The responsible body in terms of the data protection law is: KDV Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna, Austria, registered in the commercial register of the Republic of Austria under FN 455542 s (hereinafter "KDV" or "we").
The legal basis of data protection can be found, as well as in the General Data Protection Regulation (GDPR), for Austria in the Datenschutzgesetz (DSG) in the version of the Datenschutz-Anpassungsgesetz 2018 and in the Datenschutz-Deregulierungs-Gesetz 2018, for Switzerland in the Datenschutzgesetz 1992, and for Germany in the Bundesdatenschutzgesetz (BDSG new) and the Telemediengesetz (TMG). The KDV processes your data in compliance with the data protection requirements. We will inform you about the nature of this data processing below in accordance with Art. 13 and 14 GDPR.
- Statements, information, and data can be edited, updated, changed, and deleted by the user him-/herself in his/her profile. In addition, the user can assert his/her data subject rights (access, rectification, restriction of processing, objection, data portability, or erasure of data) in writing to KDV Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna or firstname.lastname@example.org.
- In order to offer the myfidelio Services, both personal data of the users and anonymous/anonymized (non-personal) data are collected. As long as this data is not required for the execution of the contractual relationship between the user and KDV or it is not required by law, this consent to the collection of data by KDV may be revoked at any time. (see Point 10 right to information and data subject rights).
3. Personal data
3.1. Collection of personal data:
The following personal data of the user is collected for the purpose of the execution of the contractual relationship between KDV and the user:
- basic data: first name, last name, address, country, mobile number (optional), e-mail address;
- other personal data for the purpose of the execution of the contract such as, for example, date of birth, gender, bank details, billing and payment information;
- traffic data: exclusively for billing purposes;
- personal location data via the mobile device’s location tracking: the user can disable this in the settings at any time;
- other personal data such as information that the user has entered him-/herself (areas of interest, gender, and age group): the user can edit, change, and delete this data him-/herself at any time (provided it is not necessary for the execution of the contract).
KDV deletes the user’s basic data after termination of the contractual relationship, at the latest, however, upon expiry of the statutory retention obligations, in particular in accordance with commercial and tax accounting regulations.
KDV deletes the user’s traffic data three months after payment of any balance and expiry of the objection period. If the user objects in due time to the billing and payment of the charges, KDV is entitled to refrain from deleting the data until a legally binding decision by the competent court or authority has been made.
3.2. Processing and disclosure of personal data:
- Basic and other personal data and traffic data are shared with payment service providers (Sofort GmbH, Paypal, and Viveum) so they can manage the billing. This includes the following personal data: name, e-mail address, shopping cart, billing address, and order number. The disclosure of this data is necessary for us to be able to fulfill the contract with you. The legal basis for this is Art. 6 (1) (b) GDPR.
- Log data from the myfidelio Platform (user ID, IP address, start, duration, product) and geolocation data (geographic region where the receiving device is located) are collected. These are collected due to copyright issues, for internal billing purposes, and to ensure the IT security of our information technology systems.
- Data to determine the web browser and operating system used and information from functional cookies (e.g. screen resolution and color information of the display device used, language settings of the receiving device used) are collected in order to ensure an ideal display of the myfidelio Platform.
- Within the myfidelio Services, the user receives recommendations tailored to him/her, based on his/her viewing and usage habits;
- The user can revoke consent to the use of the collected data described above in whole or in part without stating reasons with effect for the future by e-mail (email@example.com), by post (KDV Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna, Austria), or in the account settings at www.myfidelio.at
- KDV will only disclose this data to third parties without your consent if it is required to do so by law.
3.3. Other functions of the myfidelio Services
Our site offers a number of different functions, during the use of which your personal data is collected, processed, and stored by us. We explain below what happens with this data:
- Login area:
You have the option of using a separate login area on our website. If you have forgotten your password or your user name for this area, it is possible, having previously entered your contact details (e-mail address), to have this data sent to you again. The usage data associated with the use of the login area is only collected, stored, and processed by us for the purpose of combating misuse and troubleshooting or to maintain functionality. It is not used for other purposes or shared with third parties. The data collected in the context of the ‘Forgot user name or password’ function will only be used for resending forgotten login details.
On our website, we offer you the opportunity to subscribe to our newsletter. With this newsletter we provide regular information about our offers and our own similar products or services. To receive our newsletter, you will need a valid e-mail address. We will then check the email address entered to ensure that you are in fact its owner or that its owner is authorized to receive our newsletter. When you sign up for our newsletter, we will save your IP address and the date and time of your registration. This will serve as a safeguard in case a third party misuses your e-mail address to subscribe to our newsletter without your knowledge. Further data is not collected by us. The data thus collected will be used exclusively for the distribution of our newsletter. It will not be shared with third parties. We will also not compare the data collected during newsletter registration with any other data that might be collected by other components of our site. You can unsubscribe from this newsletter at any time by e-mail (firstname.lastname@example.org), by post (KDV Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna, Austria), and in the account settings at www.myfidelio.at or via the link to the account settings given in each newsletter.
- Direct marketing:
We use your name and the following data from your usage of the services of the myfidelio Platform:
- links clicked (which products of the myfidelio Platform were clicked when),
- source/medium of the anonymized website visit (via a search engine, direct entry in web browser, social media channel, banner advertising),
- number of return visits in a certain period,
- current newsletter setting,
- test user or subscriber,
- ordering process successful or interrupted
which is processed for direct marketing purposes by inferring interests from them and creating corresponding offers, promotions, and other personalized offers for products or services of the myfidelio Platform.
The myfidelio Platform has a legitimate interest in the processing of this data to this extent (Art. 6 (1) (f) GDPR), particularly since only such data is collected, stored, and used that, due to the content of the downloads, clearly corresponds to the customers’ areas of interest. This processing is also not opposed to any interests of the customer, since no data is processed beyond the data transactions needed by the myfidelio Platform.
We use your e-mail address to send such information and personalized offers. Since you purchase services on our website and your e-mail address is entered in the process, we can subsequently use it to send a newsletter/mailing.
In such a case, only direct marketing of our own similar products or services will be sent via the newsletter/mailing. The legal basis for sending the newsletter is therefore § 107 para. 3 Telekommunikationsgesetz (TKG). You can opt out of the processing of your e-mail address for this purpose at any time without stating reasons with effect for the future by e-mail (email@example.com), by post (Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna, Austria), or in your account settings at www.myfidelio.at
4. Collection and use of non-personal data
4.1. Collection of non-personal data:
- If the user uses the myfidelio Services and clicks on related links, for example, anonymous or anonymized non-personal data about user behavior is automatically collected.
4.2. Use and disclosure of non-personal data:
- Non-personal data is used to deliver advertisements about third-party products and services to target groups, if the user so wishes.
- The anonymized information provided by the user can be combined and used with anonymized information provided by other users in order to deliver (non-personalized) advertisements to target groups according to age, gender, and areas of interest.
The cookies are used in particular to temporarily store the user credentials and to record the payment transactions.
Cookies can also be used to record the user’s surfing behavior (within and outside the myfidelio Platform) together with sociodemographic data (e.g. the user’s age and gender). However, they do not contain any personal data or any personal information, so that it is not possible to identify the user solely with the information obtained via the cookies.
Of course, cookies can be removed from the device or blocked at any time. However, this may affect the functionality of the myfidelio Services.
6. Other external content / processing of data outside the EU
- facebook.com, operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA betrieben wird („Facebook“)
- twitter.com, operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA betrieben wird („Twitter“)
- instagram.com, operated by Instagram, LLC, 1601 Willow Rd., Menlo Park, CA 94025, USA betrieben wird (“Instagram”)
- snapchat.com, operated by Snapchat Inc., 63 Market St., Venice, CA 90291, USA betrieben wird (“Snapchat”)
- YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”)
The plug-ins are marked with a Facebook, Twitter, Instagram, or Snapchat logo and/or the additional text (Facebook plug-in) “Recommend”/(Twitter plug-in) “Tweet”/(Instagram plug-in) “Follow”/(Snapchat plug-in) “Snap”. If you access a website of our internet presence which contains such a plug-in, your browser establishes a direct connection to the servers of the providers listed above. The contents of the plug-ins are transmitted directly to your browser by the respective providers and are integrated into the website. The respective providers receive the information that you have accessed the corresponding page of our internet presence. If you are logged into Facebook, Twitter, Instagram, Snapchat, and/or YouTube, the respective provider can assign the visit to your account.
If you interact with the plug-ins, if you activate these plug-ins or, for example, press the “like,” “tweet,” “follow,” or “snap” buttons or make a comment or start a video stored on YouTube, the information is transmitted directly from your browser to the respective provider and is stored there. For the purpose and scope of the data collection and further processing and use of the data by these providers, as well as your rights related to this and the setting options for the protection of your private sphere, please refer to the respective privacy policies. These can be found at:
- https://www.facebook.com/about/privacy (Facebook)
- https://twitter.com/privacy (Twitter)
- https://help.instagram.com/155833707900388 (Instagram)
- https://www.snap.com/en-US/privacy/privacy-policy and https://www.snap.com/en-US/cookie-policy (Snapchat)
- https://policies.google.com/privacy?hl=en-US (YouTube)
The further use of the data by the providers mentioned is beyond our control. If you do not want the respective providers to collect data about you through our website, you must log out of them before visiting our website. It is also possible to block Facebook social plug-ins, for example, with add-ons for your browser, for example with Facebook Blocker (http://webgraph.com/resources/facebookblocker/).
There is also the option of centrally managing your preferences regarding usage-based online advertising on the websites of the European Advertising Standards Alliance (EASA) or the Digital Advertising Alliance (DAA): https://www.youronlinechoices.com/uk/your-ad-choices or http://www.aboutads.info/choices/.
7. Data security and data privacy
We secure our website and other systems using technical and organizational measures against loss, destruction, access, modification, or disclosure of your data by unauthorized persons. Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you have finished your session with us, especially if you share your computer with others.
When ordering, your personal data is encrypted using SSL technology before being transmitted through the internet.
8. Right to information and data subject rights
Users have the right to free information about all their personal data, along with additional information such as:
- its processing purpose and recipient,
- the criteria for determining the retention period,
- your right to erasure and rectification,
- your right to limitation or objection,
- your right of appeal,
- information about the origin of the data,
- information about automated decision-making including logic involved.
You can request the rectification or completion of incorrect or incomplete data. Under certain circumstances, for example if the accuracy of data is disputed and until the accuracy has been checked, you can request that the processing of data be restricted so that it may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
You can object at any time to the processing of your personal data in connection with processing for direct marketing purposes. In the event of an objection, your data will no longer be used for these purposes.
You can request that we send a copy of your data in a structured, common, and machine-readable format to you or, as far as this is technically feasible, to a third party designated by you (right to data portability).
You have the right to have data erased in certain circumstances, such as if it is not processed in accordance with data protection requirements. The so-called “right to be forgotten” does not apply to you because the myfidelio Platform will never make your personal data public.
Requests for information, rectification, restriction of processing, objection, data portability, or erasure can be made in writing to KDV Klassik Digital Vertriebs-GmbH, Würzburggasse 30, 1136 Vienna or by e-mail to firstname.lastname@example.org.
9. Regulatory authority
Irrespective of the possibility of filing suit with the regional court in accordance with § 29 para. 2 Datenschutzgesetz 2018 and any other legal remedies, you have the right to lodge a complaint with the national regulatory authority in your place of residence if unlawful processing of personal data is presumed. In Austria, the Data Protection Authority is responsible.
10. Repetition of declarations of consent
You may have expressly given us the following consent(s) and we have logged your consent. You can revoke your consent(s) at any time with effect for the future.
a) Permission for e-mail advertising
- I would like to receive interesting product offers and information about other KDV service offerings by e-mail and through social networks on a regular basis. For this purpose, KDV may use the address data that I provided when I registered on myfidelio. My e-mail address will not be shared with other companies. I can revoke the consent to the use of my e-mail address for advertising purposes at any time with effect for the future by clicking on the “Unsubscribe” link at the end of the newsletter, or by sending an e-mail to email@example.com outlining my revocation.
- I would like to register for future orders and therefore ask you to enter my data into your customer database. I can revoke my consent to being included in the customer database at any time by sending an e-mail to firstname.lastname@example.org outlining my revocation.