Data Protection Declaration

earbreeze GmbH

Table of contents
I. Overview
II. What data do we process when you use our App and who may receive your data?
III. What data do we process when you visit our website?
IV. For what purposes do we process your data when we have a business relationship or you use our App?
V. How long do we store your data?
VI. Collection of data from other sources
VII. Does automated decision-making and/or profiling take place (Art 13 (2) lit f GDPR)?
VIII. What rights do you have with regard to data processing?
IX. Do you have a right to complain?

I. Overview

To understand how we process your personal data when you use the “earbreeze” app (hereinafter “App“) or otherwise have a business relationship with us (Art 13, Art 14 GDPR; section 165 Abs 3 TKG [“Austrian Telecommunication Act”]).

If you are merely visiting our website, please note point III.

II. What data do we process when you visit our website?

When using our App, the following data may be processed of the following data subjects:

Users of the app:

  • Name
  • Adress,
  • E-mail address,
  • LogIn-Data (E-Mail)
  • Payment data
  • Delivery adress
  • Single Sign On Data (Apple, Google, Facebook)

The processing of this data is necessary to ensure the security of the operation of the App and to ensure the functionality of the App. The processing of this data is justified by our legitimate interest in the operation of our app as well as contractual and legal obligations (Art 6 para 1 lit b,c and f GDPR).

In order to operate our App, it may be necessary for us to disclose your information to the following recipients:

  • Recipient of data: Cloudflare Inc
    • Purpose of data processing: Website-Hosting
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: US
    • Basis for transfer to third country[1]: EU-US: Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnZKAA0&status=Active
  • Recipient of data: SPiNNWERK GmbH
    • Purpose of data processing: E-Commerce Agency (Marketing Agency)
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: Vienna, Austria
    • Basis for transfer to third country: Within the EU
  • Recipient of data: Apple, Inc
    • Purpose of data processing: Single Sign On
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: US
    • Basis for transfer to third country: EU-US Data Privacy Framework
  • Recipient of data: Hubspot Inc
    • Purpose of data processing: Newsletter Provider and CRM system
    • Legal justification: Consensus (Art 6 lit a GDPR) and Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: US
    • Basis for transfer to third country: EU-US Data Privacy Framework: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
  • Recipient of data: PayPal
    • Purpose of data processing: Payment Provider
    • Legal justification: Contractual obligation (Art 6 Abs 1 lit b GDPR)
    • Location: US
  • Recipient of data: Facebook, Inc (Meta)
    • Purpose of data processing: Facebook Pixel, Marketing Tool, Single sign on
    • Legal justification: Consensus (Art 6 Abs 1 lit a GDPR)
    • Location: US
    • Basis for transfer to third country: EU-US Data Privacy Framework
  • Recipient of data: Google, Inc (Alphabet)
    • Purpose of data processing: Google Analytics, Marketing Tool, Single sign on, Firebase, Google tag Manager, Youtube
    • Legal justification: Consensus (Art 6 Abs 1 lit a GDPR)
    • Location: US
    • Basis for transfer to third country: EU-US Data Privacy Framework
  • Recipient of data: WooCommerce (Borlabs)
    • Purpose of data processing: Open Source B2B Plugin; Borlabs (Cookie Consent Manager)
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: US
  • Recipient of data: Shoebox Ltd
    • Purpose of data processing: Evaluation of the hearing test
    • Legal justification: Consensus (Art 6 Abs 1 lit a GDPR)
    • Location: Canada
    • Basis for transfer to third country: Adequacy decision pursuant Art 45 GDPR
  • Recipient of data: Magnalister (Amazon Inc)
    • Purpose of data processing: Plugin that receives data from Amazon purchases and imports into WooCommerce. Collects first and last name, delivery address, email
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: US
    • Basis for transfer to third country: EU-US Data Privacy Framework
  • Recipient of data: Trusted Shops AG
    • Purpose of data processing: Shop verification service
    • Legal justification: Legitimate Interest (Art 6 Abs 1 lit f GDPR)
    • Location: Germany
    • Basis for transfer to third country: Within the EU

[1] “Third Country” includes all countries other than (1) the Member States of the European Union and (2) the Member States of the European Economic Area, which means, in addition to the EU Member States, Iceland, Liechtenstein and Norway.

 

III. What data do we process when you visit our website?

Welcome to our website! Please get a picture of how we process your personal data when you visit our website (Art 13, Art 14 GDPR; section 165 Abs 3 TKG).

When you visit our website, the following data may be processed:

  • data you enter via a contact form,
  • e-mail address,
  • data entered in the contact form,
  • IP-Adress

The processing of this data is necessary to manage the security of the operation of the website and to ensure the functionality of the website from a technical point of view. The collection of this data is partly carried out via technical cookies. These technical cookies are only used to the extent necessary (§ 165 Abs 3 TKG). The processing of this data is justified by our legitimate interest in operating our website (Art 6 para 1 lit f GDPR).

 

Please note that we might also use “commercial cookies”. These cookies will only be activated after you have given consent to activate (Art 6 para 1 lit a GDPR) them via the Cookie-Banner:

IV. For what purposes do we process your data when we have a business relationship or you use our App?

In the course of our business relationship with customers or users, we process data on the basis of contractual (processing of the contractual relationship, pre-contractual obligations, billing for services, dispatch of documents, communication for the processing of the contract) and legal obligations (legally required storage within the meaning of section 132 BAO; section 212 UGB [“Austrian Commercial Act”]) (Art 6 para 1 lit b and c GDPR) as well as on the basis of our legitimate interests or on the basis of legitimate interests of third parties (Art 6 para 1 lit f DSGVO), namely:

– for the purpose of internal administration and management of the business case to the extent necessary (e.g.: Processing your business case, forwarding your business case to various departments, filing, archiving purposes, correspondence with you);

– for the purpose of providing the App;

  • we point out, that we may process data for advertising purposes on the basis of legitimate interests (Art 6 para 1 lit f GDPR). You may object to this form of data processing at any time (Art 21 para 2 GDPR).

– for the purpose of law enforcement;

– for the purpose of conducting investor due diligence;

in each case to the extent necessary. The processing of your data serves the initiation, maintenance and handling of our business relationships. If you do not provide us with this data, we will unfortunately not be able to provide you with the App.

The processing of your data can also be based on consent (Art 6 para 1 lit a GDPR). This consent can be revoked at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

V. How long do we store your data?

Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.

VI. Collection of data from other sources

In the course of a business relationship or the initiation thereof, it is naturally necessary to conduct research on the business partner. This is done exclusively to the extent required for this purpose. In this context, data may be retrieved and processed from the following sources:

Our company does not obtain any data from external sources.

VII. Does automated decision-making and/or profiling take place (Art 13 (2) lit f GDPR)?

No automated decision-making or profiling takes place in our company.

 

VIII. What rights do you have with regard to data processing?

We would like to inform you that you have the right, provided that the legal requirements are met:

  • You have the right to request information about which of your data is processed by us (see in detail Art 15 GDPR).
  • You have the right to request the correction or completion of incorrect or incomplete data concerning you (see in detail Art. 16 of the GDPR).
  • The right to have your data deleted (see in detail Art 17 GDPR).
  • The right to object to processing of your data that is necessary to protect our legitimate interests or those of a third party (see in detail Art 21 of the GDPR). This applies in particular to the processing of your data for advertising purposes.
  • You have the right to receive the transfer of the data provided by you in a structured, common and machine-readable format.

If we process your data on the basis of your consent, you have the right to revoke this consent at any time by e-mail. This will not affect the lawfulness of the data processing carried out up to this point (Art 7 (3) GDPR).

 

IX. Do you have a right to complain?

If, contrary to our expectations, there is a violation of your right to lawful processing of your data, please contact us by mail or e-mail. We will make every effort to process your request promptly. You also have the right to lodge a complaint with the supervisory authority responsible for data protection matters. In Austria, this is the:

  • Data protection authority (“Datenschutzbehörde”) based in Vienna, Austria.
Scroll to Top