With the BALTHAZAR platform (“Platform”), we offer you a platform through which second-hand designer fashion and accessories and lifestyle products can be bought and sold and related services (e.g. shipping of items for sale, authenticity check, concierge service) can be used. In this context, your personal data is processed primarily to enable us to process your order, but also to enable us to contact you or to inform you about new offers. Naturally, this also involves the processing of the personal data you have provided to us. As we are aware of the high value that your personal data enjoys, we will inform you in more detail below about how we process your personal data (“your data”) in connection with the platform.
- Who is responsible for processing your data?
The following person is responsible for data processing in connection with the platform:
Mag. Heike STEINER
7141 Podersdorf am See
- What personal data do we process?
- What is personal data?
Personal data is basically all information that relates to an identified or identifiable natural person. This includes, in particular, e-mail address, company code (to assign the company), first name, last name, address, telephone number, data in connection with payment processing.
The use of information that is not personal is not subject to any restriction under data protection law, because in these cases it is no longer possible to trace the data back to a specific person (so-called anonymous data, such as aggregated data of a group).
- Necessary data processing when using the platform
General: In order to use the functions of the platform, in particular to be able to sell items for sale on the platform, sellers must register. For buyers, registration is optional.
The following data is processed: IP address, username, email address, telephone number and your booking history. This data is also referred to collectively below as “your profile data”.
Purpose: The processing of your profile data is necessary to enable us to provide our services (sale or purchase of sale items offered on our platform, authenticity check, shipment of sale items, concierge service, payment processing [hereinafter collectively “Activities”]).
Legal basis: The processing of your profile data is necessary for the performance of your activities. The processing is therefore carried out in the context of the performance of a contract pursuant to Art 6 (1) DSGVO.
Storage period: We store your profile data as long as this is necessary to carry out your activities or we are legally obliged to store this data. As a rule, this data is subject to a 7-year retention period.
Recipients / categories of recipients: None.
General: If you carry out activities via our platform, the processing of your personal data may be necessary.
The following data will be processed: In addition to the profile data described under point 3.2.1, the product data you provide (descriptions, images, etc.), certificates of authenticity, confirmations of plagiarism and data in connection with the processing of payments are processed.
Purpose: The processing of your personal data is necessary for us to provide our services and to enable you to carry out your activities on our platform.
Legal basis: The processing of your personal data is necessary for the performance of your activities. The processing is therefore carried out in the context of the performance of a contract pursuant to Art 6 (1) DSGVO.
Storage period: We store your data as long as this is necessary to carry out your bookings or we are legally obliged to store this data. As a rule, this data is subject to a 7-year retention period.
Recipients / categories of recipients: Any service providers required to carry out the activities (e.g. delivery services, financial service providers).
- Processing your enquiries
General: You can contact me directly via the contact details listed in point 2 for questions about our company, this platform, the sales articles, the services offered and for suggestions or complaints.
The following data are processed: E-mail address, date and time of your request, content of your request.
Purpose: We process your data in order to be able to process your request.
Legal basis: The processing of your request is in our legitimate interest. The processing is therefore carried out in accordance with Art 6 para 1 lit f DSGVO.
Storage period: We store your data as long as this is necessary to process your enquiry or we are legally obliged to store this data. As a rule, this data is subject to a 7-year retention period.
Recipients / categories of recipients: none.
- Optional data processing when using the platform
General: We also process your data to inform you about other services offered by us or third-party providers. For example, we would send you information via the platform if the range of services expands.
The following data is processed: IP address, username, email address, telephone number and your booking history.
Purpose: We process your data to send you information about the services offered via the platform and our newsletter.
Legal basis: In order to be able to send you information about our additional range of services, we ask you separately for your consent (Art 6 para 1 lit a DSGVO, § 107 TKG). You give us this consent voluntarily! This means that you can also revoke your consent at any time, but our processing is valid until you revoke it.
Storage period: We store your data for the purpose of sending you this information and for the transmission of the newsletter until you revoke your consent.
Recipients / categories of recipients: We use the services of service providers for technical processing.
- Data processing when using the platform
- Google Analytics
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly. They can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link.
The legal basis for the use of this service is Art. 6 Para. 1 Sentence. 1 Letter f DSGVO and serves the legitimate interest of analysing user behaviour on our website and the possible design according to needs.
- Data processing to comply with the law, respond to legal requests, prevent damage and protect rights
We may disclose your personal information to courts, law enforcement and other government agencies, tax authorities or authorised third parties if and to the extent required or permitted by law or if disclosure is objectively necessary for the following purposes:
to fulfil our legal obligations;
- to fulfil our legal obligations;
- to comply with a legally enforceable demand or to respond to claims made against us;
- to comply with a final request related to a criminal investigation or an alleged or suspected illegal act or other act that may expose us, you or other users to legal liability;
- For the purposes of fraud detection and prevention, risk assessment, customer support, product development and troubleshooting of our platform; or
- to protect our rights and property.
Legal basis: Disclosure of your data may be necessary to comply with our legal obligations, to protect the vital interests of you or another person, or to protect our legitimate interest or that of a third party in keeping the platform safe, preventing mischief or crime, enforcing or defending rights or preventing harm.
Recipients / categories of recipients: Public bodies and institutions as well as persons with a sovereign mandate, insofar as we are legally obliged to do so or in order to protect our legitimate interests, e.g. courts, criminal and financial authorities, etc.
- What is personal data?
In order to provide our service, we rely on service providers who support us in the organisation and provision of our offer. In this respect, we are supported above all by
- Google Analytics
- Sebastian Prohaska sole proprietorship (abbreviated to “ithelps”)
- MailerLite Limited (Ireland)
ithelps is an IT service provider and provides the platform technically on our behalf and in our name. In terms of data protection law, they are therefore our order processors and as such we have contractually obliged ithelps to comply with applicable data protection laws and data security standards in accordance with Art 28 DSGVO. ithelps may only process your data in accordance with our instructions.
As a platform provider, the platform uses the cloud services of SiteGround Spain S.L. and of MailerLite Limited (Ireland), whereby the data is stored within the European Union.
Beyond that, no data is transferred to third parties.
- What rights do you have and how can you exercise them?
You can request information about your personal data processed by us at any time. If we process data about you that is incorrect or incomplete, you can request that it be corrected or completed. You can also request the deletion of unlawfully processed data. Please note, however, that this only applies to inaccurate, incomplete or unlawfully processed data. Please note that these rights are complementary, so that you can only request either the rectification or completion of your data or their deletion.
If it is unclear whether the data processed about you are inaccurate, incomplete or processed unlawfully, you can request the restriction of the processing of your data until this question is finally clarified.
Even if the data relating to your person is correct and complete and is processed by us lawfully, you may object to the processing of this data in specific individual cases justified by you. If the processing of your personal data is based on a balance of interests (Art 6 para 1 lit f DSGVO: legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. When exercising your right to object, we ask you to explain to us your reasons why we should not process your personal data as we have done. We will review the merits of the case and either stop or adapt the data processing or show you our compelling legitimate grounds and continue the data processing. We will also continue to process the data if it is for the purpose of asserting, exercising or defending legal claims.
You can object to data processing for the purposes of direct advertising at any time. In this case, we will stop the data processing.
In principle, you can revoke the data that we process on the basis of your (explicit) consent at any time, whereby the revocation does not affect the lawfulness of the processing until the revocation.
You may receive the data we process relating to you, if we have received it from you ourselves, in a machine-readable format determined by us or instruct us to transfer this data directly to a third party chosen by you, provided that this recipient enables us to do so from a technical point of view and the transfer of the data is not prevented by unreasonable effort or by legal or other obligations of secrecy or confidentiality considerations on our part or on the part of third parties (data transfer).
For all your concerns, we ask you to contact us at the contact details shown under point 2, whereby we sometimes ask you for proof of your identity, for example by sending an electronic copy of your identity card.
Although we make every effort to protect the privacy and integrity of your data, disagreements about the way we use your data cannot be ruled out. If you believe that we are using your data in an unauthorised manner, you have the right to lodge a complaint with the Austrian Data Protection Authority (1030 Vienna, Barichgasse 40-42, e-mail: firstname.lastname@example.org).