Privacy policy.
1) Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. The following policy explains how we handle your personal data when you use our website. Personal data is any information by which you can be personally identified.
1.2 The controller for data processing on this website under the General Data Protection Regulation (GDPR) is Janusz Strzalkowski, Atelier Galerie, Hofgartensiedlung 29, 3484 Grafenwörth, Austria, Tel.: +43 699 117 87 620, Email: janus@check.at. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website
2.1 When using our website for informational purposes only, meaning without registration or providing information in another way, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data which is technically necessary to display the website:
The website visited
Date and time of access
Amount of data sent in bytes
Referring source/URL
Browser used
Operating system used
IP address used (possibly anonymized)
Processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to retrospectively check server log files if there are specific indications of unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
Squarespace
We use the services of the following provider for hosting and displaying the website: Squarespace Ireland Ltd., Squarespace House, Ship Street Great, Dublin 8, D08 N12C, Ireland.
All data collected on our website is processed on the servers of this provider. We have concluded a data processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.
As part of the aforementioned services, data may also be processed by Squarespace Inc. in the USA on our behalf.
For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.
4) Cookies
To make the visit to our website attractive and enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are deleted after the browser is closed ("session cookies"), while others remain stored to allow recognition of your browser and retain site settings ("persistent cookies"). The duration of storage can be found in your browser’s cookie settings.
Where cookies process personal data, processing is based on Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(a) GDPR (consent), or Art. 6(1)(f) GDPR (legitimate interest in optimal functionality and user-friendly experience).
You can set your browser to notify you about cookie placement, decide on a case-by-case basis whether to accept them, or exclude cookies entirely.
Please note that disabling cookies may limit the functionality of our website.
5) Contacting Us
When contacting us (e.g. via contact form or email), personal data is collected only to the extent necessary to process and respond to your request.
The legal basis for processing this data is our legitimate interest in responding to your inquiry per Art. 6(1)(f) GDPR. If your inquiry is related to a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted once the matter is resolved and unless statutory retention obligations apply.
6) Use of Customer Data for Direct Advertising
6.1 Newsletter Subscription
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only required information is your email address. Providing additional data is voluntary and allows us to address you personally. We use a double opt-in process to ensure that you only receive newsletters if you have explicitly confirmed your consent by clicking a verification link sent to your email.
By activating the confirmation link, you consent to the use of your personal data under Art. 6(1)(a) GDPR. We log your IP address and the date/time of registration to document potential misuse. The data collected during registration is used strictly for newsletter purposes.
You may unsubscribe at any time via the link provided in the newsletter or by notifying the controller. Upon unsubscription, your email address will be deleted from our distribution list, unless you have consented to further use or we are legally allowed to retain the data for other purposes.
6.2 Newsletter to Existing Customers
If you provided your email during a purchase, we may send you offers for similar goods/services via email. This does not require separate consent under § 7(3) UWG. Processing is based on our legitimate interest in personalized direct advertising under Art. 6(1)(f) GDPR. If you objected to such use from the outset, you will not receive emails.
You may object at any time to the use of your email for advertising purposes by notifying the controller. This incurs no additional costs beyond basic transmission fees. Upon receiving your objection, we will immediately cease using your email for promotional purposes.
7) Data Processing for Order Fulfillment
7.1 To the extent necessary for the fulfillment of the contract for delivery and payment purposes, personal data collected by us will be transmitted to the contracted transport company and the contracted financial institution in accordance with Art. 6(1)(b) GDPR.
If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data provided by you when ordering in order to inform you personally within the scope of our legal information obligations pursuant to Art. 6(1)(c) GDPR. Your contact data is strictly used for notifications regarding owed updates and will only be processed to the extent necessary for that purpose.
We also work with the following service providers to support us in executing concluded contracts. The following personal data is transmitted to these service providers in accordance with the following information.
7.2 Transfer of Personal Data to Shipping Service Providers
DHL Express
We use the following provider as a transport service: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.
We transmit your email address and/or phone number to DHL before delivery of the goods, for the purpose of coordinating a delivery date or delivery notice, provided you have expressly consented to this in the ordering process in accordance with Art. 6(1)(a) GDPR. Otherwise, we only provide the name and delivery address to DHL for the purpose of delivery, pursuant to Art. 6(1)(b) GDPR. The data is only shared if required for the delivery of goods. In this case, advance coordination of the delivery date or delivery notice is not possible.
You may revoke your consent at any time with effect for the future by contacting either us or the provider.
7.3 Use of Payment Service Providers
PayPal
This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
If you choose a payment method requiring advance payment, your payment data (including name, address, bank and card details, currency, and transaction number) as well as information about your order will be transmitted to the provider under Art. 6(1)(b) GDPR. This data transfer occurs solely for the purpose of processing payments and only to the extent necessary.
If you choose a payment method where we provide goods in advance, you will be prompted during checkout to provide certain personal data (full name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly alternative payment data).
In such cases, to protect our legitimate interest in assessing your creditworthiness, we may transmit this data to the provider for a credit check under Art. 6(1)(f) GDPR. The provider uses this data and additional details (e.g., shopping cart, invoice amount, order history, payment experience) to determine whether the selected payment method can be approved.
The credit report may include probability values (so-called score values), which are calculated based on scientifically recognized mathematical-statistical procedures. Address data may also be included.
You may object to this processing at any time by contacting us or the provider. However, the provider may continue processing your personal data if it is required for the contractual handling of payments.
Stripe
This website offers one or more online payment methods from the following provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
If you choose a payment method where you pay in advance (e.g., credit card), your payment data (including name, address, bank and card details, currency, and transaction number) and order details will be transmitted to the provider under Art. 6(1)(b) GDPR. The data is shared solely for payment processing and only to the extent necessary.
If the selected payment method involves advance service by the provider (e.g., invoice, installment, or direct debit), you will be asked during the checkout process to provide personal information (name, address, date of birth, email, telephone, and possibly alternative payment details).
To protect our legitimate interest in verifying customer creditworthiness, this data may be transmitted to the provider for credit checking under Art. 6(1)(f) GDPR. The provider evaluates the data and additional factors (e.g., shopping cart, total amount, order history, payment history) to determine whether the selected payment option can be approved.
The credit report may include probability values (so-called score values), based on scientifically recognized mathematical-statistical methods. Address data may be used in this calculation.
You may object to this processing at any time by contacting us or the provider. However, the provider may still process your data if required for contractual payment fulfillment.
8) Web Analytics Services
8.1 Google Optimize
This website uses "Google Optimize", a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Based on "Google Analytics", this service enables statistical evaluations of how new features and content on the website are used by displaying test variants to specific user groups. This allows us to determine which versions are preferred, helping us improve the attractiveness of our site.
Google Optimize uses cookies—small text files stored on your device—to analyze your use of the website. Information collected by cookies is typically transferred to and processed on servers operated by Google. This may also involve the transmission of data to servers of Google LLC based in the USA.
All the data processing activities described above, particularly the use of cookies for storing and reading data on your device, only take place if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Optimize will not be used during your visit. You can revoke your consent at any time for the future by deactivating this service via the cookie consent tool provided on the website.
We have entered into a data processing agreement with the provider to ensure the protection of our visitors' data and to prevent unauthorized sharing with third parties.
For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection.
More information on Google's data protection practices can be found at:
https://business.safety.google/intl/de/privacy/ and
https://policies.google.com/privacy?hl=en&gl=en
8.2 Google Tag Manager
This website uses "Google Tag Manager", a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Tag Manager provides the technical foundation to manage and control various web applications (including tracking and analytics tools) via a single interface. The Tag Manager itself neither stores nor reads information on end-user devices and does not carry out independent data analyses. However, it transmits your IP address to Google when the page is accessed, and this may be stored. Data transfers to Google LLC servers in the USA are also possible.
This processing is carried out only with your express consent under Art. 6(1)(a) GDPR. If you do not grant this consent, the service will not be used during your visit. You can revoke your consent at any time for the future using the cookie consent tool on our website.
We have signed a data processing agreement with the provider to ensure the security of our visitors’ data and to prevent unauthorized third-party access.
Google is certified under the EU-U.S. Data Privacy Framework, ensuring a level of protection equivalent to European standards.
Further legal information on Google Tag Manager:
https://business.safety.google/intl/de/privacy/
https://policies.google.com/privacy?hl=en&gl=en
8.3 Squarespace Analytics
This website uses the web analytics service provided by Squarespace, Le Pole House, Ship Street Great, Dublin 8, Ireland.
Using cookies and/or similar technologies (e.g., tracking pixels, web beacons, device/browser data algorithms), the service collects and stores pseudonymized data on visitors, including device IP address and browser details. This is used to analyze user behavior and create pseudonymized user profiles. Movement patterns such as heatmaps, session durations, and interactions with site elements (e.g., scrolling, clicks, hovers) may also be captured. Pseudonymization ensures that the data cannot be directly linked to individuals. The data will not be combined with any other personally identifiable information.
All processing activities described above are performed only if you have given explicit consent per Art. 6(1)(a) GDPR. You can revoke your consent at any time for the future via the cookie consent tool.
We have signed a data processing agreement with the provider to ensure the protection of visitors’ data and to prevent unauthorized sharing.
Squarespace is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with European data protection laws.
8.4 Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") to analyze usage behavior on our site.
When visiting the site, cookies are set to collect information about your interaction. This includes your IP address, which is anonymized (shortened) by Google to prevent direct personal identification.
Data is transmitted to and processed on servers operated by Google, including servers in the USA.
Google uses this data on our behalf to evaluate your website use, compile activity reports, and provide other services related to internet usage. The shortened IP address transmitted by your browser is not merged with other Google data. Data is stored for two months and then deleted.
These operations only take place if you have given consent under Art. 6(1)(a) GDPR. Without consent, Google Analytics will not be used during your visit. You may revoke your consent at any time using the cookie consent tool on the website.
We have entered into a data processing agreement with Google to ensure data protection.
More legal information on Google (Universal) Analytics is available at:
https://business.safety.google/intl/de/privacy/
https://policies.google.com/privacy?hl=en&gl=en
https://policies.google.com/technologies/partner-sites
Demographics and Google Signals
The “Demographics” feature allows anonymous analysis of user age, gender, and interests, based on third-party advertising. Data is not personally identifiable and is deleted after two months.
As an extension, Google Signals may be used to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze behavior across devices and generate conversion models. We do not receive any personal data, only aggregate reports.
You can disable cross-device tracking via your Google account settings:
https://support.google.com/ads/answer/2662922?hl=en
More info on Google Signals:
https://support.google.com/analytics/answer/7532985?hl=en
The "UserID" feature may also be used if you consented to Google Analytics and have created a login. This enables device-spanning tracking of user behavior including conversions.
Google is certified under the EU-U.S. Data Privacy Framework.
9) Website Functionalities
9.1 Google reCAPTCHA
This website uses the CAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Data may also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses "Google Fonts", i.e., fonts loaded from the internet by Google. No further processing of data beyond the information transferred during reCAPTCHA functionality occurs.
The service checks whether an input is made by a human or is abusive, automated processing, and helps block spam, DDoS attacks, and similar threats. To verify that an action is being performed by a human and not a bot, the provider collects the IP address of the device, information about the browser and operating system used, as well as the date and duration of the visit. This data is sent to servers of the provider. Cookies (small text files stored in your browser) may be used.
If these processes are based on cookies, they are only activated if you have given us your explicit consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time with future effect by disabling this service through the cookie consent tool on the website.
If the described data processing is done without cookies, the legal basis is our legitimate interest in determining individual responsibility on the internet and in preventing abuse and spam according to Art. 6(1)(f) GDPR.
We have entered into a data processing agreement with the provider to ensure protection of our visitors’ data and to prevent unauthorized disclosure to third parties.
For data transfers to the USA, the provider is certified under the EU-U.S. Data Privacy Framework, ensuring compliance with European data protection standards.
Further information on Google's privacy policy can be found here:
https://business.safety.google/intl/de/privacy/
9.2 Google Customer Reviews (formerly Google Certified Shops)
We collaborate with Google through the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program allows us to collect reviews from users who have purchased from our website. After completing a purchase, you may be asked if you would like to participate in an email survey from Google.
If you give your consent pursuant to Art. 6(1)(a) GDPR, we will transmit your email address to Google. You will then receive an email from Google Customer Reviews asking you to rate your shopping experience. The submitted rating may be aggregated with other reviews and displayed in our Google Customer Reviews badge and Merchant Center dashboard. Your rating may also be used for Google Seller Ratings. During this process, personal data may be transferred to Google LLC servers in the USA.
You can withdraw your consent at any time by contacting the data controller or Google.
Google is certified under the EU-U.S. Data Privacy Framework, ensuring a level of protection equivalent to European standards.
Further information on Google's data privacy policy can be found here:
https://business.safety.google/intl/de/privacy/
10) Tools and Other Services
Cookie Consent Tool
This website uses a cookie consent tool to obtain valid user consent for cookies and cookie-based applications requiring consent. When the site is accessed, users are shown an interactive interface that allows them to provide consent via checkbox selections. Only cookies/services requiring consent are loaded once the user has given their permission.
The tool sets technically necessary cookies to store your cookie preferences. Generally, no personal user data is processed.
If personal data is processed (such as IP addresses) for the purpose of storing or logging cookie preferences, it is done pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific cookie management and the legally sound configuration of our online presence.
Another legal basis for processing is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to obtain consent before using non-essential cookies.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and to prevent unauthorized sharing with third parties.
More information about the operator and customization options for the cookie consent tool can be found in the respective interface on our website.
11) Rights of the Data Subject
11.1 Under applicable data protection laws, you have the following rights concerning your personal data:
Right of access (Art. 15 GDPR);
Right to rectification (Art. 16 GDPR);
Right to erasure (Art. 17 GDPR);
Right to restriction of processing (Art. 18 GDPR);
Right to be informed (Art. 19 GDPR);
Right to data portability (Art. 20 GDPR);
Right to withdraw consent (Art. 7(3) GDPR);
Right to lodge a complaint (Art. 77 GDPR).
11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. THIS APPLIES WITH FUTURE EFFECT.
IF YOU OBJECT, WE WILL CEASE PROCESSING THE DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING IS NECESSARY TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME. IF YOU EXERCISE THIS RIGHT, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR MARKETING PURPOSES IMMEDIATELY.
12) Duration of Storage of Personal Data
The duration of the storage of personal data depends on the legal basis, processing purpose, and—if applicable—statutory retention requirements.
Where processing is based on your explicit consent per Art. 6(1)(a) GDPR, we retain your data until you revoke your consent.
Where statutory retention periods apply (e.g., commercial or tax regulations) for data processed under Art. 6(1)(b) GDPR, the data will be deleted upon expiration of the retention period unless it is still needed for contract performance or initiation and/or we have a legitimate interest in its continued retention.
Where processing is based on Art. 6(1)(f) GDPR, data is retained until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds that override your interests or the processing is for the establishment, exercise, or defense of legal claims.
For data processed for direct marketing purposes under Art. 6(1)(f) GDPR, the data is retained until you object pursuant to Art. 21(2) GDPR.
Unless otherwise stated elsewhere in this declaration, personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.