Privacy Policy
The controller responsible for data processing on this website in accordance with the General Data Protection Regulation (GDPR) is
Beata Magdalena Kulesza
Seitenstettengasse 5/37
1010 Vienna
+43 699 190 85 803
info@kissenly.com
1) Data Collection When Visiting Our Website
When you visit our website for informational purposes only, meaning that you do not register or otherwise transmit information to us, we only collect the data your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which are technically necessary for us to display the website:
- The website you visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Article 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to review the server log files subsequently if there are concrete indications of illegal use.
2) Cookies
To make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (so-called persistent cookies).
When cookies are set, they collect and process specific user information such as browser and location data as well as IP address values to a certain extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can find out the storage duration of individual cookies in the overview of your browser’s cookie settings.
In some cases, cookies are used to simplify the ordering process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit). If personal data is processed by individual cookies set by us, this processing is carried out either in accordance with Article 6(1)(b) GDPR for the execution of the contract, in accordance with Article 6(1)(a) GDPR in the event of consent, or in accordance with Article 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective design of the site visit.
Please note that you can set your browser to notify you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser manages cookie settings differently. The help menu of each browser describes how to change your cookie settings. You can find this information for the respective browsers at the following links:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox: https://support.mozilla.org/en/kb/cookies-allow-and-disable
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Safari: https://support.apple.com/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if you do not accept cookies, the functionality of our website may be limited.
3) Contact & Hosting
Contact
When contacting us (e.g., via contact form or email), personal data is collected. The specific data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration.
The legal basis for processing these data is Article 6(1)(b) GDPR (necessary for the execution of pre-contractual measures). Your data will be deleted three years after the final processing of your request.
Shopify
For hosting our website and displaying the content of the pages, we use the system of the following provider:
Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")
Data is also transmitted to:
Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the servers of the provider. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorized disclosure to third parties.
In the case of data transfer to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
Review Reminder
Exclusively on the basis of your express consent in accordance with Article 6(1)(a) GDPR, we will use your email address to remind you once to submit a review of your order. You can revoke your consent at any time by notifying the controller.
4) Data Processing for Contract Fulfillment
Contract Fulfillment
In accordance with Article 6(1)(b) GDPR, personal data is collected and processed when you provide it to us for the performance of a contract. The specific data collected can be seen from the respective order form. We store and use the data you provide to process the contract.
After the complete fulfillment of the contract or the deletion of your customer account, your data will be deleted in compliance with tax and commercial law retention periods (currently 7 years).
5) Data Processing for Order Fulfillment
5.1
To the extent necessary for fulfilling the contract, your personal data, which we collect, is shared with the commissioned transport company and the financial institution for delivery and payment purposes, in accordance with Article 6 (1) (b) of the GDPR.
We also work with the service providers listed below, who support us in whole or in part in processing orders. Personal data is shared with these service providers in line with the following information.
5.2 Use of Specific Service Providers for Order Processing and Fulfillment
To meet our contractual obligations to our customers, we also collaborate with external shipping partners. Your name, delivery address, and, where necessary, your email address and telephone number will be shared exclusively for the purpose of delivering goods in accordance with Article 6 (1) (b) of the GDPR with the following shipping providers:
- DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany
- General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Straße 1–7, 36286 Neuenstein, Germany
- Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria
5.3 Use of Payment Service Providers (Payment Processors)
Apple Pay
If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment is processed via the "Apple Pay" function of your iOS, watchOS, or macOS device by debiting a payment card stored in "Apple Pay." Apple Pay uses security features built into the hardware and software of your device to protect your transactions. To authorize a payment, you need to enter a code that you previously set up and verify via the Face ID or Touch ID function of your device.
For payment processing, the information provided during the order process, along with your order details, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider associated with the payment card stored in Apple Pay. The encryption ensures that only the website from which the purchase was made can access the payment data. Once the payment is made, Apple sends a confirmation of payment success, along with your device account number and a transaction-specific dynamic security code, to the originating website.
If personal data is processed as part of these transfers, it is solely for payment processing in accordance with Article 6 (1) (b) of the GDPR.
Apple stores anonymized transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was successful. This anonymization ensures that no connection can be made to an individual. Apple uses this anonymized data to improve "Apple Pay" and other Apple products and services.
If you use Apple Pay on an iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store this information in a way that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings under "Wallet & Apple Pay" by turning off "Allow payments on Mac."
Further details on Apple Pay privacy can be found at the following link: https://support.apple.com/de-de/HT203027
Google Pay
If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment is processed through the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") with NFC functionality by debiting a payment card stored in Google Pay or a verified payment system (e.g., PayPal). To authorize a payment of more than €25, you need to unlock your mobile device using a verification method (e.g., facial recognition, password, fingerprint, or pattern).
For payment processing, the information you provide during the order process, along with your order details, is transmitted to Google. Google then transmits your stored payment information in Google Pay in the form of a one-time transaction number to the originating website, which verifies the payment. This transaction number contains no real payment data for the payment method stored in Google Pay but is created and transmitted as a one-time valid numerical token. Google acts only as an intermediary for the payment process, while the transaction is exclusively between the user and the originating website by debiting the payment method stored in Google Pay.
If personal data is processed during these transfers, it is solely for payment processing in accordance with Article 6 (1) (b) of the GDPR.
Google reserves the right to collect, store, and evaluate specific transaction-related information for each transaction made using Google Pay, including the date, time, and amount of the transaction, the merchant's location and description, a description of the goods or services purchased, photos you attach to the transaction, the seller’s and buyer's or sender’s and recipient’s names and email addresses, the payment method used, your description of the reason for the transaction, and, if applicable, any associated offer.
Google claims that this processing is solely in accordance with Article 6 (1) (f) of the GDPR, based on their legitimate interest in ensuring proper accounting, verifying transaction data, and optimizing and maintaining the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information collected and stored through the use of other Google services.
Google Pay's terms of service can be found here: Google Pay Terms
More privacy information about Google Pay can be found at the following link: Google Pay Privacy
Klarna
This website offers one or more online payment methods from Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If you choose a prepayment method (e.g., credit card), your payment data provided during the order process (such as name, address, bank and card information, currency, and transaction number), along with order details, will be shared with Klarna in accordance with Article 6 (1) (b) of the GDPR, for the purpose of processing your payment.
If you select a payment method where Klarna provides a prepayment (e.g., invoice or installment purchase or direct debit), you will be asked to provide certain personal information (first and last name, street, house number, postal code, city, date of birth, email address, phone number, and possibly alternative payment details).
Stripe This website offers one or more online payment methods provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. If you select a payment method provided by this provider where you pay in advance (e.g., credit card payment), your payment data (including your name, address, bank and card information, currency, and transaction number) provided during the ordering process will be forwarded to Stripe for payment processing in accordance with Art. 6(1)(b) GDPR. This data transfer occurs solely for the purpose of processing the payment and only to the extent necessary for this purpose.
If you choose a payment method where Stripe pays in advance (e.g., invoice, installment payment, or direct debit), you will be required to provide additional personal data (such as first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data for an alternative payment method) during the ordering process.
To safeguard our legitimate interest in assessing the creditworthiness of our customers, we will forward this data to Stripe in accordance with Art. 6(1)(f) GDPR for the purpose of credit assessment. Stripe will assess, based on your personal data and other information (e.g., shopping cart, invoice amount, order history, and payment experiences), whether the payment option you selected can be granted in view of payment and/or default risks.
The credit check may contain probability values (so-called score values). These score values are calculated using a scientifically recognized mathematical-statistical method. Among other things, but not exclusively, address data is included in the calculation of score values.
You can object to this processing of your data at any time by sending us a message or notifying the provider. However, the provider may still be entitled to process your personal data if it is necessary for the contractual payment processing.
6) Use of Your Data for Direct Marketing 6.1 Newsletter Subscription If you sign up for our email newsletter, we will regularly send you information about our offers. The only required information for sending the newsletter is your email address. By subscribing, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When subscribing to the newsletter, we store the IP address provided by your Internet Service Provider (ISP) and the date and time of your subscription to help track any potential misuse of your email address. The data collected during your newsletter subscription will be used solely for the purpose of promotional communication via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying us. Once unsubscribed, your email address will be immediately removed from our newsletter distribution list.
6.2 Newsletter to Existing Customers If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. For this, we do not need to obtain separate consent from you in accordance with § 174 TKG. Data processing is based solely on our legitimate interest in personalized direct marketing in accordance with Art. 6(1)(f) GDPR and § 174 TKG. If you objected to the use of your email address for this purpose initially, no emails will be sent. You have the right to object to the use of your email address for this purpose at any time for the future by notifying us.
7) Web Analytics/ Retargeting/ Remarketing and Conversion Tracking 7.1 Google Analytics 4 This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland ("Google"). Google Analytics 4 allows us to analyze your use of our website.
By default, cookies are set by Google Analytics 4 when you visit the website, which collect certain information. This includes your IP address, which is truncated by Google to prevent direct personal identification.
The information is transmitted to Google’s servers and processed there, which may include transfers to Google LLC in the USA. Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is anonymized and not merged with other Google data. Data collected through Google Analytics is stored for two months and then deleted.
All the aforementioned processing operations, particularly the setting of cookies on your device, will only occur if you have given us your explicit consent according to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with future effect by deactivating this service in the website’s cookie consent tool.
We have entered into a data processing agreement with Google to ensure the protection of our website visitors' data and prevent unauthorized data sharing with third parties. Additional legal notices related to Google Analytics 4 can be found at: Google Privacy Policy.
Demographics and Google Signals Google Analytics 4 uses demographic data to provide statistics on the age, gender, and interests of site visitors, which is used for targeted marketing. This data is anonymous and cannot be linked to a specific person and is deleted after two months.
Google Signals, an extension of Google Analytics 4, may be used on this site to create cross-device reports if you have enabled personalized ads and linked your devices to your Google account. To stop this cross-device analysis, you can disable personalized advertising in your Google account settings.
Meta Pixel This website also uses "Meta Pixel" from Meta Platforms Ireland Ltd., allowing us to track the performance of ads on Facebook and Instagram and to target advertising based on your behavior on our website. Data collected is anonymous to us but may be stored by Meta. For processing to occur, your explicit consent is required under Art. 6(1)(a) GDPR, which can be withdrawn at any time. Meta may transfer data to servers in the USA.
For more information, visit the respective privacy policies of these providers, which outline data collection and handling practices.
7.5 Facebook Plugins
Our website uses plugins from the social network provider Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These plugins allow direct interaction with content on the social network. To enhance data protection during your visit to our website, the plugins are initially disabled and integrated using a "2-click" or "Shariff" solution.
This integration ensures that no connection to the provider’s servers is made when a page of our website containing such plugins is accessed. Only when you activate the plugins and give your consent to the data transfer in accordance with Art. 6 (1) (a) GDPR, your browser establishes a direct connection to the provider's servers. At this point, regardless of whether you're logged into a user profile, certain information about your device (including your IP address), your browser, and your browsing history is transmitted to the provider and may be further processed there.
If you are logged into a user profile on the provider’s social network, information about your interactions with the plugins will also be published and shown to your contacts. You can revoke your consent at any time by deactivating the activated plugin again with another click. However, the revocation does not affect any data already transferred to the provider.
Data may also be transmitted to: Meta Platforms Inc., USA. We have a data processing agreement with the provider, ensuring the protection of our site visitors' data and preventing unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on a decision by the European Commission, ensures compliance with European data protection standards.
7.6 Facebook Connect
Our website provides a single sign-on (SSO) feature from the following provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. In addition to data being transferred to the aforementioned provider location, data may also be transmitted to: Meta Platforms Inc., USA.
If you have an account with the provider, you can log in with your account details to create a user account or register on our website. When you visit this page, a direct connection between your browser and the provider's servers may be established, even if you do not have an account with the provider or are not logged in. The provider will receive information that you have visited our site. This information (possibly including your IP address) is transmitted directly from your browser to the provider's server and stored there. However, this information will not be used to personally identify you or shared with third parties.
These data processing operations are carried out in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest in providing a user-friendly and interactive online presence. If you press the login button to register on our website using your provider account data, the provider will, based on your explicit consent according to Art. 6 (1) (a) GDPR, transfer the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us.
We store and use the data transmitted by the provider to set up a user account with the necessary information (salutation, first name, last name, address, country, email address, birthdate), provided that you have made this information available to the provider. Conversely, with your consent, data (e.g., information about your browsing or purchasing behavior) can be transferred from us to your account with the provider.
The consent granted can be revoked at any time with effect for the future. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.
8) Tools
8.1 Consent Tool
This website uses a "Cookie Consent Tool" to obtain effective user consent for cookies and cookie-based applications requiring consent. The "Cookie Consent Tool" is presented to users in the form of an interactive user interface when they visit the site, where users can give their consent for certain cookies and/or cookie-based applications by checking boxes. This tool ensures that consent-based cookies/services are only loaded when the respective user has given consent by checking the appropriate boxes.
The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed during this process. If personal data (such as an IP address) is processed for storage, assignment, or logging of cookie settings, this is done in accordance with Art. 6 (1) (f) GDPR, based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management for our website.
Additionally, Art. 6 (1) (c) GDPR serves as a legal basis for processing, as we are legally obligated to make the use of non-essential cookies dependent on user consent. If necessary, we have entered into a data processing agreement with the provider to ensure the protection of the data of our website visitors and to prevent unauthorized disclosure to third parties.
Further information about the operator and the settings options for the Cookie Consent Tool can be found directly in the relevant user interface on our website.
9) Rights of the Data Subject
9.1 The applicable data protection law grants you the following rights regarding the processing of your personal data, which we inform you about below:
- Right to access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restrict processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent (Art. 7 (3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
9.2 Right to Object
You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. Further processing is reserved if compelling legitimate reasons exist.
10) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, the respective statutory retention periods (e.g., corporate and tax-related retention periods).
When processing personal data based on explicit consent in accordance with Art. 6 (1) (a) GDPR, this data will be stored until the data subject revokes their consent.
If statutory retention periods exist for data processed in the context of contractual or contract-like obligations based on Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods expire, provided it is no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in continuing to store it.
When processing personal data for the purpose of direct marketing based on Art. 6 (1) (f) GDPR, this data will be stored until the data subject exercises their right to object according to Art. 21 (2) GDPR.
Unless otherwise stated in the other information of this declaration regarding specific processing situations, stored personal data will also be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.