Privacy policy

1. General

• The EU General Data Protection Regulations, as well as the Data Protection Act 2018 serve to protect the right to personal data. We process your data exclusively on the basis of the above mentioned statutory provisions.
• We are particularly concerned with the protection and the safe-keeping of all personal data entrusted to us. In this document you can find out more about how we use and process your personal data.
• The person responsible is Mad & Wine GmbH.
• The managing director of the person responsible is Mr Matthias Siess.
• Contact details of the person responsible:

Mad & Wine GmbH
Antonigasse 1
7063 Oggau

office@weingut-mad.at
+43 2685 7207

• The data protection officer is Mr Sebastian Siess. He can be contacted at 02685/7207 or sebastian.siess@weingut-mad.at.

2. Data processing purposes, legal basis and storage period

2.1. Online shop

• We process the data of our customers in the context of ordering processes in our online shop to enable you to select and order the selected products and services, as well as their payment and delivery or execution. The data processed includes inventory data, communication data, contract data, payment data and the data subjects include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services within the scope of operating an online shop, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
• We process this data for the fulfilment of the contract with the customer and thus on the basis of Art 6 para 1 lit b DSGVO.
• We only disclose the data to third parties in the context of delivery, payment or in the context of legal permissions and obligations towards legal advisors and authorities. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer’s request for delivery or payment).

2.2. Contact request

•  When you use our contact form, we use this information to contact you regarding your interest or to respond to your reservation or order. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Your data will be deleted after the final processing of your request, provided that this is your preference and that the deletion does not conflict with any legal obligations to retain data.
• We process this data on the basis of the fulfilment of (pre-)contractual obligations towards you according to Art 6 para 1 lit b DSGVO or on the basis of our legitimate interests in an efficient and high-quality service according to Art 6 para 1 lit f DSGVO. If we base data processing on legitimate interests, we will weigh up the interests in advance and on a case-by-case basis and only proceed with processing if your interests do not outweigh ours.

2.3. Newsletter

• If you have agreed to receive our newsletter by double opt-in (after registration you will receive an e-mail in which you are asked to confirm your registration), we will use your e-mail address to send you an e-mail newsletter published several times a year with information about products, promotions and news from our winery. In this case, we process your data in accordance with Art 6 para 1 lit a DSGVO. You can revoke your consent to receive the newsletter at any time by contacting us without giving reasons, free of charge and with immediate effect for the future. You also have the option of unsubscribing from the newsletter via a link provided for this purpose at the end of each newsletter.

2.4. Registration and Login

• If you register as a member via our website and log in to our member area, we will process your email and password. If you register via your Facebook or Google account, we also process the fact that you are a user of these channels.
• We process this data to fulfil the user contract with you and therefore on the basis of Art 6 para 1 lit b DSGVO.

2.5. Storage period

• We store your personal data only as long as they are necessary to fulfil our obligations towards you.
• We store your personal data provided during registration until you cancel or deactivate your account for the purpose of fulfilling the contract (provision of the account).
• Your personal data transmitted in the context of enquiries will be deleted immediately after processing.
• If you have only registered for newsletters and the receipt of advertising information accordingly and are not a customer of ours, we will store your personal data until you revoke it and for a maximum of three years from your last contact.
• We store your data required for the fulfilment of the contract on the basis of the statutory storage and documentation obligations incumbent upon us, which arise, among other things, from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), as a rule for seven years after the fulfilment of the contract; in any case, however, for the duration of any warranty periods.
• We may also process your data for longer if this is necessary for the enforcement of claims. In these cases, the storage period is usually three years; in special cases also 30 years.
• The storage period when using cookies is described under point 5.

3.  Transmission of data to third parties

• In order to fulfil the agreed purpose, it may also be necessary to pass on your data to third parties (e.g. forwarding agents, insurance companies, authorities, service providers, in particular IT and payment service providers, whom we use and to whom we make data available, etc.). Your data will only be forwarded on the basis of the GDPR, in particular to fulfil your order or on the basis of your prior consent. We limit the personal data we pass on to what is directly relevant and necessary to achieve the relevant purpose.
• As part of the operation of our website, we commission the company Wix.com Luxembourg S.a.r.l, 5, rue Guillaume Kroll, L-1882 Luxembourg, which may have access to your personal data in the course of their activities, insofar as they require the data to perform their respective services. They have undertaken to comply with the applicable data protection provisions of the GDPR and we have concluded a corresponding order processing agreement and standard contractual clauses with them.
• Some of the recipients of your personal data mentioned in this data protection declaration are located outside the EU and process your personal data there. However, we only transfer your personal data to countries for which the EU Commission has decided have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection for which we conclude standard contractual clauses or, where applicable, obtain your consent for certain purposes.

4.  Data security

• We use technical and organisational security measures to protect the stored personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorised persons. Our security measures are continuously updated in accordance with technical progress.

5.  Cookies

•  Our website uses “cookies” to make our services more user-friendly, effective and secure.
• A “cookie” is a small text file that we transfer to the cookie file of the browser on the hard disk of your computer via our web server. This enables our website to recognise you as a user when a connection is established between our web server and your browser. Cookies help us to determine the frequency of use and the number of users who visit our web pages. The content of the cookies we use is limited to an identification number that no longer allows any personal reference to the user. The main purpose of a cookie is to recognise visitors to the website.
• Two types of cookies are used on our website:

• Session cookies: these are temporary cookies that remain in your browser’s cookie file until you leave our website and are automatically deleted at the end of your visit.
• Permanent cookies: For a better user experience, cookies remain stored on your terminal device and allow us to recognise your browser on your next visit.
  • If we need your consent to set the cookie, we will ask for it separately via our cookie banner. Without your consent, we will only set cookies that are with certainty technically necessary.
  • You can also set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of our website may be limited.

6. Google Analytics

• We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (Google). Google Analytics uses methods that enable an analysis of your use of the websites, such as cookies, text files that are stored on your computer. The information generated about your use of the websites is usually transmitted to a Google server in the USA and stored there. By activating IP anonymisation on the websites, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
• The data processing is carried out exclusively on the basis of your consent in accordance with Art 6 Para 1 lit a DSGVO.
• The cookies are set for a period of 2 years.

7. Google Maps

• We use Google Maps from Google to visually display geographical information. When using Google Maps, Google also processes data on the use of the Maps functions by visitors to the websites. As a rule, this data is not personal. For more information on data processing by Google, please refer to Google’s privacy policy at https://www.google.com/policies/privacy/. You can also change your settings there. There you can also change your settings to manage and protect your data. Additional terms and conditions for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html.
• The integration of Google Maps into our website is based on our legitimate interests in making our company easier to find and in providing a customer-oriented service in accordance with Art 6 para 1 lit f DSGVO.

8. Facebook

• We use plugins of the social network Facebook operated by Facebook Inc, 1601 Willow Road, 94025 Menlo Park, USA (Facebook). An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the website. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
• If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the “Share” button, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
• The data processing is carried out exclusively on the basis of your consent in accordance with Art 6 Para 1 lit a DSGVO.
• The cookies are set for a period of 2 years.
• The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook’s privacy policy, available at unter https://www.facebook.com/about/privacy/update?ref=old_policy.

9. Links to other websites

• Our websites contain links to external websites. This privacy policy only applies to our websites. We are not responsible for the content of such external websites and accept no liability whatsoever for them.

10. Your rights

• You have the right to obtain information about the personal data concerned at any time. Insofar as there is no legal obligation to retain the data, you have the right to have this data deleted against processing. Furthermore, you have the right to correct the data as well as to restrict the processing, to data portability as well as to lodge a complaint with the Austrian Data Protection Authority (https://www.dsb.gv.at/).
• Furthermore, you have the right to object to data processing if the processing serves direct marketing purposes. Insofar as we will process your data for legitimate purposes, you also have the right to object at any time if grounds for doing so arise from your particular situation.
• If your consent is required for the processing of your data, we will only process it after your express consent.
• You can revoke your consent at any time without giving reasons, free of charge and with effect for the future, by contacting us using the contact details above.

11.  Change of data protection declaration

• We reserve the right to amend this privacy policy at any time in accordance with legal requirements and business needs. We therefore recommend that you check the data protection declaration again from time to time and inform yourself about the data processing procedures.