Data Protection

The controller within the meaning of data protection law is:

PEZ International GmbH (hereinafter: PEZ)

Eduard-Haas-Strasse 25
4050 Traun
AUSTRIA

Tel.: 0043/732/38 999-0
Fax: 0043/732/38 999-88
E-mail: office@pez.at

UID: ATU63753968
Comm. Reg. No: 297904w
Registry Court: Regional Court of Linz

Company purpose: manufacturing and trading in candy goods

The protection of your personal data is a matter we take very seriously. We treat your personal data with confidentiality, complying with data protection laws and the terms of this data protection policy. The general use of our website is possible without the visitor providing any personal data. Any personal data (such as name, address or e-mail address) gathered on our website is provided by the visitor on a voluntary basis. This data may not be forwarded to third parties without your express consent.

Recording of general information

When you access our website, information of a general nature is recorded automatically. This information (in server log files) includes, for example, the type of web browser and operating system used, the domain name of your internet service provider and other similar data. All such information/data do not allow your identity to be inferred in any way. This information/data is necessary for proper technical display of the content of web pages you have opened, and is a prerequisite for usage of the internet. We statistically evaluate this kind of anonymous information/data to optimise our website and the related technology.

Data collected when visiting the website

When you use our website solely for information purposes, we only collect the data which your browser transmits to our server (in server log files). When you visit our website, we collect the following data, which are required for proper technical display of the website to you:

The website visited
Date and time of accessing
Volume of data sent in bytes
Source from/link through which you navigated to the page
Browser used
Operating system used
IP address used (in anonymised form as applicable)

Processing takes place in accordance with Art. 6 para. 1) point f of the GDPR on the basis of our legitimate interest in improving the stability and functionalities of our website. The data are not be shared or used in any other way. We reserve the right however to review the server log files retrospectively given any concrete indications of illegal usage.

Personal data

Personal data is information about the material or personal circumstances of an identified or identifiable natural person. Statistical data we collect when you visit our web shop, which is not directly referenceable to your identity, is not personal data.We collect and process personal data, such as your name, address, phone number, e-mail address and other contact data you provide us with during online registration as well as data on your orders, newsletter registration and inquiries via our contact form as necessary to process your registration, order, newsletter registration or inquiry.

We collect, store and process your data for the entire duration of processing of your purchase or inquiry as part of providing customer service, including any subsequent warranty-related interaction, observing the statutory retention periods (for tax purposes in particular). Newsletters and electronic advertising are only sent if you have actively granted consent, until such consent is revoked. Your data will not be forwarded to third parties unless PEZ is entitled or obliged to do so for legal reasons. Excepted from the above are data transfers by PEZ necessary organisationally or for technical reasons to process an order.

Such transfers may be made to:

external service providers utilised to send out newsletters by e-mail, respond to or review inquiries or conduct prize contests
external service providers utilised to process purchase in the web shop
logistics service providers utilised to send you goods, letters or other items
insurers, when claims are asserted against us
payment service providers and banks, for processing payments
IT service providers, for administration and hosting of our website and web shop
legal counsel, to assert and defend against claims.

Our service providers may only use data forwarded for such purposes to perform the functions entrusted to them. Any other usage of the information/data is prohibited, and the service providers we utilise do not engage any other usage. If, in an exceptional basis, companies of the PEZ corporate group or data processing contractors are utilised which are located outside the European Economic Area, care is taken to ensure that an adequate level of data protection is afforded and that applicable data protection requirements are met. Any further transfers of data to a third country are not provided for.

Purposes of data processing

We process your personal data when you visit the website for the following purposes:

to make this website available to you and to optimise and further develop the website
to compile usage statistics
to detect, prevent and investigate attacks on our website
to respond to your inquiries

Legal bases for processing

Data processing is carried out on the legal basis of § 96 para. 3 of the Telecommunications act (TKG) and Art. 6 para. 1) point a (consent) and/or point f (legitimate interest) of the GDPR.
Our legitimate interest within the meaning of the GDPR is to improve our offer and our website. The privacy of our users is important to us, which is why user data are pseudonymised.

Specific processing purposes:

Online registration in our web shop

Access to your online account is password protected. In your account you can view data on your completed, open and recently dispatched orders and manage your personal data. You undertake to keep your personal access data confidential and to refrain from making this data accessible to unauthorised third parties. We assume no liability for improper use of passwords unless we are responsible for such improper usage. Advisory is given that you remain logged in until you log out.

Purchase processing

By completing your online order you expressly consent to us processing your personal data which you provided to process your purchase transaction and ship your order. We require your e-mail address to confirm receipt of your order and also use it to identify you (web login). Order and shipping confirmations are also sent to your e-mail address. We also require your e-mail address and

phone number to contact you in case of order-related questions or delivery problems.

Cookies

We utilize what are known as 'cookies' on various web pages to enhance our website experience and enable use of certain functionalities. We utilise cookies to provide certain web page functionalities and find ways to further improve our service for users.

What is a cookie?

Cookies are text files which typically contain letters and numbers and are placed on the user’s computer when visiting certain websites. Some cookies we use are deleted at the end of each browser session, i.e. when you close your browser (known as 'session cookies'). Other cookies remain on your device and allow us and/or our partner firms (third-party cookies) to identify your browser the next time you visit the website ('persistent cookies'). If cookies are placed, these cookies collect and process certain individual user data, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specific period which may differ depending on the cookie.
Cookies cannot be used to execute programs or transfer viruses to a computer. The data contained in cookies can make navigation easier for you and enable the proper display of our web pages. Some cookies important for web page functionality are automatically activated when users visit the pages. Some cookies enable us to offer users services and functions to best meet users’ needs and adapt our services to make them quick and easy for you to use.

To the extent personal data are processed via individual cookies we place, processing takes place either for performance of contract in accordance with Art. 6 para. 1) point b of the GDPR or based on our legitimate interest in ensuring optimal website functionality and customer-friendly, effective website design in accordance with Art. 6 para. 1) point f of the GDPR.
We may under certain circumstances cooperate with advertising partners who help us make the website more interesting for you. To this end, cookies of partner firms are stored on your hard drive when you visit our website (third-party cookies). If we are working with advertising partners per the above, disclosure thereof is made in the data protection policy.
Please note that you can configure your browser to notify you when cookies are being placed and decide whether to accept these on an individual basis or in certain cases, or to block these in general. All browsers differ in the cookie management settings offered. These cookie settings and how to change them are described in the browser’s help menu. In the respective browsers, this information can be found via the following links:

Please note that the functionality of our website may be limited if cookies are not accepted.

Contact form

If you contact us via e-mail or contact form, the information you provide is stored for the purpose of processing your inquiry and any follow-up questions. The data are not forwarded to third parties without consent. You may revoke such consent at any time. We cease processing your data for the above-mentioned purposes at the time when you revoke consent. To cancel a purchase, please contact office@pez.at

When you use a form on our website, we store your IP address. This is done exclusively to meet legal documentation requirements.

Data erasure and restriction

We adhere to the principles of data avoidance and data economy, which is why we only store your personal data for the period necessary for the purposes stated herein, and in line with the various retention periods provided for by law. Once the respective purpose no longer applies or these periods have expired, the corresponding data are routinely restricted from processing or erased, as required by law.

etracker

This website utilises technologies of etracker GmbH (www.etracker.com) to collect and store data for marketing and optimisation purposes. This data can be utilised to create a usage profile under a pseudonym. Cookies may be used for this purpose. Cookies are small text files which are stored locally in the cache of the browser of the visitor to the website. Cookies allow recognition of the web browser used. Data collected using the etracker technologies are not used to personally identify visitors to this website and are not merged with personal data about the pseudonym bearer without the specific consent of the data subject. You may revoke permission for data collection and storage at any time with non-retrospective effect.
I object to the processing of my personal data on this website using etracker.

Web push notifications

If you activate web push notifications, this functionality is carried out by service of the respective browser. Data transmitted to send push messages are either anonymous or pseudonymous, without exception. You may stop notifications at any time via your browser settings. Information on turning off web push notifications for the respective browsers can be found here: Google Chrome, Mozilla Firefox, Opera.

Google reCAPTCHA

In certain cases we use the reCAPTCHA service of Google Inc. to ensure sufficient data security when submitting information via forms. The primary functionality is to distinguish whether information was entered by a natural person or automatically by machine, representing improper usage. The service includes sending of the IP address and any other data required by Google for the Google reCAPTCHA service. Google Inc. has differing data protection policies governing the service.

For further information on the Google Inc. data privacy polices see http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/

Use of font libraries (Google Fonts)

We utilise font libraries such as Google Fonts (https://www.google.com/webfonts/) in order to correctly present our content in graphically appealing fashion in various browsers. Google Fonts are transferred to your browser’s cache to avoid loading multiple times. If your browser does not support Google Fonts or prevents its access, content is displayed in a standard font. Opening a font library automatically establishes a connection to the library operator.It is theoretically possible but unclear at this point in time whether the operators of such libraries collect data, and if so, for what purposes.

The data privacy policy of library operator Google is found here: https://www.google.com/policies/privacy/

Use of Google Maps

This website utilises Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about visitors’ usage of map functionalities. For further information on data processing by Google see the Google data privacy policies. In the data privacy centre there you can also configure your personal data privacy settings. Detailed instructions on managing your own data when using Google products can be found here.

Embedded YouTube videos

Some of our web pages have embedded YouTube videos. The operator of the corresponding plug-in is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a web page that has a YouTube plugin, a connection with YouTube servers is established via which YouTube receives information on which pages you visit. If you are logged into your YouTube account, YouTube is able to directly reference your browsing behaviour to your personal profile. You can prevent this by first logging out of your YouTube account.

When a YouTube video is started, the provider uses cookies which collect information on user behaviour. If you have deactivated the storing of cookies for the Google ad programme, these cookies will not be used when watching YouTube videos. However, YouTube stores non-personal usage data in other cookies. To prevent this you have to block storage of cookies in your browser settings.

For further information, see the YouTube data privacy policy: https://www.google.de/intl/de/policies/privacy/

Data privacy policy for the use of Twitter

Our web pages integrate functionalities of the Twitter service. These functionalities are provided by Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “re-tweet” function, the web pages you visit are referenced to your Twitter account and disclosed to other users. Data is also transmitted to Twitter. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Twitter. For further information see the Twitter privacy policy at http://twitter.com/privacy. Your Twitter data privacy settings are found in your account settings at: http://twitter.com/account/settings.

Data Privacy Policy for the use of Facebook plugins

('Like' button) Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our web pages. The Facebook plugin is identifiable by the Facebook logo or "Like" button appearing on our web pages. An informational overview on Facebook plugins is posted here: http://developers.facebook.com/docs/plugins/. When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook then receives the information that you have visited our page, and your IP address. You can link content from our web pages with your Facebook profile by clicking on the Facebook “Like” button while logged into your Facebook account. This enables Facebook to cross-reference your visit to our web pages to your user account. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Facebook. For further information please consult the Facebook privacy policy at http://de-de.facebook.com/policy.php. You should log out of your Facebook account first if you do not want Facebook to be able to cross-reference your visit to our web pages to your Facebook user account.

Facebook Pixel, Custom Audience, Facebook Remarketing

On our web pages we utilise the "Facebook Pixel” service provided by the social media network on the basis of our legitimate interest in analysing, optimising and economically operating our online offer, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you are resident in the EU the address is: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Facebook").

Facebook Pixel allows Facebook to identify visitors to our website as a target group member for the displaying of advertisements ("Facebook Ads"). We thus use Facebook Pixel to only show the Facebook ads we have placed to those Facebook users for whom the ads could be relevant

For further information on the Facebook cookie see https://www.facebook.com/policies/cookies/

Request to delete your personal data after using the shop registration with your Facebook account

If you have registered for the shop with your Facebook profile via the Facebook-Login, you can send us an request to delete the stored data anytime. Please write an email to datenschutz@pez.at with your email address.

Data privacy policy for the use of Instagram

Functionalities of the Instagram service are integrated into our website. These functionalities are provided by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link our web page content to your Instagram profile by clicking the Instagram button. This enables Instagram to cross-reference your visit to our web pages to your user account. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Instagram.
For further information see the Instagram privacy policy: http://instagram.com/about/legal/privacy/.

Data privacy policy for the use of Twitter

Use of Google Ad Services, Google AdWords Conversion, Google Dynamic Remarketing:

For online marketing we utilise services of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, to be able to determine whether an internet user became aware of our website via a Google ad.

Google uses cookies, which are stored on your computer to allow analysis of your website usage. Conversion tracking cookies are placed when you click on an advertisement run by Google. These cookies expire after a maximum 180 days and are not used for personal identification. The analysis values typically used for this cookie are the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a flag that the user wishes to opt out).

These cookies enable Google to recognise your internet browser. Your browser automatically establishes a direct connection to the Google server through the marketing tools employed. When AdWords is integrated, Google receives information that you have opened the corresponding section of our website or clicked on one of our ads. If you are registered with a Google service, Google can reference your visit to your account. Even if you are not registered with Google or are not logged in, it is possible for the provider to determine and store your IP address.

There are various ways to prevent participation in this tracking procedure:

a) by configuring your browser software settings accordingly

b) by deactivating the conversion tracking cookies by configuring your browser so that cookies from the domain "www.googleadservices.com" are blocked – https://www.google.de/settings/ads. This setting is deleted when you delete your cookies.

c) by deactivating interest-based ads of the providers participating in the About Ads self-regulation campaign via the link http://www.aboutads.info/choices. This setting is deleted when you delete your cookies.

d) through permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. Please be advised that in such case you may not be able to fully utilise all functionalities of this offer.

The legal basis for the processing of your data is our “legitimate interest” (Art. 6 para. 1) point f of the GDPR ). For more information about the Google data privacy policies see: http://www.google.com/intl/en/policies/privacy and
https://services.google.com/sitestats/de.html.You can alternatively visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google is member to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

By ordering the newsletter, you consent to all of the data provided being processed for advertising purposes in the course of sending the newsletter. You can revoke this consent at any time and without giving reasons by clicking the unsubscribe link in every newsletter. If you want to change your data, you can use the corresponding change data link in the newsletter. We use the email marketing software mailworx to send and analyze our newsletters. mailworx records the opening and clicking behavior. The following information is tracked: time of delivery, time of opening, duration of opening, IP address of opening, e-mail program used (mail client), which link was clicked and the time of the click. These data are processed exclusively within the European Union and are not passed on to third parties.

SSL encryption

We utilise state-of-the-art encryption methods (e.g. SSL) via HTTPS to protect and secure your data during transmission. An encrypted connection is recognisable by the string "https://” and a lock symbol appearing in your browser’s address bar.

Your rights to information, correction, restriction of processing, erasure and to object

You have the right to receive information at any time on the personal data of yours which we have stored. You additionally have the rights to have your personal data corrected and restricted from processing, and to have it erased when its mandatory storage for transaction processing no longer applies. To exercise the rights, please contact our data protection officer, whose contact details are provided at the end of this document. To enable proper control and restriction of the data at any time, data must be stored in a lockable file. You may also request erasure of the data when no statutory archiving obligations apply. If such obligations do apply, we will restrict your data from processing upon request.

You can have data changed and withdraw your consent with future effect by notifying us accordingly.

Changes to our data privacy policy

We reserve the right to periodically update this data protection policy to reflect current legal requirements and change our performance elements per the data protection declaration, such as when introducing new services. Upon updating, the revised data protection policy applies to your next visit.

Questions about the data protection policy

E-mail us at datenschutz@pez.at for any data protection-related questions you may have. Further information on data protection and the text of the Data Protection Act are available on the website of the Federal Chancellery of the Republic of Austria (www.bka.gv.at, www.ris.bka.gv.at).

Last updated: October 2021