Privacy Policy & Imprint

What categories of data do we collect?

Each time you visit our website, your IP address and other information is stored in an anonymized form. If you register an account with us, your contact details will be stored. If you order products from us, your address and payment information will also be stored. According to Austrian law we have to keep your invoices up to 7 years in order to be able to send them to the tax authorities at any time.

We have not implemented any trackers in our infrastructure. In addition, we have tried our best not to use services that contain trackers, such as Google analytics. However, in some cases we have no choice but to use third party solutions. For example, we have used Youtube services on some of our pages. In such cases, we display a warning on the relevant pages before loading Youtube content.

In particular, we save the following data from you:

Registration data

When you register an account on our system, we collect and process certain personal information from you as your registration data. For example, we need your name, address, telephone number, payment information and email address to process your order. If you pay by credit card, we do not collect or store any payment information such as credit card numbers or verification codes. You provide this information only to the relevant payment service provider (in our case Stripe.com). One exception for credit card payments is the so-called pseudo card number: in order to save you from having to enter your credit card details every time you make a payment, a pseudo card number is stored for your account. The dummy card number is only used to pay for products on our website that you order using your account. A dummy card number is not the same as your credit card number. We will delete all of your registration information either: within 24 months, when you delete your user account with us, or when the statutory retention period has expired. You can delete your account with us by contacting us through our ticketing system and submitting a deletion request. The legal basis for this data processing is Art. 6 (1) lit. b GDPR. In addition to all these measures, we encrypt all payment information collected in our database.

Email addresses

If you subscribe to our newsletter or request to receive automated messages from MySecure.Space, we will also store your email address. We delete your email address when you delete your account or unsubscribe from our newsletter. The legal basis for this data processing is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR.

Server log files

When you visit our websites, we automatically collect certain information.This includes your IP address, browser type and version, time, date, and the website from which you linked to our site. Your IP address is stored anonymously. You can then no longer be identified.The legal basis for this data processing is Art. 6 (1) lit. f GDPR.

Who we forward your data to

We do not work with any advertising companies including Google, Facebook, Apple, Microsoft and the like. Your information will not be shared with any third parties under any circumstances. Some of our external service providers, such as our data centers and server administrators, may have access to your information while they help us provide our services. However, in 99% of cases, your information is fully encrypted and anonymized. As an Austrian company, we have to comply with Austrian and European law, which means that we have to provide the information requested by the authorities in the event of legal proceedings.

In particular, this may occur in the following cases:

 

Domain registration

When we register a domain for you, we provide the necessary information to the appropriate registrar.

Payments and anti-fraud system:

MaxMind

To combat fraudulent orders we use an external service called MaxMind. What MaxMind does is to evaluate the information given, including your IP address, to see whether the order given is valid or not. Of course, their evaluation system is complex and we cannot explain their processes here, so we strongly encourage you to read more about MaxMind’s privacy policy here. Please note that by placing an order on our website you automatically agree to MaxMind’s privacy policy.

MaxMind’s General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), MaxMind has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

• by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
• by writing to EDPO at Block 1, Blanchardstown Corporate Park, Ballycoolin Rd, Dublin D15 AKK1

MaxMind’s UK General Data Protection Regulation (GDPR) – UK Representative

Pursuant to Article 27 of the UK GDPR, MaxMind has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

• by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
• by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

IMPORTANT: You can change your privacy preferences regarding MaxMind services here.

Debt collection agency

If you as a customer fail to pay your invoices on time, your necessary data are passed on to an external debt collection agency.

Third countries

Data is transferred to third countries in adherence to the legally regulated admissibility requirements. We will not transfer your data to a third country if it does serve the purpose of performing our contract with you; we have no consent from you; the transfer is not necessary to assert, exercise or defend legal claims; and there are no other exceptions. We will only transfer your data to a third country if there is an adequacy decision in accordance with Art. 45 GDPR or appropriate safeguards in accordance with Art. 46 GDPR. Once such adequacy decision (regarding an adequate level of protection) is the “Privacy Shield” for the USA. For transfers to a company certified under the Privacy Shield, the data privacy level is considered essentially as adequate within the meaning of Art. 45 GDPR. However, we usually do not rely on the Privacy Shield, but rather create appropriate privacy guarantees and complete the EU standard data privacy clauses issued by the European Commission with the receiving party. Together these actions establish appropriate safeguards in accordance with Art. 46 GDPR and provide an adequate level of protection.

Other categories of recipients

State authorities and courts

Where do we process your data?

We only process your data on our own servers and services located in data centres in Austria, Germany and Finland.

Cookies and the right to object to direct advertising

“Cookies” are small files that are stored on a user’s computer. Cookies can store different kinds of data. Cookies are primarily used to store information about users. They are stored on the users’ devices during and/or after users visit a website or online store. “Temporary cookies”, “session cookies”, or “transient cookies” are cookies that are deleted after users leave an online store and close their browsers. With such cookies, for example, the content of a shopping basket can be stored in an online shop or a login bottleneck. However, other cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, users’ login status can be saved when they visit a shop after several days. Likewise, permanent cookies can measure the “range” of a website (where the users are geographically located) or information on the users’ interests. This information is used for marketing purposes. “Third-party cookies” are cookies that are offered by the original providers (who operate the online store or website) to other parties. (If the original provider is the one using the cookies, they are often called “first-party cookies”). It is useful to know the above terms so that you understand our cookie policies and data protection agreement. If, as a MySecure Space GmbH customer or as a visitor to our websites or interfaces, you do not wish cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. You can also delete stored cookies in the system settings of your browser. However, if you do these things, it will likely lead to problems when you try to use MySecure Space GmbH websites and interfaces. If you would like to “opt out” of the use of cookies for online marketing and tracking purposes, you may be interested these two sites to help you:
1) the US site http://www.aboutads.info/choices/
2) the EU site http://www.youronlinechoices.com/.
Furthermore, you can deactivate cookies from being stored on your computer or device by changing your browser settings. However, if you do this, it will likely lead to problems when you try to use MySecure Space GmbH websites, interfaces, and features on the interfaces.

Social media data

YouTube

We integrate videos from the YouTube platform provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. The legal basis for this data processing is Art. 6 (1) lit. f GDPR.

We have included warning messages before loading the Youtube files on the page and the Youtube videos will only be available when you click on the respective area.

Online presence on social media

We maintain online presence on social networks and platforms in order to communicate with our customers, interested parties, and users and to inform them about our services. We use Facebook, Twitter, and Instagram, among others. When visiting each of these platforms, you as a user agree to the terms and conditions and the data processing guidelines of the corresponding operator.

Unless stated otherwise in our data privacy notice, we process user data if users communicate with us on these social networks and platforms, e.g. publish posts on our pages or send us messages.

We at MySecure.Space process users’ data only when it is in the customer’s legitimate interest for us to do so in accordance with Art. 6, (1) lit. b GDPR. As a company, we have a legal right to obtain general customer information to use in customer accounts. We also use customers’ data for communication purposes. If any of the providers below request users for consent for processing their data, the legal basis for data processing is Art. 6 para. 1 lit. a. GDPR.

For detailed information about the data processing operations of the providers below, as well as their opt-out options, please check the links that we have listed below.

• Facebook:
  Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Joint Data Processing Agreement Data privacy agreement: https://www.facebook.com/about/privacy/ Opt-out: https://www.facebook.com/settings?tab=ads. Facebook has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
• Twitter:
  Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection policy: https://twitter.com/de/privacy Opt-out: https://twitter.com/personalization Twitter has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
• Instagram:
  Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA Data protection policy & opt-out: http://instagram.com/about/legal/privacy/.

Google Universal Analytics

Although analytics is one of the most important parts of our business, we have not integrated (and DO NOT USE) Google’s analytics service due to Google’s weak privacy practices.

Chat Support System

The chat support system we use is an open source project called “ChatWoot”. To respect the privacy of our users and to comply with the GDPR, we host ChatWoot on our own servers in Germany. Therefore, your data is not transferred outside our network.

Your rights as a “data subject”

You have the right to information about your personal data that we process. If you do not make requests for information in writing, please bear in mind that we might ask you to provide proof that you who you claim to be. Furthermore, you have a right to rectification or deletion or restriction of processing, as it is applicable to you under the law. Furthermore, in accordance with legal requirements, you have the right to object to us processing your data. You also have the right of data portability.

Right to lodge a complaint

You have the right to lodge a complaint about the processing of your personal data by us to a supervisory authority for data protection.

 

Voluntary nature of data provision

There is no statutory obligation for you to provide your data to MySecure Space GmbH. However, you cannot use some of our services if you do not provide your data to us. Your decision to provide us with your personal data is completely voluntary.

Google Maps:

To protect the privacy of our customers, we are NOT using Google Maps service in our services.

 

No-Tracker Policy:

We are not in the business of selling data. Therefore, we do not and will not contract with any third party to track you as a customer by placing external trackers on our website or services.