               Recipient of personal data

Recipient category Affected data Legal basis of data transfer Possibly legitimate interest
Hosting service provider

 

Access data Order processing (Art. 28 GDPR)
IT security service provider

 

Access data Order processing (Art. 28 GDPR) Preventing attacks by exploiting vulnerabilities / vulnerabilities
Google Maps Access data Art. 6 (1) (f) GDPR Added benefit and comfort for the user

 

3.              Contact form

What happens to your personal data in connection with the use of our contact forms, we describe here:

 

a.               Information about processing

Data category Functional specifications Legal basis Possibly legitimate interest Storage duration
Contact details (mandatory specification) Inquiries from customers and prospects Art. 6 (1) (f) GDPR Processing of requests Processing time of inquiries
People master data Personalization of request processing Art. 6 (1) (f) GDPR Personalization of request processing; Delivery possibility for example: Replacement delivery, information material … Processing time of inquiries
Address data Mailing Art. 6 (1) (f) GDPR Delivery possibility for example: Replacement delivery, information material … Processing time of inquiries
Free text (mandatory specification) Informationen zum Anliegen Art. 6 (1) (f) GDPR Processing of requests Processing time of inquiries

 

 

4.              Raffles

How we process your personal data when you participate in our raffles can be found here:

 

 

a.               Information about processing

Data category Functional specifications Legal basis Possibly legitimate interest Storage duration
People master data Conduct of a raffle Art. 6 (1) (b) GDPR Duration of the raffle, for the winners until final settlement
Contact data Conduct of a raffle Art. 6 (1) (b) GDPR Duration of the raffle, for the winners until final settlement
Address data Conduct of a raffle Art. 6 (1) (b) GDPR Duration of the raffle, for the winners until final settlement

 

b.               Recipient of personal data

Recipient category Affected data Legal basis of data transfer Possibly legitimate interest
Promotion partner for Goodies See a) Order processing (Art. 28 GDPR)

 

5.              Promotions

 

How we process your personal data when you participate in our promotions can be found here:

 

 

a.               Information about processing

Data category Functional specifications Legal basis Possibly legitimate interest Storage duration
People master data Conduct of a promotion Art. 6 (1) (b) GDPR Duration of the promotion until final settlement
Contact data Conduct of a promotion Art. 6 (1) (b) GDPR Duration of the promotion until final settlement
Address data Conduct of a promotion Art. 6 (1) (b) GDPR Duration of the promotion until final settlement

 

b.               Recipient of personal data

Recipient category Affected data Legal basis of data transfer Possibly legitimate interest
Promotion service agency See a) Order processing (Art. 28 GDPR)

6.              Tracking

The following describes how your personal information is processed using tracking technologies to analyze and optimize our services and for promotional purposes.

The description of tracking methods also includes information on how you can prevent or counteract the processing of data. Please note that the so-called „opt-out“, ie the rejection of processing, is usually stored via cookies. If you use our services via a new device or in another browser, or if you have deleted the cookies set by your browser, you must explain the refusal again.

 

The tracking methods described process personal data only in pseudonymous form. A connection with a specific, identified natural person, ie a combination of the data with information about the carrier of the pseudonym, does not take place.

Tracking to analyze and optimize our services and their use, as well as measure the success of advertising campaigns and optimize advertising

Purposes of processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and to adapt them to the needs of the users and to correct errors. It also serves to statistically determine parameters for the use of our services (range, intensity of use, user surfing behavior) on the basis of uniform standard procedures and thus to obtain comparable values ​​across the market.

Tracking to measure the success of advertising campaigns is designed to optimize our ads for the future, as well as to help advertisers and marketers optimize their ads accordingly. The aim of tracking to optimize the display of advertisements is to show users advertising tailored to their interests, to increase the success of the advertising and thereby also the advertising revenues.

 

Legal basis of processing

Consent pursuant to Art. 6 para. 1 lit. a i. V. m. Art. 4 Nr. 11, 7 Abs. 3 DSGVO i.V.m. Recitals 32, 40, 42, 43

The tracking methods used in detail

Name of the service Functionality Possibility to prevent processing (opt-out) Data transfer to third country? Possibly Adequacy decision (Article 45 GDPR) Possibly suitable guarantees, (Art. 46 GDPR)
Google Analytics Web analysis tools.google.com/dlpage/gaoptout?hl=de) no    
Facebook Impressions Advertising effectiveness measurement yes EU-U.S. Privacy Shield https://www.privacyshield.gov/list
Adsrvr TradeDesk http://www.adsrvr.org/opt-out.html ja EU-U.S. Privacy Shield https://www.privacyshield.gov/list

If you want to opt out of interest-based advertising, you can also go to http://www.youronlinechoices.com/en/, click on „Preference Management“ and follow the instructions to use the data for interest-based advertising listed there Service providers completely or individually to prevent. You will still receive advertising, but it is not interest-based.

 

III.       Affected rights

1.              Right to objection

 If we process your personal data in order to operate direct mail, you have the right at any time, with future effect, to object to the processing of personal data concerning you for the purpose of such advertising.

You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you at any time with regard to the future in accordance with Article 6 (1) (e) or (f) GDPR appeal.

The right to object can be exercised free of charge.

You can reach us via the contact details listed under I.2.

2.              Right to knowledge

You have the right to know whether personal data concerning you are processed, which personal data this may be, and further information in accordance with Art. 15 GDPR.

3.              Right to correction

You have the right to demand that we correct your incorrect personal data without delay (Art. 16 GDPR). Taking account of the purposes of the processing, you have the right to demand the completion of incomplete personal data, including by means of a supplementary declaration.

4.              Right to cancellation („right to be forgotten“)

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons stated in Art. 17 (1) GDPR is applicable and the processing is not for one of the purposes set out in Art. 17 (3) GDPR is required.

 

5.              Right to restriction of processing

You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 (1) (a) to (d) GDPR is met.

6.              Right to data portability

You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another person responsible without hindrance or to obtain that a direct transmission takes place by us, if this is technically possible. This should always apply if the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.

 

7.              Withdrawal with consent

If the processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing on the basis of the consent until the revocation is not affected.

8.              Right of appeal

You have the right of appeal to a supervisory authority.

 

Contact   |   Imprint   |   Sitemap   |   Terms of Use/Privacy Statement Copyright © 2014 - Milford Tee Austria Gmbh