Data protection

We process personal data (hereinafter mostly referred to as "data") only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we decide on the purposes and means of processing, either alone or jointly with others. Furthermore, we inform you below about the third-party components we use for optimization purposes and to improve the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the responsible party
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the responsible party

The responsible provider of this website in terms of data protection law is:

Beyond the Past
Owner Beata Magdalena Kulesza
Beatrixgasse 11/6
D-1030 Vienna
Austria
Email: info@beyondthepast.shop

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);
to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
to the immediate erasure of the data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is necessary pursuant to Art. 17 (3) GDPR, to the restriction of processing in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (see also Art. 20 GDPR);
to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

Furthermore, the provider is obligated to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing pursuant to Articles 16, 17 (1), and 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Likewise, according to Art. 21 GDPR, users and data subjects have the right to object to the future processing of their data, provided that the data is processed by the provider in accordance with Art. 6 (1) (f) GDPR. In particular, an objection to data processing for direct marketing purposes is permissible.

III. Information on data processing

Your data processed when you use our website will be deleted or blocked as soon as the purpose of storage no longer applies, there are no legal retention obligations that prevent the deletion of the data and no other information is given below regarding individual processing procedures.

Server data

For technical reasons, particularly to ensure a secure and stable website, data is transmitted through your internet browser to us or our web space provider. These so-called server log files collect, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of each access, and the IP address of the internet connection from which you accessed our website.

The data collected in this way will be stored temporarily, but not together with other data about you.

This storage is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted after seven days at the latest, unless further retention is required for evidentiary purposes. Otherwise, the data will be exempt from deletion in whole or in part until the incident has been finally resolved.

Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your device by the internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, effective and secure, as it enables, for example, the display of our website in different languages or the provision of a shopping cart function.

The legal basis for this processing is Art. 6 (1) (b) GDPR, provided that these cookies process data for the purpose of initiating or executing a contract.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis in this case is Art. 6 (1) (f) GDPR.

When you close your internet browser, these session cookies are deleted.

b) Third-party cookies

Our website may also use cookies from partner companies with whom we work for the purposes of advertising, analysis or the functionality of our website.

For details, in particular regarding the purposes and legal basis for processing such third-party cookies, please see the information below.

c) Possibility of removal

You can prevent or restrict the installation of cookies by adjusting the settings in your Internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required to do this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, you cannot prevent the processing of cookies via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required to do this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may result in not all functions of our website being fully usable.

Contract processing

The data you submit to use our products and/or services will be processed by us for the purpose of contract execution and is necessary for this purpose. Conclusion and contract execution are not possible without providing your data.

The legal basis for the processing is Art. 6 (1) (b) GDPR.

We will delete the data once the contract has been fully processed, but we must observe the retention periods required by tax and commercial law.

As part of the contract processing, we will pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 (1) (b) GDPR.

Customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you entered during registration (e.g., your name, address, or email address) exclusively for pre-contractual services, for contract fulfillment, or for customer care purposes (e.g., to provide you with an overview of your previous orders with us or to offer you the so-called wish list function). At the same time, we will store your IP address and the date and time of your registration. This data will not be shared with third parties.

As part of the registration process, your consent to this processing will be obtained and reference will be made to this privacy policy. The data we collect will be used exclusively to provide the customer account.

If you consent to this processing, Art. 6 (1) (a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfilment of the contract, the legal basis for this processing is also Art. 6 (1) (b) GDPR.

You may revoke your consent to open and maintain your customer account at any time with future effect in accordance with Art. 7 (3) GDPR. To do so, you simply need to notify us of your revocation.

The data collected in this way will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

We maintain an online presence on Pinterest to present our company and our services and to communicate with customers and interested parties. Pinterest is a service of Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

In this respect, we point out that it is possible that user data may be processed outside the European Union, particularly in the USA. This may increase the risks for users, for example, by making subsequent access to user data more difficult. We also have no access to this user data. Access is solely available to Pinterest. Pinterest Inc. is certified under the Privacy Shield and is therefore committed to complying with European data protection standards.

https://www.privacyshield.gov/participant?id=a2zt00000008VVzAAM&status=Active

Pinterest’s privacy policy can be found at

https://policy.pinterest.com/de/privacy-policy

Instagram

To promote our products and services and to communicate with interested parties or customers, we maintain a company presence on the Instagram platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Instagram’s data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated our joint controllership in an agreement regarding our respective obligations under the GDPR. This agreement, from which our mutual obligations arise, can be accessed at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the resulting processing of personal data, as described below, is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.

The legal basis may also be the user's consent to the platform operator pursuant to Art. 6 (1) (a) GDPR. According to Art. 7 (3) GDPR, the user may revoke this consent at any time with effect for the future by notifying the platform operator.

When you visit our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).

This user data is used to collect statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users both within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of the visit, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the personal data entered on this occasion will be used to process the request. The user's data will be deleted by us provided the user's request has been conclusively answered and there are no statutory retention periods, such as those required for subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, they have the option of preventing the installation of cookies by configuring their browser accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. Flash cookies cannot be prevented via the browser settings, but rather by configuring the Flash Player accordingly. If the user prevents or restricts the installation of cookies, this may result in not all Facebook functions being fully available.

Further information on the processing activities, their prevention and the deletion of data processed by Instagram can be found in Instagram's data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that processing by Facebook Ireland Ltd. may also be carried out by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has submitted to the “EU-US Privacy Shield” and thereby declares that it complies with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Social media linking via graphic or text link

We also promote our presence on the social networks listed below on our website. The integration is achieved via a linked graphic of the respective network. Using this linked graphic prevents a connection to the respective social network's server from being automatically established when accessing a website that has a social media advertisement in order to display a graphic from the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the respective social network's service.

After the user is redirected, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This primarily includes data such as IP address, date, time, and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the collected information from the specific user visit to the user's personal account. If the user interacts via a "Share" button on the respective network, this information may be stored in the user's personal user account and possibly published. If the user wishes to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site via links:

Pinterest Inc., 651 Brannan Street, San Francisco, CA, 94107, USA.

EU-US Privacy Shield certification