Privacy Policy
Data Protection Officer:
Inntal Electronic Loecker GmbH
Untere Sparchen 16
6330 Kufstein
Austria
E-mail: office@inel.at
Use of Personal Data in Ordering Processes:
When you place an order in the online shop, the following personal data is processed:
- Name
- Email address
- Address (residential address and delivery address)
- Phone number
- Information regarding payment transactions (see below)
The processing purpose is the execution of the order or the fulfillment of the concluded contract. The legal basis for data processing is therefore Art. 6(1)(b) GDPR. Storage duration: Your data will be stored until the completion of the contract and beyond for the processing of any warranty and compensation claims, and then deleted. Certain invoice data (accounting documents, invoices) will also be stored for the statutory retention period of 7 years.
Your data may be transmitted to commissioned shipping companies for shipping purposes. Depending on the payment service provider you choose during the order process, we disclose the payment data collected for payment processing to the credit institution or payment service provider commissioned by us, or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in with your access data during the order process. In this regard, the privacy policy of the respective payment service provider applies. It may occur during payment processing that your data is forwarded to a credit reporting agency by the service provider to check your creditworthiness. We also refer to the General Terms and Conditions and the privacy policies of the payment service providers regarding this. Credit Card Payments: Ireland.
The following data is collected by the payment partner Stripe Inc.:
To process payments, the payment service provider Stripe is used. The provider of this service is Stripe Inc., 510 Townsend Street San Francisco, California 94103. The European representative of this service provider is Stripe Payments Europe Ltd., North Wall Quay Dublin 1, Dublin.
Cardholder’s name
Email address
Customer number
Order number
Bank details
Credit card information
Validity period of the credit card
Credit card verification number (CVC)
Date and time of the transaction
Transaction amount
Provider’s name Location
Invoice amount and currency
The processing purpose for the collection and transmission of this data is the execution of the order or the fulfillment of the concluded contract. The legal basis for data processing is therefore Art. 6(1)(b) GDPR. The processing of the data provided in this section is neither legally nor contractually required. However, without the transmission of your personal data, we cannot carry out payment by credit card. Stripe is a company based outside the European Union. Therefore, data transfer to a third country takes place. The data transfer is based on standard data protection clauses in accordance with Art. 46(2)(c) GDPR (standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679). For more information on this, we are happy to assist you.
When using the payment option of credit card payment, it is noted that the associated data transfer to the USA poses data protection risks, as the USA does not have the same data protection standards as the European region. As an additional measure to ensure adequate data protection, customer data is encrypted by SSL (at least 128 bits) by the payment provider during data transmission. Further information on payment partner Stripe can be found here: https://stripe.com/privacy-center/legal
Legal Basis for Data Processing:
Data on the website is processed exclusively on the basis of legal provisions (GDPR, TKG 2003). The data processing (webshop, product reviews, booking tool, and user account) is based on Art. 6(1)(b) (contractual purposes) GDPR. In the case of the use of analysis tools, data usage is based on Art. 6(1)(f) (legitimate interest) GDPR. The legitimate interest in data usage is the improvement of the website and the measurement of the success of online advertising. The use of IT data security measures is also based on Art. 6(1)(f) (legitimate interest) GDPR. The legitimate interest in data usage is the protection of one’s own IT systems. The use of social media plugins is only done with consent. Therefore, the legal basis is Art. 6(1)(a) GDPR. Consent must be granted again with each website visit.
Your Rights:
You have the fundamental rights to information, correction, deletion, restriction of processing, data portability, revocation, and objection. If you believe that the processing of your data violates data protection law or your data protection rights have been otherwise violated, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority.