Privacy policy

Last updated: April 11, 2026

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Heike Kolles
Porzellangasse 50
1090 Vienna
Austria

Email: hello@heikekolles.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.


2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, meaning if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.


3) Hosting & Content Delivery Network

Shopify

For the hosting of our website and the display of page content, we use the system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data is also transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.


4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for longer and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of your web browser’s cookie settings.

If personal data is also processed by individual cookies used by us, the processing is carried out either in accordance with Art. 6(1)(b) GDPR for the performance of the contract, in accordance with Art. 6(1)(a) GDPR in the case of consent given, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

To obtain your consent for the storage of certain cookies and to document this in a data protection compliant manner, this website uses a cookie consent tool provided by Consentmo Ltd.


5) Contacting Us

5.1 Shopify Inbox

This website uses the live chat system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

The processing of personal data transmitted via chat is carried out either in accordance with Art. 6(1)(b) GDPR because it is necessary for the initiation or performance of a contract, or in accordance with Art. 6(1)(f) GDPR due to our legitimate interest in the effective support of our website visitors.

Your data transmitted in this way will be deleted, subject to statutory retention periods, once the matter in question has been conclusively clarified.

In addition, for the purpose of creating pseudonymized user profiles, further information may be collected and evaluated using cookies, which does not serve your personal identification and is not merged with other data sets. If this information has personal relevance, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be restricted. You may object to the collection and storage of data for the purpose of creating a pseudonymized user profile at any time with effect for the future.

Data is also transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.


6) Data Processing When Opening a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary if you provide it to us when opening a customer account. Which data is required for account opening can be seen from the input form of the relevant form on our website.

You may delete your customer account at any time by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via the account have been fully processed, no statutory retention periods prevent deletion, and we have no legitimate interest in further storage.


7) Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required to send the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters once you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used strictly for this purpose.

You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter mailing list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Omnisend

Our email newsletters are sent via the following provider:

Soundest Ltd.
Unit A3, Gateway Tower
32 Western Gateway
London E16 1YL
United Kingdom

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when registering for the newsletter to this provider in accordance with Art. 6(1)(f) GDPR so that they can send the newsletter on our behalf.

Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also carries out a statistical performance evaluation of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the contents of the newsletter. Device information (e.g. time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data records.

You may revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

For transfers of data to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7.3 Cart Reminder Emails

If you cancel your purchase with us before completing the order, you have the option to receive a one-time reminder by email about the contents of your virtual shopping cart.

The only mandatory information required to send this reminder is your email address. The provision of further data is voluntary and may be used to address you personally. For sending emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification after you have expressly confirmed your consent by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR for sending a cart reminder. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when registering for our email notification service will be used strictly for this purpose.

You can unsubscribe from cart reminders at any time by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be immediately deleted from the relevant mailing list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.


8) Data Processing for Order Handling

8.1 General Order Processing

To the extent necessary for the performance of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when placing the order in order to inform you personally within the scope of our statutory information obligations in accordance with Art. 6(1)(c) GDPR. Your contact data is used strictly for notifications about updates owed by us and is processed by us only to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), which support us in whole or in part in the performance of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Use of Payment Service Providers

Apple Pay

If you choose the payment method “Apple Pay” of Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function of your device operated with iOS, watchOS, or macOS by charging a payment card stored with “Apple Pay.” Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must therefore enter a code previously set by you and verify using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provide during the ordering process, together with information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay for the purpose of processing the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the success of the payment.

If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Through anonymization, any personal reference is completely excluded. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on a Mac, the Mac and the authorization device communicate via an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and disable “Allow Payments on Mac.”

Further information on data protection with Apple Pay can be found at:
https://support.apple.com/de-de/HT203027

Klarna

This website offers one or more online payment methods from the following provider:

Klarna Bank AB
Sveavägen 46
111 34 Stockholm
Sweden

If you select a payment method of the provider in which you make advance payment (for example credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where the provider makes advance payment (for example invoice or installment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, data relating to an alternative means of payment).

In order to safeguard our legitimate interest in determining the creditworthiness of our customers, this data will be forwarded by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, and payment experience), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

In addition to provider-internal criteria, identity and creditworthiness information from the following credit agencies may also be included in the decision as part of the application review in accordance with Art. 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

PayPal

This website offers one or more online payment methods from the following provider:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

If you choose a payment method of the provider in which you make advance payment, your payment data communicated during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where we make advance payment, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, data relating to an alternative means of payment).

In such cases, in order to safeguard our legitimate interest in determining your creditworthiness, this data will be forwarded by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, and payment experience), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

Shopify Payments

This website offers one or more online payment methods from the following provider:

Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

If you choose a payment method of the provider in which you make advance payment (for example credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

Stripe

This website offers one or more online payment methods from the following provider:

Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Grand Canal Dock
Dublin
Ireland

If you choose a payment method of the provider in which you make advance payment (for example credit card payment), your payment data communicated during the ordering process (including name, address, bank and payment card information, currency, and transaction number), as well as information about the contents of your order, will be passed on to the provider in accordance with Art. 6(1)(b) GDPR. Your data is passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where the provider makes advance payment (for example invoice or installment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, data relating to an alternative means of payment).

In order to safeguard our legitimate interest in determining the creditworthiness of our customers, this data will be forwarded by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, and payment experience), the provider checks whether the payment option selected by you can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

8.3 Print-on-Demand / Fulfillment Services

To process and fulfill orders, we work with external print-on-demand and fulfillment service providers. These providers are responsible for producing and shipping the ordered products.

We cooperate with the following providers:

  • WhiteWall Media GmbH, Europaallee 59, 50226 Frechen, Germany
  • Printful, Inc., 11025 Westlake Dr., Charlotte, NC 28273, USA

For the purpose of order processing, the necessary personal data (in particular name, delivery address, and order details) is shared with these service providers.

The data is transferred solely for the purpose of fulfilling the contract in accordance with Art. 6(1)(b) GDPR.

Please note that when using Printful, Inc., personal data may be transferred to a third country, in particular the United States. In such cases, the data transfer is based on appropriate safeguards pursuant to Art. 46 GDPR, in particular standard contractual clauses.

For more information, please refer to Printful’s privacy policy:
https://www.printful.com/policies/privacy


9) Embedded Videos (YouTube and Vimeo)

We use embedded videos from external platforms on our website, in particular YouTube and Vimeo.

Providers:

  • YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA

When you access a page that contains an embedded video, a connection to the servers of the respective provider is established. In doing so, personal data such as your IP address and technical information about your device and browser may be transmitted to the provider.

If you are logged into your respective account (e.g. YouTube or Vimeo), the provider may associate your browsing behavior with your personal profile.

The use of these services is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR. The content is only loaded after you have given your consent via the cookie consent tool.

Please note that data may be transferred to third countries, in particular the USA. In such cases, the transfer is based on appropriate safeguards pursuant to Art. 46 GDPR, such as standard contractual clauses.

For more information, please refer to the privacy policies of the respective providers:


10) Tools and Miscellaneous

10.1 DATEV / Accounting

For the creation of invoices and the handling of bookkeeping, we use the service of:

Pathway Solutions GmbH
c/o ba tax gmbh
Alstertwiete 3
20099 Hamburg
Germany
Phone: +49 (0)40524720671
Email: info@pathway-solutions.de

The provider processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions in order to automatically capture invoices, match them to transactions, and generate financial accounting in a partially automated process.

If personal data is also processed in this context, the processing is based on our legitimate interest in the efficient organization and documentation of our business processes in accordance with Art. 6(1)(f) GDPR.

10.2 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications requiring consent. For this purpose, the website uses the cookie consent tool of Consentmo Ltd.

The “cookie consent tool” is displayed to users when they access the website in the form of an interactive user interface in which consent for certain cookies and/or cookie-based applications can be granted by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user grants consent by ticking the corresponding boxes. This ensures that such cookies are only set on the user’s device if consent has been granted.

The tool sets technically necessary cookies in order to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data such as the IP address is processed for the purpose of storing, assigning, or logging cookie settings, this is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically non-essential cookies dependent on the respective user’s consent.

Where required, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

10.3 Google Fonts

This website uses fonts (“Google Fonts”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When a page is accessed, your browser loads the required fonts directly from Google’s servers. In doing so, your IP address is transmitted to Google.

The use of Google Fonts takes place exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR. Consent is obtained via the cookie consent tool used and can be withdrawn at any time with effect for the future.

Further information about Google Fonts can be found at:
https://developers.google.com/fonts/faq

Google’s privacy policy can be found at:
https://policies.google.com/privacy

 

10.3 – Google reCAPTCHA

On this website, we use the CAPTCHA service provided by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transferred to: Google LLC, USA.

For the visual design of the CAPTCHA window, the provider uses “Google Fonts,” i.e., fonts loaded from the internet by Google. No additional information beyond what is already transmitted to Google via the functionality of reCAPTCHA is processed in this context.

The service checks whether an input is made by a natural person or abusively through machine and automated processing, and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is carried out by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits this data to the provider’s servers for evaluation. Cookies may be used for this purpose, i.e., small text files stored in the browser of the device.

If the processing described above is carried out on the basis of cookies, these are only set if you have given your explicit consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual accountability on the internet and in preventing misuse and spam pursuant to Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

 

10.4. Retargeting / Remarketing and Conversion Tracking

Meta Pixel with Advanced Matching (added 13 April 2026)

Within our online offering, we use the “Meta Pixel” service provided by the following provider in advanced matching mode: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

If a user clicks on an advertisement placed by us on Facebook or Instagram, the URL of our linked page is extended by a parameter using “Meta Pixel.” This URL parameter is then stored in the user’s browser via a cookie set by our linked page after redirection. In addition, this cookie collects specific customer data such as the email address, which we obtain on our website linked to the Facebook or Instagram advertisement during processes such as purchases, account logins, or registrations (advanced matching). The cookie is then read and enables the transmission of the data, including specific customer data, to Meta.

We use “Meta Pixel” with advanced matching to make our advertisements (“ads”) on Facebook and/or Instagram more effective and to ensure that they correspond to users’ interests or exhibit certain characteristics (e.g., interests in specific topics or products determined based on visited websites), which we transmit to Meta (so-called “Custom Audiences”).

In addition, we analyze the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an ad (conversion). Compared to the standard version of “Meta Pixel,” the advanced matching feature helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Meta, making it possible to assign it to the respective user profile, and allowing Meta to use the data for its own advertising purposes in accordance with Meta’s data usage policy (https://www.facebook.com/about/privacy/). The data may enable Meta and its partners to place advertisements on and outside of Facebook.

All processing described above, in particular the setting of cookies for reading information on the device used, is only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by disabling this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

 

10.5. Microsoft Clarity (Analytics Tool)

We use the analytics service “Microsoft Clarity,” provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”), on our website.

Microsoft Clarity enables us to analyze user behavior on our website through the use of cookies and similar technologies. This includes, in particular, information about how visitors interact with the website, such as mouse movements, clicks, scrolling behavior, and visited pages. The purpose of this processing is to better understand user behavior, improve our website, and optimize the user experience.

Microsoft Clarity uses various technologies, including tracking scripts and so-called “Clarity Agents” (such as Clarity JS and Clarity JS Agents), to collect and process user interaction data on our website. These technologies are part of the functionality of Microsoft Clarity and enable the analysis of user behavior as described above.

In this context, personal data such as IP address, device information, browser type, approximate geographic location, and usage data may be collected and processed. The data may also be used to create aggregated reports on website activity.

Microsoft may process this data on our behalf and may also transfer it to servers located outside the European Union, in particular to the United States.

The use of Microsoft Clarity is based on your consent in accordance with Art. 6(1)(a) GDPR, provided that you have given your consent via our cookie consent tool. You may withdraw your consent at any time with effect for the future by adjusting your settings in the cookie consent tool.

We have concluded a data processing agreement with Microsoft to ensure the protection of your personal data and to prevent unauthorized disclosure to third parties.

For more information on how Microsoft processes personal data, please refer to Microsoft’s privacy policy: https://privacy.microsoft.com/


11) Rights of the Data Subject

11.1 Applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the legal basis stated for the respective exercise requirements:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw consent granted pursuant to Art. 7(3) GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

11.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.


12) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and, where applicable, also by the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer required for the performance or initiation of the contract and/or we have no legitimate interest in further storage.

When personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When personal data is processed for the purpose of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information of this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.


13) Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.


14) Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date, and provide notice as required by applicable law.


15) Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at hello@heikekolles.com or contact us at:

Heike Kolles
Porzellangasse 50
1090 Vienna
Austria

For the purposes of applicable data protection laws, we are the data controller of your personal information.