Privacy policy

This Privacy Policy describes how your personal data is collected, used, and shared when you visit, make a purchase from, or use the electronic cancellation form on https://www.gfoitma.com/ (the "Website").

1. Data Controller

The controller responsible for data processing on this Website within the meaning of the General Data Protection Regulation (GDPR) is:

2. Collection and Purpose of Data Processing

a) Device Information

When you visit the Website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, date and time of the visit, and some of the cookies that are installed on your device. As you browse the Website, we also collect information about the individual web pages or products that you view.

We collect this information using log files, web beacons, tags, and pixels.

Legal Basis: This processing is based on our legitimate interest in improving the stability and functionality of our website (Art. 6 (1) (f) GDPR).

b) Cookie Consent

For the use of non-essential cookies (e.g., for marketing or analytical purposes), we obtain your prior consent via a cookie banner.

Legal Basis: Your consent pursuant to Art. 6 (1) (a) GDPR.

c) Order Information

When you make a purchase or attempt to make a purchase through the Website, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. We use this information to fulfill orders (processing payment, arranging shipping, providing invoices/order confirmations).

Legal Basis: The processing is necessary for the performance of a contract or to take steps prior to entering into a contract (Art. 6 (1) (b) GDPR).

d) Electronic Cancellation Form

When you use the electronic button ("Cancel Contract") and the corresponding online form on our website to exercise your statutory right of cancellation, we collect the data you enter (e.g., name, email address, order number, date of order, and details of the goods affected). This is done solely for the purpose of processing, documenting, and confirming your cancellation.

Legal Basis: The processing is necessary for compliance with a legal obligation to which we are subject as an online retailer (Art. 6 (1) (c) GDPR in conjunction with consumer protection regulations).

3. Sharing Your Personal Data

We share your personal data with third-party service providers who assist us in operating our online store as described above:

• Shopify: We use Shopify to power our online store. You can read more about how Shopify uses your personal data here: shopify.com/legal/privacy.
• Google Analytics: If you have consented, we use Google Analytics to help us understand how our customers use the Website. Read more here: policies.google.com/privacy. You can opt-out here: tools.google.com/dlpage/gaoptout.
• Shipping and Payment Providers: To fulfill contracts, we transfer data to shipping companies (e.g., Post, DHL) and payment service providers.

4. International Data Transfers

By using Shopify and Google, data may be transferred outside the European Economic Area (EEA), including to Canada and the USA. Shopify and Google are certified under the EU-US Data Privacy Framework or use Standard Contractual Clauses approved by the EU Commission to ensure an adequate level of data protection.

5. Behavioral Advertising & Opt-Out

We use your personal data to provide you with targeted advertisements or marketing communications, provided you have consented. You can opt out of targeted advertising using the links below:

• FACEBOOK – facebook.com/settings/?tab=ads
• GOOGLE – google.com/settings/ads/anonymous
• BING – advertise.bingads.microsoft.com

6. Do Not Track / GPC

Please note that we process and respect automated browser signals (such as "Do Not Track") provided they are transmitted as a clear and technically standardized expression of intent (e.g., Global Privacy Control) to reject data processing.

7. Your Rights under the GDPR

If you are a resident of the European Union, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification or erasure (Art. 16 and 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection authority (in Austria: Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, email: dsb@dsb.gv.at).

8. Data Retention

When you place an order through the Website, we will maintain your Order Information for our records unless and until you ask us to delete this information, and as long as no statutory retention periods (e.g., 7 years under Austrian tax and corporate law) prevent deletion.

9. Minors

The Website is not intended for individuals under the age of 18. We do not knowingly collect data from minors.