Privacy Policy

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Gabriel-Glas GmbH. The Gabriel-Glas GmbH website can generally be used without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data.

We would like to take this opportunity to assure you that we process your data that we collect when you visit the website and contact us in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act (“DPA”).

In the following privacy policy, we therefore inform you about the most important aspects of data processing within the framework of our website.

1. Responsible person
   
   Gabriel-Glas GmbH
   Schwarzstrasse 9
   5400 Hallein
   T +43 6245 7115612
   E-mail: office@gabriel-glas.at

2. Allgemeines und Begriffsbestimmungen
   

    

   • General information and definitions
     
     • Personal data
       means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.
     • Processing
       is any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
     • Cookies
       Our website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser. Cookies enable us to recognize users of the website. By using cookies, we can provide you with more user-friendly services that would not be possible without cookies. The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

     We process your personal data when you visit our website, when you contact us and when you purchase goods via our online shop.

3. Data processing
   In the following, we will inform you in detail, especially about the scope and purpose of the data processing and also about the transfer of your data to third parties.
   1. Visit of the Website
      Personal data is processed when you visit our website.
      1. Scope of data processing
         When you visit our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are
         • Browser type
         • Browser version
         • Operating system used
         • Referrer URL (including sub-websites)
         • Hostname of the accessing computer
         • Date and time of the server request
         • Your IP address
      2. Purpose of data processing
         We process this data for the purposes of logging system usage, the authorization process and evaluating server log files for problem analysis. This data is also required for the correct delivery of the website and to ensure the long-term functionality of our website’s information technology systems. Furthermore, this data can be made available to law enforcement authorities in the event of a cyber-attack. When using this general data and information, we do not draw any conclusions about data subjects. Without this data collection, you may not be able to visit our website.
      3. Legal basis for data processing
         The processing of the aforementioned data is in our legitimate interest as the operator of the website in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest in data processing lies in achieving the purposes described under point b).
      4. Recipient of the data
         To operate our website, including hosting, and to ensure the security of our IT system, we use the following service provider(s), who may gain access to your personal data in the course of their work:
         • Netcup GmbH Webhosting, Daimlerstraße 25 76185 Karlsruhe, Germany
         • Thaler Software GmbH, Jakob-Haringer-Straße 6, 5020 Salzburg, Austria

         The aforementioned service providers are contractually obliged to protect your personal data at all times, to take appropriate technical and organizational measures with regard to data security and not to process your data for their own purposes or to pass it on to third parties.

         The data collected for this purpose will not be transferred to recipients in third countries.

      5. Storage period
         The data collected here is automatically stored for a period of 14 days for reasons of operational security. If we have reasonable grounds to suspect abusive behavior, we will forward the data to the responsible public authorities. This data is stored on a separate data carrier and deleted once the legal proceedings have been concluded.
   2. Contact via e-mail
      We offer you the opportunity to contact us by e-mail.
      1. Scope of data processing
         The following personal data may be processed in the course of contacting us:
         • Name
         • e-mail address
         • Telephone number
         • Subject of contact
         • (Content of the) message
      2. Purpose of data processing
         When you send the e-mail, we collect, store and process the personal data entered for the purpose of answering the enquiry. The response or processing of the enquiry may be in connection with a purchase or concern other matters.
      3. Legal basis for data processing
         Processing may take place on the basis of pre-contractual measures if the enquiry is aimed at the conclusion of a purchase contract or for the purpose of contract fulfilment (Art 6 para 1 lit b GDPR). Otherwise, the processing (for example, in the case of enquiries that are not related to a purchase) may also be carried out on the basis of our legitimate interest, which lies in being able to conclusively clarify the enquiry (Art 6 (1) (f) GDPR).
      4. Recipient of the data
         If necessary, your personal data may be passed on to the following recipients:
         • Public authorities (courts or administrative authorities)
         • Regional resellers
      5. Storage period
         If the enquiry or message is in connection with a purchase, this data will be stored for as long as it is required for the purchase of the goods (contract). Personal data from enquiries or contacts that are not related to a purchase are generally deleted as soon as they are no longer required to fulfil the purpose. This is usually the case when the conversation with the user has ended, and it can be inferred from the circumstances that the matter in question has been conclusively clarified. However, data may be stored for up to three years for the purpose of preserving evidence and asserting legal claims. The data will be deleted earlier if you exercise your right to object in a permissible manner.
   3. Newsletter
      1. Purpose and scope of data processing
         If you register for our newsletter on our website, we will save the e-mail address you have provided with your consent for the purpose of sending our newsletter to the e-mail address provided. Our newsletter contains information about promotions, the latest products, events and news about our range.
      2. Legal basis for data processing
         In this case, the legal basis for the processing of your personal data is your voluntarily given consent, which can be revoked at any time, in accordance with Art 6 (1) (a) GDPR (in conjunction with Section 174 Austrian Telecommunications Act 2021 “TKG”). You can revoke your consent at any time and unsubscribe from the newsletter by clicking on the unsubscribe link that you receive in every newsletter e-mail. Withdrawing your consent means that you will not receive any newsletters from us.
      3. Storage period
         Your e-mail address will be stored for as long as it is required for sending the newsletter. If you unsubscribe from the newsletter, your consent to receive the newsletter (including your email address and the time you subscribed and unsubscribed) will be deleted after (at the latest) 3 years from unsubscribing from the newsletter for reasons of proof.
      4. Recipient
         We use Brevo as a technical service provider for the purpose of sending the newsletter. We pass on the e-mail address required for sending the newsletter to this service provider. The provider of this service is: Sendinblue GmbH, Köpernicker Straße 126, 10179 in Berlin.
   4. Registration and administration of a user account
      1. Scope of data processing
         When you register for a user account, your first name, surname and e-mail address will be processed. To log in, you will be asked to enter a password, which will also be processed and saved by us. A user name (consisting of your first name and surname) is automatically defined and processed from your first name and surname. The following personal data can also be processed under the “Addresses” tab and then under “Billing address” or “Delivery address”:
         • Company name
         • Country/Region
         • Street (street name and house number)
         • Postal Code
         • Place, City
         • Telephone number
      2. Purpose of data processing
         We collect and process the data you provide during registration for the purpose of creating, managing and maintaining a customer account with which you can log in to our website and place orders.
      3. Legal basis
         Your data is processed on the basis of the consent you have given (Art. 6 (1) (a) GDPR). You have the right to withdraw your consent at any time by sending an email to office@gabriel-glas.at to cancel your account.
      4. Storage period
         We store your account information until you cancel your account. You can cancel your account directly in your personal settings. If your account is inactive for a period of 5 years, your account will be cancelled automatically.
   5. Purchase in the online shop
      We operate a web shop where you can buy a wide range of products (e.g. glasses, wine bars, wine accessories, etc.). When ordering goods (unregistered) as a “guest” or by creating or registering and logging in to a user account (see point 5.), you have the option of purchasing our products via the website.
      1. Scope of data processing
         1. Name
         2. E-mail address
         3. Address
         4. Order information
         5. Payment information
      2. Purpose of data processing
         Your data is processed for the purpose of processing the online shop and executing purchase contracts. The data processing is necessary so that you can buy the desired products from us and we can deliver them to you.
      3. Legal basis for data processing
         Data processing for the processing of your order (including the conclusion of the contract) is based on the fulfilment of the contract (Art 6 (1) (b) GDPR). We cannot conclude the contract with you without this data.
      4. Recipient of the data
         In connection with your order in our web shop, your personal data may be shared with the following recipients:
         • Payment service provider
           We offer payment services (from third-party companies) on our website. When you make a purchase in our online shop, your payment details (e.g. name, payment amount, bank account details, credit card number, etc.) are processed by the payment service provider for the purpose of processing the purchase. The respective contractual provisions of the respective payment service provider apply to this. Under data protection law, the payment service provider is to be regarded as an independent controller within the meaning of Art 4 Z (7) GDPR, which is why reference must be made to the respective data protection provisions of the provider. We use the following payment service providers on this website:
           Paypal
           PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. (Privacy Policy: https://www.paypal.com/myaccount/privacy/privacyhub)
         • Our logistics service provider:
           Österreichische Post Aktiengesellschaft, Corporate Headquarters, Rochusplatz 1, 1030 Vienna, Austria
      5. Storage period
         In connection with your order and processing of the purchase contract, we store your data to the extent necessary to fulfil our contractual obligations. After conclusion of the purchase contract, we store your data for a maximum of 3 years for the purpose of asserting legal claims. For tax law reasons, we are also obliged to keep your data for 7 years from the end of the calendar year in which the contract was concluded and to keep it for as long as it is relevant for pending proceedings relating to the collection of taxes (Section 132 Austrian Federal Tax Code “BAO”).
   6. OpenStreetMap
      We use the map service “OpenStreetMaps” (OSM) of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, to display locations. OSM offers an interactive map on our website that shows you how to find and reach us, retailers, and gastronomy references. This service allows us to display our website in an appealing way by loading map material from an external server. Your IP address is not transmitted because we use a proxy server and it is not the client but the proxy server that sends the HTTPS request to retrieve the map service. In this way, your personal data (IP address) is not transmitted to the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.
   7. Company profiles on social media
      As part of our company profiles (“fan pages”), we process your data under joint responsibility (Art 26 GDPR) with the respective platform operator. These are:
      • Facebook, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”);

      https://www.facebook.com/gabrielglasWeingenuss

      • Instagram, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”);

      https://www.instagram.com/gabriel_glas/

      • Youtube, operated by Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland („YouTube“)

      https://www.youtube.com/channel/UC1D8U14Z3USSETjKYTXbMUA

      • X, operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (“X”)

      https://twitter.com/gabriel_glas

      We expressly point out that we only have access to the data that you as a user have made available to these platforms. We have no influence on any analyses, transfers or other processing of your data for other purposes, despite our joint responsibility. If you have any questions about the processing of your data that go beyond the purposes stated here and/or to assert your rights, please contact the respective platform operator. We will be happy to support you in this, please contact us at office@gabriel-glas.at.

      Further information on the processing of your data by the respective providers themselves (and on the content of the joint controllership agreement) can be found at

      • Facebook: https://www.facebook.com/about/privacy,
      • Youtube: https://www.google.de/intl/de/policies/privacy,
      • Instagram: https://privacycenter.instagram.com/policy
      • X: https://twitter.com/en/privacy
      1. Scope of data processing
         We operate on various Social Media platforms “Fanpages” for corporate communication. In the course of our corporate communication, therefore, the personal data you provide on the Social Media platforms is processed when you interact with us via these channels. This can usually be Surname, first name, title, gender, telephone and fax number and other information required for addressing, which results from modern communication techniques, online identity of the respective social media platform (user name, photo, avatar, logo), published and unpublished contributions to the social media presence (e.g. comments, enquiries, ratings, etc. [.e.g. “likes”], photos, videos, etc.), public and non-public reactions to our posts (replies, comments, etc.), logging of enquiries and correspondence via social media channels, content and time of creation of the log, other response behavior to activities (positive reaction to posts).
         • Cookies

         About Facebook and Instagram, fan page operators are provided with the “Insight” function, with the help of which we receive anonymized statistical data about the users and visitors to our fan page. This data is collected with the help of so-called cookies. This information is called up again on subsequent visits to the website and enables the website to recognize the end device. The information stored in the cookies is received, recorded and processed by Facebook and Instagram in personalized form.

         The purpose of using cookies is, on the one hand, to improve the Facebook and Instagram advertising systems. On the other hand, Facebook provides us with statistics that we can use to control and improve the marketing of our activities.

         The cookies set by Facebook and Instagram are stored for up to two years after they are set or updated but can be deleted at any time. You can also prevent the installation of cookies by selecting the appropriate settings in your browser. Further information about the transmission of your data by Facebook and Instagram, including to a third country, can be found in the privacy policy above.

         We receive the following information after statistical analysis by Facebook and Instagram:

         • • Information about persons:
             People who have subscribed to our social media page: Gender, age, place of residence and language; Reach of posts: People for whom our post was placed within the last 4 weeks; Social interactions of people: People who have “liked”, tagged, commented on or shared our posts or made other social interactions within the last 4 weeks.
           • Information about subscribers:
             Total number of subscribers to our social media page, number of new subscribers, demographic information of subscribers by origin (country, city, town), gender, age and language.
           • Information about visitors:
             Page and tab views: Information on how often each tab and button (e.g. website button, phone number button, “plan route” button) on our fanpage has been displayed or clicked; visitor behaviour: Information about whether the visitor hovers over the fanpage name or profile picture to preview page content, as well as information about whether the fanpage visitor is logged in on a computer or mobile device; external referrals: Information on how often people reached our fan page from a website outside our fan page via a link.
           • Information about contributions:
             Online behaviour of visitors: information on when the people who “like” our page are on Facebook; post types: Information on the success of individual post types based on average reach and interaction; most popular posts from pages we keep an eye on: Display of interactions on posts from pages we keep an eye on.
           • Interactions with our videos:
             Video views: Information on how often a video shared by us was viewed for longer than 3 or 30 seconds; top videos: Information about the most viewed videos on our fan page for at least three seconds.
           • Range:
             Post reach: Number of people for whom our post was shared, broken down into paid and organic reach; positive interactions: “Likes”, comments, shared content and recommendations, negative interactions: Hidden posts, reported as spam, “no more likes”; number of fan page subscribers, total reach: number of people who were shown an action from our page.

         For X and YouTube, it cannot be ruled out with certainty that (similar) tracking takes place via similar/similar technologies when operating a fan page.

         1. Purpose of data processing
            The purpose of data processing is to enable simple and uncomplicated correspondence through our online presence and to inform you about our services and campaigns. You can contact us via direct messages, the Like function or the comment function. As part of this contact, we will only see the data that you have stored on your profile. We would like to point out that your comments and likes will be stored indefinitely unless you request their deletion and can be viewed by other users.
         2. Legal basis for data processing
            

            We process your personal data within the scope of our legitimate interests in accordance with Art 6(1) (f) GDPR in order to enable quick and easy correspondence.

            If you do not want us to process your data, please do not interact with our posts and do not send us any messages.

            If you have already done so, you can object to the processing of your data at any time, stating your reasons. To do so, please send us an e-mail to office@gabriel-glas.at.

         3. Recipient of the data
            

            Please note that your interactions on the respective social media platform are generally and publicly available and, depending on the nature of the interaction and your settings, can be viewed and used by users worldwide without us having any influence over this.

            If personal data is transferred by the respective social media provider – over which we have no influence – to third countries, we would like to refer you to the data protection declarations listed above.

            We use a marketing agency for the purpose of creating and managing campaigns via social media. This marketing agency may process the data described above, e.g. for the purpose of communication. We use the following marketing agency: 

            zweischrittweiter event & consulting gmbh, Strobachgasse 4 in 1050 Vienna

         4. Storage period
            

            Your direct messages to us will be stored for a period of 1 year after the last contact. A longer storage period may apply if the contact is made in connection with a purchase contract. In this case, the message will be stored for as long as is necessary to fulfil the contract. We have no influence on the storage period of your other interactions, such as comments and likes in particular. If you therefore wish to delete this data, we ask you to remove this interaction via your account. If you require assistance with this, please contact us at office@gabriel-glas.at.

   8. Tracking & cookies
      8.1. Essential cookies
      

      We use essential cookies on our website. These are necessary to guarantee the functions of our website and to provide the services you have requested. This also includes being able to temporarily save your cookie settings. Without the use of these cookies, there would be functional restrictions.

      In doing so, we rely on our legitimate interests in providing a fully functional website and the services you have requested and in the temporary storage of your cookie settings (Art. 6 (1) (f) GDPR).

      Further information about which functional cookies we use, which categories of personal data we process, how long we store this data and to which third parties we pass it on can be found in the cookie settings.

      8.2. Matomo Web Analysis

      To improve the user-friendliness of our website, we use the web analysis tool “Matomo”, which sets non-functional cookies (see above for definition). When using these cookies and analysing user data, we process personal data in order to better understand the preferences of our website visitors and to better personalise our offer.

      Matomo sets the following cookies, these are: “_pk_id”, “_pk_ref” and “_pk_ses”). The cookie “_pk_id” is stored for 13 months, “_pk_ref” for 6 months and “_pk_ses” for 30 minutes. For the above purpose, these cookies are used to assign the user a unique visitor ID, document the visit to the website and store information about where the user accessed the website from.

      The legal basis for the processing of your data is your consent (Art. 6 (1) (a) GDPR in conjunction with Section 165 para. 3 TKG). Without your express consent, neither cookies for web analysis will be set nor personal data processed. Consent can be revoked at any time in the cookie settings. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

      Further information about which cookies Matomo uses, which categories of personal data are processed, how long this data is stored and to which third parties it is passed on can be found in the cookie settings.

      Further information on Matomo’s terms of use and data protection regulations can be found at:  https://matomo.org/privacy/.
      

      8.3. Integration of videos (YouTube)

      We use components from YouTube (operator: Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on our website to offer you an appealing user experience. This involves the processing of your personal data.

      YouTube sets non-functional cookies when you merely access our websites in which YouTube videos are embedded – regardless of whether the embedded video is played or not – and establishes a connection with the Google server “DoubleClick”. These are used by YouTube for statistical and marketing purposes. If you are logged in to YouTube at the same time, the information stored in the cookie will also be assigned to your YouTube and Google account (however, this can also be prevented by logging out of your YouTube account beforehand).

      You can find out which cookies (and the information they contain) are set by YouTube and for how long in YouTube’s privacy policy at
      https://policies.google.com/ technologies/cookies?hl=de.

      Further information about which cookies are used, which categories of personal data are processed, how long this data is stored and to which third parties it is passed on can be found in the cookie settings.

      The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit a GDPR in conjunction with §165 para. 3 TKG 2021. You can revoke this consent at any time in the cookie settings. The revocation does not affect the legality of the consent until the revocation of the processing carried out. If consent is not given, the video will not be made available.

      Google Ireland Limited forwards your data to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

      An adequacy decision was issued for the transfer to the USA, which means that personal data can be transferred from the EU to the USA without the need for further protective measures. This adequacy decision can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. An adequate level of data protection exists in the USA if the data recipient is certified in accordance with the EU-U.S. Data Privacy Framework. The website of the US Department of Commerce contains a list of companies that have such certification (https://www.dataprivacyframework.gov/s). Google LLC is considered an “Active Participant” according to this list, which is why the transfer to the USA is legitimate.

      Further information on YouTube’s privacy policy can be found at https://policies.google.com/?hl=de.

4. Your rights as a data subject
   As the data subject of our data processing, you have the following rights:
   1. Right to information
      You have the right to request information at any time and informally about which of your personal data is processed by us as the controller – together with further information such as the purposes of processing and recipients, information about the origin of the data and information about automated decision-making including the logic involved. Furthermore, you have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization, including the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR.
   2. Right to rectification and right to restriction of processing
      You can request the correction or completion of incorrect or incomplete data. You also have the right to request that the processing of data be restricted so that it may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, for example, if the accuracy of the data is disputed.
   3. Right to data portability
      You may request that a copy of the data provided to Gabriel-Glas be sent to you – or, if technically feasible, to an identifiable third party – in a structured, commonly used and machine-readable format.
   4. Right of erasure
      You can request the deletion of your data under certain circumstances, for example, if it is not processed in accordance with data protection regulations.
   5. Right to object
      You have the right to object to the processing of your personal data at any time, stating reasons. In this case, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves the establishment, exercise, or defence of legal claims.
   6. Right to withdraw your declaration of consent
      You have the right to revoke your declaration of consent under data protection law at any time and without giving reasons in the above-mentioned ways. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. We will delete your data unless statutory provisions require us to retain it.
   7. Right to lodge a complaint
      If you believe that the processing of your data violates your right to confidentiality or that your data protection rights have been violated in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

      This does not affect the possibility of bringing an action before the regional court in accordance with Section 29 (2) DPA and any other legal remedies.

(as at January 2024)