Privacy Policy

Privacy Policy
1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when you use our website. Personal data is all data that can be used to personally identify you.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Dariz Omarkheil, Mywaveearth, Süßenbrunnerstraße 62/7/5, 1220 Vienna, Austria, Tel.: +436604019077, Email: you@mywaveearth.com. The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

2) Data collection when visiting our website

2.1 If you use our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the website server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the site
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to subsequently review the server log files should there be concrete evidence of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser bar.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider to host our website and display the page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an appropriate level of data protection is guaranteed by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website more attractive and enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"); others remain on your device for a longer period and enable the saving of page settings (so-called "persistent cookies"). In the latter case, you can find out the storage period in the overview of your web browser's cookie settings.

If personal data is also processed through individual cookies we use, the processing is carried out in accordance with Art. 6 (1) (b) GDPR either for the execution of the contract, in accordance with Art. 6 (1) (a) GDPR in the case of consent granted, or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the use of cookies and can decide individually whether to accept them or to exclude them for specific cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting us

5.1 Tidio

This website uses a live chat system from the following provider: Tidio Poland Sp. z o.o., Wojska Polskiego 81, 70-481 Szczecin, Poland

Personal data transmitted via chat is processed either in accordance with Art. 6 (1) (b) GDPR because it is necessary for the initiation or execution of a contract, or in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest.

We are committed to providing effective support to our site visitors. Subject to any statutory retention periods to the contrary, your submitted data will be deleted once the relevant matter has been conclusively resolved.

In addition, further information may be collected and evaluated using cookies for the purpose of creating pseudonymized user profiles. However, this information does not serve to personally identify you and is not merged with other data sets. If this information is personally identifiable, it is processed in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in statistically analyzing user behavior for optimization purposes.

The use of cookies can be prevented by appropriate browser settings. However, the functionality of our website may be restricted in this case. You can object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with future effect.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

5.2 When you contact us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention periods to the contrary.

6) Comment function

When using the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose will be saved and published on this website. Furthermore, your IP address will be logged and stored. This IP address is stored for security reasons and in case the data subject violates the rights of third parties or posts illegal content through a comment. We need your email address to contact you if a third party objects to your published content as being illegal.

The legal basis for storing your data is Art. 6 (1) (b) and (f) GDPR. We reserve the right to delete comments if third parties object to them as being illegal.

7) Use of customer data for direct marketing

7.1 Subscribe to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for receiving the newsletter is your email address. Providing additional data is voluntary and will be used to address you personally. We use the so-called double opt-in process to send our newsletter, which ensures that you only receive the newsletter after you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. We store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration so that we can track any possible misuse of your email address at a later date. The data we collect when you register for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the person responsible named above. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this statement.

7.2 Klaviyo

Our email newsletters are sent via this provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

Based on our legitimate interest in effective and user-friendly newsletter marketing, we will pass on the data you provided when subscribing to our newsletter to this provider in accordance with Art. 6 (1) (f) GDPR.

r, so that they can send the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6 (1) (a) GDPR, the provider also conducts a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with future effect.

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits its transfer to third parties.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision of the European Commission.

8) Data processing for order processing

8.1 Transmission of image files for order processing via the upload function

On our website, we offer you the option of requesting the personalization of products by transmitting image files via an upload function. The submitted image motif will be used as a template for personalizing the selected product.

Using the upload form on the website, you can send one or more image files from the memory of your device directly to us via automated, encrypted data transfer. We then collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed of this in the following paragraphs. No further transfer will take place. If the transmitted files or digital images contain personal data (in particular images of identifiable persons), all of the processing operations described above will be carried out exclusively for the purpose of processing your online order in accordance with Art. 6 (1) (b) GDPR.

After the order has been processed, the transmitted image files will be automatically and completely deleted.

8.2 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we will process the contact details you provided when placing your order (name, address, email address) in order to inform you personally about upcoming updates within the legally stipulated period via a suitable communication channel (e.g., by post or email) within the scope of our statutory information obligations pursuant to Art. 6 (1) (c) GDPR. Your contact details will be used strictly for notifications of updates owed by us and will only be processed by us to the extent necessary for this purpose.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.3 To fulfill our contractual obligations to you, we work with external shipping partners. We will pass on your name, delivery address, and, if necessary for delivery, your telephone number, to a shipping partner selected by us exclusively for the purpose of delivering the goods in accordance with Art. 6 (1) (b) GDPR.

8.4 Use of payment service providers (payment services)

- Apple Pay

If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing will be carried out via the "Apple Pay" function of your iOS, watchOS, or macOS device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. Therefore, to authorize a payment, you must enter a code previously specified by you.

Verification using the "Face ID" or "Touch ID" function of your device is required.

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. This encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the payment success.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and information about whether the transaction was successfully completed. Anonymization completely eliminates any possibility of personal identification. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase made through Safari on your Mac, your Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac."

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- EPS Transfer

One or more online payment methods from the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria

If you select a payment method from the provider that requires you to pay in advance (e.g., credit card payment), the payment details you provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Google Pay

If you choose the "Google Pay" payment method provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing will be carried out via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality by charging a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification method configured (e.g., facial recognition, password, fingerprint, or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which is used to verify the payment. This transaction number does not contain any information about the actual payment data of your payment method stored with Google Pay, but is created and transmitted as a one-time, valid numeric token. For all transactions via Google Pay, Google acts solely as an intermediary for processing the payment process. The transaction is carried out exclusively between you and the originating website by debiting the payment method stored with Google Pay.

If personal data is processed during the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.

Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant location and description, and a payment method provided by the merchant.

The description of the purchased goods or services, photos you included with the transaction, the name and email address of the seller and buyer, or the sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) (f) GDPR based on the legitimate interest in proper accounting, the verification of transaction data, and the optimization and maintenance of the functionality of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when using other Google services.

You can find the Google Pay terms of use here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on Google Pay's privacy policy can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider that requires you to pay in advance, the payment details you provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number), as well as information about the content of your order, will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method that requires us to pay in advance, you will also be asked to provide certain personal information (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, details of an alternative payment method) during the ordering process.

In order to protect our legitimate interest in determining your ability to pay in such cases, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) (f) GDPR. The provider will check, based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), whether the payment option you have selected can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). To the extent that score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.

You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.

The credit report may contain probability values (so-called score values). - Shopify Payments

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from the provider that requires you to pay in advance (e.g., credit card payment), the payment details you provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

9) Retargeting/Remarketing and Conversion Tracking

Meta Pixel with Advanced Data Matching

Within our online offering, we use the "Meta Pixel" service from the following provider in advanced data matching mode: Meta Platforms Ireland Limited, 4 Grand Canal Quay, Dublin 2, Ireland ("Meta").

If you click on an ad placed by us on Facebook or Instagram, the URL of our linked page is extended by a parameter using "Meta Pixel." This URL parameter is then entered into your browser after redirection via a cookie set by our linked page. In addition, this cookie collects specific customer data, such as your email address, which we use on our website linked to the Facebook or Instagram ad during transactions such as purchase completion.

sions, account logins, or registrations (extended data matching). The cookie is then read and enables the transmission of the data, including your specific customer data, to Meta.

We use "Meta Pixel" with extended data matching to make our advertisements (so-called "ads") on Facebook and/or Instagram more effective and to ensure that they match your interests or have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Meta (so-called "custom audiences").

In addition, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an advertisement (conversion). Compared to the standard version of "Meta Pixel," the extended data matching function helps us better measure the effectiveness of our advertising campaigns by recording more attributed conversions.

All transmitted data is stored and processed by Meta so that it can be assigned to the respective user profile and Meta can use the data for its own advertising purposes in accordance with Meta's data usage guidelines (https://www.facebook.com/about/privacy/). The data may enable Meta and its partners to place ads on and outside of Facebook.

All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

The information generated by Meta is generally transferred to a Meta server and stored there; In this context, data may also be transferred to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has adhered to the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

10) Site Functionalities

Endereco

To enable real-time verification of certain entries in the address form of our web shop's ordering process for input errors, we use the services of the following provider: Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany.

The provider validates the entered address, verifies the spelling, and adds any missing data. For addresses that are not unique, correct alternative suggestions are displayed. For this purpose, the address data you enter is transmitted to the provider, where it is stored and evaluated.

This processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in properly recording the customer's correct address data in order to conscientiously fulfill our contractual delivery obligations and to prevent contract implementation problems.

The provider processes the data in question separately and does not merge it with other data sets. It deletes it as soon as its status or accuracy has been confirmed, but no later than 30 days later.

11) Rights of the data subject

11.1 Applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis us as the controller with regard to the processing of your personal data. Reference is made to the legal basis listed for the respective conditions for exercising this right:

Right to information pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT OF OBJECTION

IF, AS PART OF A BALANCE OF INTERESTS, WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA IN QUESTION. However, we reserve the right to further processing if we have compelling legitimate grounds for the processing.

CAN PROVE THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

12) Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – also by the respective statutory retention period (e.g., retention periods under commercial and tax law).

When personal data is processed on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations based on Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store it.

When processing personal data based on Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When personal data is processed for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right of objection in accordance with Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this statement regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.