Last updated: October 2019
• the website www.evileye.com ("Website") as well as
• the contracts concluded with customers for the purchase of the products offered on the above mentioned Website.
Thank you for your interest in our products. Below you will find comprehensive information on the extent to which we process your data and the rights you have in this regard. The protection of your privacy is very important to us and we would like to inform you accordingly about your rights and options in order to effectively support a trusting business relationship. Our data protection practice is in accordance with the General Data Protection Regulation of the European Union ("GDPR") in conjunction with the Austrian Data Protection Act ("DSG"), the Telecommunications Act ("TKG") and other relevant legal provisions.
Whenever you visit our website, we collect the following data: IP address.
You can visit our Website without providing any personal information. When you access our Website, only certain access data (your IP address and other metadata, e.g. date/time of access, inquiring provider), in particular for purposes of technical security, improvement of website quality and statistical purposes, are processed automatically; this processing is based on our overriding legitimate interests (Art 6 para 1 lit f GDPR), which consist in achieving the aforementioned purposes. This information does not enable us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. As a mere Website visitor, you can therefore inform yourself about our offers and activities without any obligation and without the possibility for us to link such data to your person.
Within our organization, your data will be provided to those entities or employees who need them to fulfill their contractual or legal obligations and for data processing that is based on our legitimate interests.
Furthermore, (external) processors deployed by us receive your data if they need such data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision. This includes the following categories of recipients:
• Customer management
• Analytics tools
• IT service providers contracted by us and IT support
• Marketing management
We have a constantly updated list of our recipient categories regarding data transfers and processors.
Some of the abovementioned recipients are located outside the EU or process your (personal) data outside the EU. However, we take steps to ensure that all recipients have an adequate level of data protection. For example, we conclude standard contractual clauses, which can be provided on request. Alternatively, we use providers that are certified according to the EU-US Privacy Shield and therefore have an adequate level of data protection according to the GDPR (following the adequacy decision of the European Commission).
Should we deploy processors, they are bound by our data protection practice as mentioned above and your personal data will be treated strictly confidential. Under no circumstances will processors – without your express consent – transfer your data to third parties or use it for any other purpose than to fulfil their obligations to Silhouette or to comply with our explicit instructions.
A central aspect of data protection regulations is the implementation of adequate options allowing you to dispose of your own personal data, even after processing of said personal data has already taken place. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights without undue delay and in any event within one (1) month of receipt of the request. Please direct your request to the following address: email@example.com. Specifically, the following rights are stipulated:
(a) Should you exercise your right to information, we shall provide you with all relevant information regarding the processing of your personal data by us, permitted to the extent of the law. For this purpose, we will send you (i) copies of the data (e-mails, database excerpts, etc.), as well as information on (ii) concretely processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for determining it, (vii) the origin of the data and (viii) any further information depending on the individual case. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.
(b) With the right to rectification you may request that we rectify wrongly recorded data, data that have become inaccurate or incomplete personal data (for the purpose of the respective processing). Your request will then be examined and the data processing operations affected may be restricted for the duration of the examination upon request.
(c) The right to (data) erasure may be exercised (i) where the storage of the data is not necessary for the purpose of the processing operation, (ii) where your consent has been revoked, (iii) where there is a particular objection to the processing in question being based on Silhouette's legitimate interests, (iv) where the processing is unlawful, (v) where there is a legal obligation to delete the data, and (vi) where the processing is carried out by minors under the age of 16.
(d) A right to restriction of processing, after the exercise of which affected data may only be stored, exists (only) in special cases. In addition to the possibility of restriction during the evaluation period of data correction requests, (i) unlawful data processing (unless erasure is required) and (ii) the duration of the review of an objection request pursuant to Art 21 (1) GDPR are also covered.
(e) You also have the right to object to data processing at any time. But this only applies if the processing is based on the legitimate interests of Silhouette. Note, however, that legitimate interests are only used as a legal basis for processing operations in individual cases.
(f) You have the right to lodge a complaint with a relevant national supervisory authority (see point 12).
(g) You also have a right to data transfer, after the exercise of which you have the right to obtain the concerned data in a structured, common and machine-readable format and to transfer these data to another responsible person as well as to request a direct transfer to another responsible person.
Please also note that we may be unable to comply with your request due to compelling reasons worthy of protection in regards to the processing operation (weighing of interests) or if processing is necessary due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby a fee may be charged as well as for the fulfilment of manifestly unfounded requests.
Silhouette takes all appropriate technical and organizational measures to ensure that only those personal data that are absolutely necessary for the business purpose are processed by default. The measures taken by Silhouette concern the amount of data collected, the scope of processing as well as its storage period and accessibility. Silhouette uses these measures to ensure that personal data are only made available to a limited and necessary number of persons through default settings. Other persons will under no circumstances be granted access to personal data without the explicit consent of the data subject. In addition, Silhouette uses various protection mechanisms (backups, encryption) to safeguard the Website and other systems. This is intended to provide the best possible protection for your (personal) data against loss or theft, destruction, unauthorized access, alteration and distribution.
All Silhouette employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations as well as data security precautions and are required to keep confidential all information entrusted or made available to them in the course of their professional activities. The requirements of the GDPR are strictly observed and personal data are only made available to individual employees insofar as this is necessary regarding the purpose of data collection and our obligations arising therefrom. If Silhouette deploys processors, these are obliged to act in accordance with our data protection practice on the basis of specific framework agreements concluded with us.
In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website will only be stored for as long as it is required with regard to the legal basis of the processing operation, unless long-term storage is provided for by law. We comply with our obligation to delete data on the basis of our specific internal deletion concept, wherefore we can provide you with further information on request.
Cookies contain the following information:
– Name of the cookie;
– name of the server the cookie originates from;
– ID number of the cookie;
– an end date at the end of which the cookie is automatically deleted.
Cookies can be differentiated according to type and purpose as follows:
– Necessary cookies: Such cookies are required for the operation of the Website and are essential to navigate the Website and to use its full range of functions (e.g. to access protected areas of the digital appearance). Usually they are so-called session or connection cookies.
– Functionality cookies: These cookies are necessary for the use of our Website and its functions and should therefore be accepted in any case. They allow, for example, the storage of your user settings / data during registration so that you do not have to enter them repeatedly. The information collected by functionality cookies relates solely to the Website you have visited and no information about your surfing behaviour is collected.
– Analysis cookies: Such cookies are used to measure reach and access as well as to analyse which offers are called up how often.
– Targeting advertising cookies: Such cookies are used to analyse your usage behaviour and to display personalised advertising based on the interests thus determined.
With regard to the storage period cookies can be further differentiated as follows:
– Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session.
– Persistent cookies: Such cookies (e.g. to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed.
Furthermore, cookies may be differentiated by their subject of attribution:
– First-party cookies: Such cookies are used by Silhouette itself and placed directly from our Website. Browsers generally do not make them accessible across domains, which is why the user can only be recognised by the page from which the cookie originates.
– Third-party cookies: Such cookies are not placed by us, but by third parties when visiting our Website, in particular for advertising purposes (e.g. to track surfing behaviour). They allow us, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. However, you have the option to customise your browser settings so that cookies are either generally rejected or only allowed in certain ways (e.g. limiting refusal to third party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable.
The setting options for the most common browsers can be found under the following links:
Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
You can find a list of these cookies and other relevant information as well as an opt-out option with regard to individual cookies under the following link: [Cookies](https://media.silhouette.com/TC/SIL/2019-07-Cookie Description and Opt-Out.pdf)
The following analysis tools are used on our platform, whereby the processing of personal data is carried out on the basis of our overriding legitimate interest in creating cost-efficient website access statistics that are easy to use (Art 6 para 1 lit f GDPR):
Our Website uses "Google Analytics", a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google's representative within the meaning of Art 27 GDPR and the general contact person for all Google products used on our Website within the EU is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics enables us to analyse the use of this Website by visitors. Due to the deactivation of the creation of a user ID for our Website, you will only be assigned a client ID when accessing it, which has to be regenerated for different end devices, for example. Tracking is performed by the tracking code analytics.js (Java Script). In this context, we process your data on the basis of our overriding legitimate interest in compiling easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR).
By using the software, cookies are set (for the client ID), which are stored on your computer. The information generated about your use of this Website will generally be transferred to and stored by Google on servers in the USA. However, due to the activation of IP anonymization on this Website, your IP address will be reduced by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activities and providing other services relating to website activities and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data Google holds. Your person cannot be identified by Google.
Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection corresponding to European data protection standards. The Privacy Shield certification can be viewed at [https://www.privacyshield.gov/list](Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection corresponding to European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.).
With the procedure described under point 7, you can prevent the storage of cookies by setting up your browser software accordingly (possibly limited to third-party cookies). You can also prevent Google from collecting data generated by cookies and related to your use of the Website (including your IP address) and from processing this data by downloading and installing a browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=de). Alternatively, you can click here (Cookie was successfully set) to set an “opt-out cookie” which is stored on your device and also prevents Google Analytics from collecting your data. Should you delete your stored cookies, however, this step is required again. However, we would like to point out that you may then not be able to use all the functions of the Website to their full extent.
Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://marketingplatform.google.com/intl/en_uk/about/ or for Google products in general at https://policies.google.com/privacy?hl=en.
On our Website we use links to the pages of third parties. These are on the one hand reference links leading to our permanent partners and on the other hand links to social networks (e.g. Facebook, Instagram, YouTube). If you click on one of these links, you will be directed to the corresponding page. For the website operators it is only apparent that you accessed their website through our own Website. Accordingly, please refer to the separate privacy policies of these websites.
If you take the view that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the relevant national Data Protection Authority. The requirements for such a complaint are based on Section 24ff DSG. However, we would ask you to contact us in advance in order to clarify any questions or problems. The contact details of the Data Protection Authority are as follows:
Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria
Telephone: +43 1 52 152-0
For data protection questions, messages or requests please use the following contact address:
Silhouette International Schmied AG