Privacy Policy
Privacy policy
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This privacy policy applies to the internet offer of Dariadéh GmbH, which is accessible under the domain dariadeh.com as well as the various subdomains ("our website").
Who is responsible and how do I reach you?
Responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
Dariadéh GmbH
Lindengasse 5/1-3
1070 Vienna
Austria
support@dariadeh.com
What is it about?
This privacy policy complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data is deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal in individual cases for the assertion, exercise or defense of legal claims and if there are statutory retention obligations.
Who gets my data?
We only disclose your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website, who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 GDPR, they may be recipients of your personal data. For more information on the use of processors and web services, please refer to the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that are transmitted by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Access according to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;
- Rectification according to Art. 16 GDPR of incorrect or incomplete data stored by us;
- Erasure pursuant to Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- Restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
- Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) a GDPR or on the basis of a contract pursuant to Art. 6 (1) b GDPR and these have been processed by us with the assistance of automated processes. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
- Objection according to Art. 21 GDPR against the processing of your personal data, insofar as this is based on Art. 6 (1) e, f GDPR and there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate reasons for the processing are demonstrated or the processing is carried out for the assertion, exercise or defense of legal claims. As far as the right to object does not exist for individual processing operations, it is indicated there.
- Revocation according to Art. 7 (3) GDPR of your given consent with validity for the future.
-
Complaint pursuant to Art. 77 DSGVO to a supervisory authority if you believe that the processing of your personal data violates the DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
How is my data processed in detail?
In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Nature and scope of processing
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.
Purpose and legal basis
The processing is carried out to protect our overriding legitimate interest to display our website and ensure security and stability on the basis of Art. 6 (1) f GDPR. The collection of data and storage in log files is mandatory for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. Insofar as the further storage of log files is required by law, the processing is based on Art. 6 (1) c GDPR. There is no legal or contractual obligation to provide the data, however, calling up our website is technically not possible without providing the data.
Storage duration
The aforementioned data is stored for the duration of the website display and for technical reasons beyond that.
Newsletter
Nature and scope of processing
If you register on our website to receive our newsletter, we collect your e-mail address and store this information together with the date of registration and your IP address. Subsequently, you will receive an e-mail in which you must confirm the registration for the newsletter (double opt-in). If you do not confirm the registration, it will automatically expire and the data will not be processed for the newsletter mailing.
To send the newsletter, we use a service that processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to third parties.
Purpose and legal basis
We process your data for the purpose of sending the newsletter based on your consent pursuant to Art. 6 (1) a GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future pursuant to Art. 7 (3) GDPR. There is no legal or contractual obligation to provide your data, but sending the newsletter is not possible without the provision of your data.
Storage duration
After registration for the newsletter, we store the data maximum until the confirmation of the registration. After successful confirmation, we store your data until you revoke your consent (unsubscribe from the newsletter).
Customer account registration
Nature and scope of processing
As part of the order processing, we collect your personal data for the registration of a customer account. You can choose whether you want to order as a guest or register a permanent user account. The information that is collected during registration via the mandatory fields is identical in both cases and is required for processing the order in the online store. When registering a permanent user account, we also collect a password that you define yourself. Furthermore, you can voluntarily provide additional information that you consider necessary for the processing of the order.
A transfer of your personal data to third parties (eg shipping service providers / shipping) and order processors in accordance with Article 28 GDPR only to the extent necessary for the processing of the order.
Purpose and legal basis
We process your personal data for the purpose of registering a customer account for the fulfillment of a contract with you pursuant to Art. 6 (1) b GDPR. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, as this information is necessary to identify you and for the fulfillment of the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the order in our online store and thus a contract is not possible. For the additional information provided voluntarily, there is no obligation to provide. The order in our online store is also possible without the disclosure of the voluntary information.
The supplementary processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and for the presentation of your previous purchases as well as for the storage of your purchase-related data (e.g. storage of billing address, various delivery addresses) on the basis of your consent pursuant to Art. 6 (1) a GDPR. By deleting your customer account, you can declare your revocation at any time with effect for the future pursuant to Art. 7 (3) GDPR.
Storage duration
If you order as a guest, we store your personal data until the complete processing of your order (end of contract). When registering a permanent customer account, we store the purchase-related data beyond the end of the contract, until the revocation of your consent (deletion of the customer account). In both cases, further storage of your data will only take place if there are legal storage obligations (for example, tax and commercial law).
Presence on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers also within social networks and to offer you further ways to contact us and to inform yourself about our offers. In the following, we inform you about which data we or the respective social network process from you in connection with the call and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via messenger or direct message via the respective social network, we generally process your user name via which you contact us and, if necessary, store other data provided by you insofar as this is required to process/respond to your request.
The legal basis is Art. 6 (1) f GDPR (processing is necessary to protect the legitimate interests of the controller).
(Static) usage data that we receive from the social networks
We receive automated statistics regarding our accounts via Insights features. The statistics include, among other things, the total number of page views, likes, page activity and post interactions, reach, video views, and the percentage of men/women among our fans/followers.
The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.
What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and, in this respect, no user account for the respective social network is required.
Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is called up (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)
Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both inside and outside the respective social network. It cannot be excluded that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the privacy policy/cookie policy of the social networks. There you will also find information on your rights and objection options.
Instagram channel
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is present in the form of cookies on your computer. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this under the following link (Note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.
It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.
We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide "publicly".
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f GDPR. If you, as a user, have given your consent to the data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 (1) a, Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.
We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights Data lies with Instagram under the GDPR and Instagram complies with all obligations under the GDPR with respect to the processing of Insights Data, Meta Platforms Ireland Ltd. provides the essence of the Page Insights Supplement to Data Subjects.
We do not make any decisions regarding the processing of Insights data and storage duration of cookies on user terminals.
For further instructions, please refer directly to Instagram (Supplemental Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
For more information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to the privacy policy/cookie policy of Instagram (note: clicking on the following link will take you to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
In addition, this information can also be viewed in the help section of Instagram's website via the following link:
https://help.instagram.com/581066165581870
TikTok channel
When you visit our TikTok channel, TikTok collects, among other things, your IP address and other information in the form of cookies on your computer. This information is used to provide us, as the operator of the TikTok page, with statistical information about the use of the TikTok page. TikTok provides more detailed information on this topic under the following link: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.
We collect your data via our fan page only to realize a possible provision for communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you provide "publicly".
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f GDPR. Should you, as a user, have given your consent to the data processing to the provider of the social network in question, the legal basis of the processing extends to Art. 6 (1) a, Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to fully access your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.
We are jointly responsible with TikTok for the personal content of the fan page. Data subject rights can be asserted with TikTok Technology Ltd. as well as with us.
The primary responsibility for the processing of data under the GDPR lies with TikTok and TikTok complies with all obligations under the GDPR with respect to the processing of data, TikTok Technology Ltd. provides the substance of the Site Insights Supplement to data subjects.
We do not make any decisions regarding the processing data and storage duration of cookies on user terminals.
For more information on, among other things, the exact scope and purposes of the processing of your personal data, storage duration/deletion, as well as guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to TikTok's Privacy Policy/Cookie Policy:
https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
Facebook Pixel
Nature and scope of processing
We use Facebook Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and to subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with Meta Platforms Ireland Limited.
Purpose and legal basis
We process your data with the help of Facebook Pixel for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 (1) a GDPR.
Data transfer to the USA
Insofar as personal data is transferred to servers in the USA when using Facebook Pixel, this is done on the basis of the EU Commission's adequacy decision on the Data Privacy Framework pursuant to Art. 45 (1) GDPR. If applicable, we will additionally ask for your consent pursuant to Art. 49 (1) a GDPR.
Storage duration
The concrete storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.
Google CDN
Nature and scope of processing
We use Google CDN to properly deliver the content of our website. Google CDN is a service of Google Ireland Limited, which acts as a content delivery network (CDN) on our website.
A CDN helps to provide content of our online offer, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 (1) f GDPR.
Data transfer to the USA
Insofar as personal data is transferred to servers in the USA when using Google CDN, this is done on the basis of the EU Commission's adequacy decision on the Data Privacy Framework pursuant to Art. 45 (1) GDPR. If applicable, we will additionally ask for your consent pursuant to Art. 49 (1) a GDPR.
Storage duration
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.
Shopify CDN
Nature and scope of processing
We use Shopify CDN to properly deliver the content on our website. Shopify CDN is a service provided by Shopify, Inc. which acts as a Content Delivery Network (CDN) on our website to provide functionality for other Shopify, Inc. services. For said services, you will find a separate section in this Privacy Policy. This section is only about the use of the CDN.
A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Shopify, Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of Shopify CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimization of our online offer pursuant to Art. 6 (1) f GDPR.
Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Shopify, Inc. Further information can be found in the privacy policy for Shopify CDN: https://www.shopify.com/legal/privacy.
Shopify Checkout
Nature and scope of processing
We have integrated Shopify Checkout components on our website. Shopify Checkout is a service of Shopify, Inc. and offers online payment solutions worldwide.
When you select Shopify Checkout as your payment method, your information required for the payment process is automatically transmitted to Shopify, Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
As a rule, the following data is collected in this context: Name, address, company if applicable, e-mail address, telephone and cell phone number and IP address.
Purpose and legal basis
The use of the service is based on the execution of a contract, i.e. for the processing of payment transactions pursuant to Art. 6 (1) b GDPR.
Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Shopify, Inc. Further information can be found in the privacy policy for Shopify Checkout: https://www.shopify.com/legal/privacy