Impressum Information according to the disclosure requirements under § 5 of the E-Commerce Act, § 14 of the Commercial Code, § 63 of the Trade Regulation, and disclosure requirements under § 25 of the Media Act. Mashcici.

Leonie Huiber
Peter-Leitner-Siedlung 18,
8572 Bärnbach,
Austria
E-Mail: office@mashcici.com

Trade Regulation: www.ris.bka.gv.at
Artist Awarding State: Austria

EU Online Dispute Resolution In accordance with the Regulation on Online Dispute Resolution in Consumer Affairs (ODR Regulation), we would like to inform you about the Online Dispute Resolution platform (ODR platform). Consumers have the opportunity to submit complaints to the Online Dispute Resolution platform of the European Commission at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=EN. You can find the necessary contact information in our imprint above. However, we would like to point out that we are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board. 

Liability for Contents of this Website We are constantly developing the contents of this website and strive to provide correct and up-to-date information. Unfortunately, we cannot assume any liability for the correctness of all content on this website, especially for that provided by third parties. As a service provider, we are not obligated to monitor transmitted or stored information or to investigate circumstances that indicate illegal activity. Our obligations to remove information or to block the use of information according to the general laws remain unaffected even in case of our non-responsibility. 

If you notice problematic or unlawful content, please contact us immediately so that we can remove the unlawful content. You can find the contact details in the imprint. 

Liability for Links on this Website Our website contains links to other websites for which we are not responsible for the content. We are not liable for linked websites because we had and have no knowledge of any illegal activities, and no unlawful activities have come to our attention. If you notice any unlawful links on our website, please contact us. You can find the contact details in the imprint. 

Copyright Notice All content on this website (images, photos, texts, videos) is protected by copyright. Please ask us before distributing, reproducing, or using the content of this website, such as republishing on other websites. If necessary, we will legally pursue unauthorized use of parts of our content on our site. If you find any content on this website that violates copyright, please contact us. 

Image Credits The images, photos, and graphics on this website are protected by copyright. The image rights belong to: Photographer Leonie Huiber All texts are protected by copyright. 

Source: Created with the Impressum Generator of AdSimple 

Data Privacy Policy Introduction and Overview We have drafted this privacy policy (as of 11th July 2023) to inform you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about the personal data (hereinafter referred to as "data") we, as the data controller, process or will process in the future, and about the legal possibilities you have. The terms used are gender-neutral. 

In short: We provide comprehensive information about the data we process about you. 

Privacy policies are usually very technical and use legal jargon. This privacy policy, however, aims to describe the most important things as simply and transparently as possible. Wherever possible, we explain technical terms in a user-friendly manner, provide links to further information, and use graphics. Our goal is to inform you in a clear and simple language that we only process personal data within the scope of our business activities if there is a legal basis for doing so. This is not possible if we provide brief, unclear, and legally technical explanations, as is often the case on the internet when it comes to data protection. I hope you find the following explanations interesting and informative. Perhaps you will find some information you were not aware of before. 

If you still have questions, we ask you to contact the responsible person or entity mentioned below, follow the provided links, and look for further information on third-party sites. Of course, you will also find our contact information in the imprint. 

Scope of Application This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (data processors). By personal data, we mean information as defined in Art. 4 No. 1 of the General Data Protection Regulation, such as the name, email address, and postal address of a person. The processing of personal data enables us to offer and bill our services and products, both online and offline. The scope of this privacy policy includes: 

  • all online presences (websites, online shops) that we operate, 
  • social media presences and email communication, 
  • mobile apps for smartphones and other devices. 

In short: The privacy policy applies to all areas where personal data is processed within the company via the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary. 

Legal Basis In this privacy policy, we provide you with transparent information about the legal principles and provisions, i.e., the legal basis of the General Data Protection Regulation, that enable us to process personal data. 

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679. 

We only process your data if at least one of the following conditions is met: 

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form. 
  1. Contract (Article 6(1)(b) GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a sales contract with you, we need personal information beforehand. 
  1. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes, which typically contain personal data. 
  1. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing represents a legitimate interest. 

We typically do not encounter other conditions, such as the exercise of official authority, public interest, and vital interests. If such a legal basis should be relevant in any case, it will be indicated at the appropriate location. 

In addition to the EU Regulation, national laws also apply: 

  • In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz), abbreviated as DSG. 
  • In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz), abbreviated as BDSG, applies. If further regional or national laws are applicable, we will inform you in the following sections. 

Contact Information of the Data Controller If you have any questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or entity below: 

Storage Duration As a general criterion, we only store personal data for as long as it is absolutely necessary for providing our services and products. 

This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes. 

If you wish to have your data deleted or revoke your consent for data processing, we will delete the data as soon as possible, provided there is no obligation to store it. 

Below, we inform you about the specific duration of each data processing, if we have further information on this matter. 

Rights under the General Data Protection Regulation (GDPR) 

In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights that you have to ensure fair and transparent data processing: 

  • You have the right, according to Article 15 GDPR, to be informed whether we process your data. If so, you have the right to receive a copy of the data and to obtain the following information: 
  • The purpose for which we process the data. 
  • The categories of data being processed. 
  • Recipients of the data and, if the data is transferred to third countries, the security measures in place. 
  • The storage duration of the data. 
  • The right to rectification, erasure, or restriction of processing, and the right to object to processing. 
  • The right to lodge a complaint with a supervisory authority (links to these authorities can be found below). 
  • The origin of the data if we did not collect it directly from you. 
  • Whether profiling is carried out, meaning whether data is automatically evaluated to create a personal profile of you. 
  • You have the right, according to Article 16 GDPR, to have your data rectified if you find any errors. 
  • You have the right, according to Article 17 GDPR, to have your data deleted ("right to be forgotten"). This means you can request the deletion of your data. 
  • You have the right, according to Article 18 GDPR, to have the processing of your data restricted, which means we can only store the data but not use it further. 
  • You have the right, according to Article 20 GDPR, to data portability, meaning we will provide you with your data in a common format upon request. 
  • You have the right, according to Article 21 GDPR, to object to processing, which, when successful, leads to a change in the processing. 
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you can object to the processing. We will then promptly examine whether we can comply with this objection legally. 
  • If data is used for direct marketing, you can object to this type of data processing at any time. After that, we may no longer use your data for direct marketing purposes. 
  • If data is used for profiling, you can object to this type of data processing at any time. After that, we may no longer use your data for profiling. 
  • You have the right, according to Article 22 GDPR, under certain circumstances, not to be subject to a decision based solely on automated processing (e.g., profiling). 
  • You have the right, according to Article 77 GDPR, to lodge a complaint. This means you can file a complaint with the supervisory authority at any time if you believe that the processing of personal data violates the GDPR. 

In summary: You have rights – do not hesitate to contact the responsible party listed above! 

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can file a complaint with the supervisory authority. For Austria, the competent authority is the Austrian Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible: 

Explanation of Used Terms 

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. Often it makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP address). However, we do not want to use them without explanation. Below is an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also provide the GDPR texts and possibly add our own explanations. 

Data Processor 

Definition according to Article 4 of the GDPR 

For the purposes of this Regulation: "processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. 

Note: GDPR stands for General Data Protection Regulation. In case of any discrepancies between this translation and the original German version, the original German text prevails. 

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the data controllers, there may also be so-called data processors. This includes any company or person who processes personal data on our behalf. Data processors can include service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, for example. 

Consent Definition according to Article 4 of the GDPR For the purposes of this Regulation: "consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. 

Explanation: Typically, on websites, such consent is obtained through a cookie consent tool. You may be familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner if you agree to the data processing. Usually, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In general, consent can also be given in writing, not necessarily through a tool. 

Personal Data Definition according to Article 4 of the GDPR For the purposes of this Regulation: "personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

Explanation: Personal data is any information that can identify you as a person. Typically, this includes data such as: Name Address Email address Postal address Phone number Date of birth Identification numbers such as social security number, tax identification number, ID card number, or student ID number Bank details such as account number, credit information, account balances, etc. 

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the owner of the connection. Therefore, the storage of an IP address also requires a legal basis under the GDPR. 

There are also so-called "special categories" of personal data, which are particularly sensitive and deserving of protection. These categories include: 

  • Racial and ethnic origin 
  • Political opinions 
  • Religious or philosophical beliefs 
  • Trade union membership 
  • Genetic data, such as data obtained from blood or saliva samples 
  • Biometric data (information on psychological, physical, or behavioral characteristics that can identify a person) 
  • Health data 
  • Data on sexual orientation or sex life 

Profiling Definition according to Article 4 of the GDPR For the purposes of this Regulation: "profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. 

Explanation: Profiling involves collecting various information about a person to learn more about them. In the web context, profiling is often used for targeted advertising, content recommendations, or personalized user experiences. It is typically based on various data points, such as online behavior, preferences, location, and other factors, to create a detailed profile of a person's interests and habits. Profiling can be used for various purposes, such as marketing, customer service improvement, or fraud detection. 

Explanation: Profiling involves gathering various pieces of information about a person to gain deeper insights into that individual. In the web context, profiling is frequently used for advertising purposes or even for credit assessments. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website, creating a specific user profile. This profile is then used to deliver targeted advertisements to a specific target audience. 

Data Controller Definition according to Article 4 of the GDPR For the purposes of this Regulation: "controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

Explanation: In our case, we are responsible for processing your personal data and thus the "data controller." When we share collected data with other service providers for processing, they become "data processors." This requires a "data processing agreement (DPA)" to be signed. 

Processing Definition according to Article 4 of the GDPR For the purposes of this Regulation: "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Note: When we mention processing in our privacy policy, we refer to any type of data processing. As mentioned in the original GDPR statement above, this includes not only collecting but also storing and processing data. All texts are protected by copyright. 

Source: Created with the Privacy Policy Generator of AdSimple 

 

Note: The English translation may contain technical terms specific to data protection regulations. Please ensure the accuracy and compliance of the translation with relevant legal requirements in your jurisdiction.

WANT TO GET NEWS FIRST?

SIGN UP TO RECEIVE THE LATEST HANDMADE PRODUCTS, PLUS SOME EXCLUSIVE GOODIES!

I don’t spam!

This will close in 20 seconds

Account
Home
Shop
About
0
Cart