PRIVACY POLICY

WELCOME TO OUR WEBSITE!

The website www.tyrolia.com including its microsites, databases, online stores and apps (“website”) as well as social media channels, are operated by HEAD Sport GmbH, Wuhrkopfweg 1, 6921 Kennelbach, Tel: +43 05574 608 (“Controller”, “we”, “us”). The use of any content or functions provided on our website is exclusively based on our applicable Terms of Use, which you can find here.

Protecting your personal data is an important concern for us. We, therefore, comply with the applicable legal provisions regarding the protection, lawful scope, and confidentiality of personal data, and regarding data security. Below, you will learn which information we might collect and process when you visit and use our websites, particularly when you shop via our online store or participate in prize games, promotions or other advertising activities. If the processing of your data should deviate from the statements made in this Privacy Policy in a specific case, you will be informed of this separately, and this will only be done based on your consent provided that such consent is required by law.

If necessary, we must update this Privacy Policy in connection with the further development of the Internet and changes in the legal situation legal precedents. We, therefore, recommend that review this page in regular intervals to ensure that you have read the most up-to-date version.

 

CONTENT OF THE PRIVACY POLICY

  1. General provisions
    1. What is personal data?
    2. Which data do we collect from you, and how or for what purposes do we process your data?
    3. Data of persons under 16 years of age/sensitive data
  2. Handling personal data for websites for purely informational use
    1. Cookies
    2. Google Services
      1. Google Analytics and Universal Analytics
      2. Google Ads (formerly Google Adwords)
      3. Google Remarketing
      4. Google Campaign Manager (formerly Google DoubleClick)
      5. Google reCAPTCHA
      6. Google Maps
      7. Google Fonts
      8. Google Tag Manager
      9. YouTube videos
    3. Facebook Business Manager
      1. Facebook Pixel and CAPI
    4. Microsoft Advertising
    5. AB Tasty
  3. Operation of social media accounts
  4. Handling personal data during proactive use be the user
    1. Making contact
    2. Purchase via online store
    3. Processing of personal data based on our legitimate interests
    4. Prize games and contests
  5. Transmission of your personal data to third parties
  6. Transmission of your personal data to third parties outside of the EU/EEA
  7. Data security
  8. Storage period
  9. your rights

 

  1. GENERAL PROVISIONS
    The EU General Data Protection Regulation (“GDPR”) and the corresponding national data protection laws protect the fundamental rights and freedoms of individuals and their rights to the protection of personal data.
    1. WHAT IS PERSONAL DATA?
      Personal data is information about data subjects, whose identity is determined or at least can be determined. Personal data includes, for example, names, addresses, telephone numbers, e-mail addresses, user IDs, credit card numbers, social media account IDs, user names, IP addresses etc.

    2. WHICH DATA DO WE COLLECT FROM YOU, AND HOW OR FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
      We collect user data (for example, information provided during registration, ordering, subscribing to newsletters or when contacting us) and technical data (log files; for example, IP addresses, dates, times) from you, provided that this is permitted by law or required as part of contract performance or to preserve our legitimate interests, or you have provided your consent for this purpose.
    3. DATA OF PERSONS UNDER 16 YEARS OF AGE/SENSITIVE DATA
      Unless parental or guardian consent has been obtained, we do not wish to collect information from persons under the age of 16. However, as it is not always possible for us to accurately determine the age of users, we cannot rule out the possibility that our offers/services may nevertheless occasionally contain personal data of persons under the age of 16 without the consent of their parents or guardians. Should we discover that persons under the legally permissible age have registered on our website or used our services without the consent of their parents or legal guardians, we reserve the right to exclude these persons from such offers/services, to block them or to delete the data.

      Furthermore we do not wish to collect sensitive data such as your religious belief, health data or other special categories of personal data mentioned in Art 9 GDPR, unless you have been expressly requested by us to transmit such data.
  2. HANDLING PERSONAL DATA FOR WEBSITES FOR PURELY INFORMATIONAL USE
    If you use our website purely for informational purposes, in other words if you do not register or if you transfer information to us otherwise, we only collect those personal data that are transferred by your browser to our server. If you would like to view our website, we collect the following data that are technically necessary for us in order to show you our website and guarantee stability and security.
    – IP address
    – date and time of the request
    – time zone difference from Greenwich Mean Time (GMT)
    – content of request (actual web page)
    – access status/HTTP status code
    – respectively transferred data amount
    – website from which the request is received
    – browser
    – operating system and its interface
    – language and version of the browser software

    1. COOKIES
      Like most websites, we also use cookies, provided that this is required from a technical standpoint for use of the website or you have provided your consent for this purpose, which you can withdraw at any time. For more information please see our .

      If you have questions or comments on this topic, please contact us using the contact information provided in section 9.

      The legal basis for this processing is Art. 6 Para 1 (f) GDPR.

    2. GOOGLE SERVICES
      All services mentioned under section 2.2 are provided by Google Ireland Gordon House, Barrow Street, Dublin 4, Ireland and/or Google Inc. 1600 Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (”Google”).

      You can prevent participation in various Google services in several ways: a) by adjusting your browser software accordingly, in particular, the suppression of third-party cookies results in you not receiving any third-party ads; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain ”www.googleadservices.com”, https://adssettings.google.com/, although this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the ”About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin, e) by setting your cookie preferences accordingly. We point out that, in this case, you may not be able to use all features of this offer in full.

      For detailed information on how Google secures and handles your personal data please see https://policies.google.com/technologies/product-privacy and https://policies.google.com/privacy.

      Please also visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org/ to find out more about responsible data collection and its use for digital advertising.

      1. GOOGLE ANALYTICS AND UNIVERSAL ANALYTICS
        This website uses Google Analytics, a web analytics service that uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

        This website uses Google Analytics with the extension “_anonymizeIp ()”. We have activated IP anonymization on this website by using the extension “_anonymizeIp ()”, so your IP address will be shortened beforehand by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area. As a result of this IP anonymization reference to particular individuals can be excluded. Therefore, as far as the data collected about you contains a personal reference, it is immediately excluded and the personal data deleted immediately. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

        Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to us Google may also transfer this information to third parties as required by law or if said third parties process this data on behalf of Google. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.

        You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available at the following link and installing it: http://tools.google.com/dlpage/gaoptout. If you want to deactivate the tracking via Google Analytics for your mobile devices please follow the following link to activate the respective opt-out cookie.

        We use Google Analytics to analyze and regularly improve the use of our website. With the statistics, we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US,

        The legal basis for the use of Google Analytics is Art. 6 Para. 1 (f) GDPR.

        For further information please see the following links: Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/, Overview on Google Analytics security and privacy principles: https://support.google.com

        This website also uses Google Analytics for a cross-device analysis of visitor traffic conducted via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.

        Universal Analytics enables cross-device tracking of users and leads to more refined information for those responsible (generally https://support.google.com/analytics). The opinion of the supervisory authorities is not yet available. In any case, the data subject must be informed about the extended use and be shown the possibility to opt out.
      2. GOOGLE ADS (FORMERLY GOOGLE ADWORDS)
        We use the offer of Google Ads, in order to draw attention to our attractive offers with the help of advertising (so-called Google Ads) on external web pages. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.

        These advertising materials are supplied by Google via so-called “ad servers”. To do this, we use ad server cookies, from which certain performance metrics such as ads or user clicks can be measured. If you access our website through a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and should not serve to personally identify you. As a rule, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wants to be addressed) are usually stored as analysis values for this cookie.

        These cookies allow Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the advertisement and was redirected to that page. Each Ads customer is assigned a different cookie. Thus cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.

        Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Ads Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.

        The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

      3. GOOGLE REMARKETING
        In addition to Ads Conversion, we use the Google remarketing application, which enables you to see our ads after visiting our website as you continue to use the internet. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. Consolidation of the data collected during the remarketing with your personal data, which may be stored by Google, does not occur by Google according to its own statements. In particular, according to Google, pseudonymization is used in remarketing.

        With the use of remarketing, information about your browsing behavior is collected for marketing purposes in anonymous form and stored on your computer using cookies (targeting / retargeting). Based on an algorithm, we can then show you targeted product recommendations as personalized banner ads on other websites (so-called publishers). If you do not want this to occur, you can disable it via the Ads Preferences Manager (https://www.support.google.com).

        The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

      4. GOOGLE CAMPAIGN MANAGER (FORMERLY GOOGLE DOUBLECLICK)
        This website uses the online marketing tool Campaign Manager by Google. Campaign Manager uses cookies to place ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are shown in which browser and can prevent them from being displayed multiple times. In addition Campaign Manager uses cookie IDs to track so-called conversions related to advertising requests. This is the case if, for example, a user sees a Campaign Manager advertisement and later goes to the advertiser’s website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain personal information.

        Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server when you visit our website. We have no influence over the scope of the data collected by the employment of this tool by Google and the further use of such data, and inform you therefore according to our level of knowledge: By including Campaign Manager, Google receives the information that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out your IP address and store it.

        Furthermore Campaign Manager cookies (DoubleClick Floodlight) help us to understand whether you complete certain actions on our website after viewing any of our display/video ads on Google or other platforms through Campaign Manager or clicking through one of these ads (conversion tracking). Campaign Manager applies this cookie to understand the content with which you have interacted on our website to be able to send you targeted advertising later on.

        If you want to prevent Google from collecting the data generated by the cookies please download and install the browser plugin available under “Display settings”, “Extension for Campaign Manager deactivation” at https://support.google.com/adsense.

        Further information on Campaign Manager is available at https://marketingplatform.google.com/about/enterprise/

        The legal basis for the processing of your data is Art 6 Para. 1 (a) GDPR.

      5. GOOGLE RECAPTCHA
        This website uses Google reCAPTCHA to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program (“bots”).

        reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website.

        This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.

        The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

      6. GOOGLE MAPS
        This website uses Google Maps to display our location and to provide directions (e.g. via our store finder and event calendars). To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.

        If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. All user settings and data are processed to display a location and describe a certain route.

        By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.

        The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

      7. GOOGLE FONTS

        This website uses Google Fonts to display external fonts. For this purpose, your browser loads the required web fonts into your browser cache to display texts and fonts correctly, which requires your browser to establish a direct connection to Google Servers. Google can identify the website from which your request has been sent and to which IP address the fonts are being transmitted for display.

        The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

      8. GOOGLE TAG MANAGER
        This website uses the Google Tag Manager that allows website tags to be managed using an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, it remains valid for all tracking tags implemented with Google Tag Manager.

        The legal basis for this processing is Art. 6 Para. 1 (f) GDPR.

      9. YOUTUBE VIDEOS
        We have also incorporated YouTube videos into our websites. The videos are stored at www.youtube.com and can be played directly from our websites. These videos are incorporated in such a way that no personal data related to you as the user is sent to YouTube if you do not play the videos.

        If you do play the videos, YouTube cookies will be stored on your computer and data will be sent to Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the YouTube operator. When playing videos stored with YouTube, the following personal data is sent to Google, Inc.: the IP address and cookie ID, the specific address of the page visited on our websites, language setting of the browser, system date and time of access and your browser’s identifier. The data is transmitted regardless of whether you are registered with or logged in to Google. If you are logged in, this data will be attributed directly to your account.

        If you do not want this attribution to your profile, you must log out before activating the button. YouTube or Google, Inc., stores this data as use profiles and uses this data for the purposes of advertising, market research and/or designing its websites based on demand. Such use is meant in particular (not only for logged-in users) to provide advertising based on demand and to inform other users of your activities on our website. You have a right to oppose the creation of these user profiles, and to exercise this right, you must address yourself to Google Inc. as the operator of YouTube. Additional information on the purpose and scope of data collection and processing by Google, Inc., can be found at www.google.at/intl/policies/privacy/. We do not process the personal data collected when the YouTube video is accessed.
    3. FACEBOOK BUSINESS MANAGER
      The Facebook Business Manager is a tool that helps us to create, manage, monitor, and report on various business-related assets on Facebook and Instagram in an organized and targeted way, such as our Facebook company pages, Instagram profiles, and advertising. The Facebook Business Manager also includes a wide range of Facebook Business Tools that are explained below:

      The Facebook Business Tools are technologies offered by Facebook Inc. and Facebook Ireland Limited that help website owners and publishers, app developers, and business partners, including advertisers and others, integrate with Facebook, understand and measure their products and services, and better reach and serve people who use or might be interested in their products and services.

      All of these tools can be used for the so called „Facebook Products“ which include Facebook (including the Facebook mobile app and in-app browser), Messenger, Instagram (including apps like Boomerang), Facebook Shops, Spark AR, Audience Network and any other features, apps, technologies, software, products, or services offered by Facebook Inc. or Facebook Ireland Limited under the  Data Policy of Facebook. For details please also see sections 2.3.1 and 2.3.2 below.

      All services mentioned under section 2.3.1 and 2.3.2 are provided by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook“).

      1. FACEBOOK PIXEL AND CAPI
        For conversion measurement, our website uses the pixel visitor promotion as well as the Conversions Application Programming Interface (“CAPI”) of Facebook.

        Because we use the “Custom Audiences” remarketing feature, which you can disable anytime as described below, your behaviour can be tracked after you have been redirected to our website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures optimized.

        The data collected is anonymous to us as operators of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable advertising to be displayed on Facebook sites and outside of Facebook. This use of the data cannot be influenced by us as a site operator.

        See the data protection notice of Facebook for more information on how to protect your privacy: https://www.facebook.com/about/privacy/.

        You can also disable the “Custom Audiences” remarketing feature in advertisement settings at https://www.facebook.com/ads/preferences/. For this you have to be logged in to Facebook.

        If you do not have a Facebook account, you can opt out of Facebook Commercial Advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.

        The legal basis for the processing of your data is Art. 6 Para. 1 (a) GDPR.

    4. MICROSOFT ADVERTISING
      On our website, we use Microsoft Advertising by Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft“).

      Data processing serves marketing and promotional purposes as well as the purpose of measuring the success of advertising measures (Conversion Tracking). We find out the total number of users who clicked on one of our ads and were forwarded to a website provided with a conversion tracking tag. A personal identification of those users is not possible in this way, however. Microsoft Advertising uses technologies such as cookies and tracking pixels with which your use of the website can be analysed. When you click on an ad placed by Microsoft Advertising, a cookie for the conversion tracking will be saved on your computer. This cookie has limited validity and does not serve the purpose of personal identification. If you visit specific pages on our website and the cookie has not yet expired, we and Microsoft can see that you clicked on the ad and were forwarded to this page. The following information may be collected: IP address, identifiers (tags) allocated by Microsoft, information about your browser and your device, referrer URL (website from which you visited our website), URL of our website.

      Furthermore, we use the so-called “Remarketing function” which enables Microsoft to track your consumption behaviour and therefore show you personalised advertising on Microsoft websites or in Microsoft apps.

      If you do not want your information about your consumption behaviour to be used by Microsoft as described above, you can decline the placing of required cookies. The automatic placing of cookies can be deactivated via your browser settings. Furthermore, you can prevent the collection and processing of data generated by the cookie as well as data related to the use of the website by entering an objection using the following link: https://account.microsoft.com/privacy/ad-settings/signedout

      Further information on data protection and the cookies used by Microsoft can be found on Microsoft's website at: https://privacy.microsoft.com/en-us/privacystatement

      The legal basis for data processing is Article 6 Para 1 (a) GDPR.

    5. AB TASTY
      We use the web analytics service of AB TASTY SAS, 17 - 19 Rue Michel-le-Comte 75003, Paris ("AB Tasty") to perform A/B or multivariate tests to continuously improve our online services. For this purpose, AB Tasty collects statistical information about visitor traffic. This usage data (such as browser used, number of pages viewed/visits, order and duration of visits to a website, filling/emptying of a shopping basket, recording of the use of individual web pages [except in the check-out and registration process], etc.) is recorded anonymously and statistically evaluated. It is not possible to draw conclusions about a specific person or purchase. In addition, AB Tasty carries out geolocation (regional details of your location) using your IP address immediately when you visit the website; the IP address is deleted immediately after geolocation. Based on your interests, AB Tasty designs personalised pattern, which are encrypted and do not allow any conclusions to be drawn about you personally. Cookies are stored for the storage and recognition of site visitors and will be automatically deleted after a maximum duration of 13 months. Further information can be found in our cookie policy.

      Opt Out: If you do not wish to participate in these tests, you can deactivate this function on the AB Tasty website (at https://www.abtasty.com/terms-of-use/) by following the instructions given there. If you delete your browser cookies, you will need to opt out again via this link. We would like to point out that with an opt-out, some functions of the website will not be available or will only be available to a limited extent.

      Further information on data protection and the cookies can be found on AB Tasty's website: https://www.abtasty.com/terms-of-use/.

      The legal basis for this processing is Art. 6 Para. 1 (a) GDPR.
  3. OPERATION/USE OF SOCIAL MEDIA ACCOUNTS
    We are operating several accounts on social media networks or platforms or using such social media networks or platforms in order to communicate with our customers, interested parties and other users and to inform them about our brands, products and services.

    We would like to point out that user data may be processed outside the European Union by the Social Media companies when visiting their websites which can result in risks for users (e.g. it could be difficult to enforce data subject rights of users).

    Please note that your data is usually processed for market research and advertising purposes by the Social Media platforms when visiting their websites. For example, user profiles can be created on the basis of user behaviour and the documented interests of users. The user profiles can then be used to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are registered users of the respective platforms and are logged in).

    The processing of your personal data when visiting our social media channels is carried out on the basis of our and the social media platform’s legitimate interests (effective information of and communication with customers, prospects and users) pursuant to Art. 6  Para.1 (f) GDPR. If you are requested to consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para 1 (a) GDPR.

    With regard to the exercise of your data subject rights under the GDPR we point out that these can be asserted most effectively with the Social Media providers. Only the social media providers have access to your personal data and can directly take appropriate measures and provide information to you. Should you nevertheless need help, please let us know.

    For a detailed description of the respective processing operations and the opt-out options, please refer to the privacy policy of the respective service provider:
  4. HANDLING PERSONAL DATA DURING PROACTICE USE BY THE USER
    In addition to the purely informational use of our website we offer you several services on our website that you may use if you are interested and which we have described in the following sections. For this purpose, as a rule you must provide further personal data that we will use to provide the respective service. You will receive more detailed information on this when you provide your personal data or in the service description below.

    1. MAKING CONTACT
      When the user actively makes contact with us (for example, via e-mail or via our contact form as part of a promotion), the data and information of the user will be stored for the purpose of processing the inquiry and in the event that follow-up questions arise, and forwarded to the responsible person (for example, the IT department, the legal department, logistics etc.).

      We process your personal data according to Art. 6 Para. 1 (a) GDPR and because of our legitimate interest according to Art. 6 Para. 1 (f) GDPR.
    2. PURCHASE VIA ONLINE STORE
      If you make a purchase via this website, we collect, store and process personal data (your name, billing and delivery address, e-mail address, telephone number and the serial number assigned to the ordered items and information on the goods that you purchased) for the purposes of contract performance and the fulfilment of any post-contractual obligations (such as a warranty). For this purpose, we forward your name and your delivery address to transport or courier services for the delivery of the goods that you purchased, and we also forward the payment and transaction data to credit or financial institutions for the handling of payment. It is necessary to provide personal data for the conclusion and fulfilment of the contract.
      1. If you set up an account on our website (for details please see our Terms and Conditions ), we collect the personal data described above together with your user name and password for the purpose of managing your online account.
      2. We can also process the data provided by you to ask you to review a product that you purchased, inform you about offers, news, surveys and contests regarding similar products or services, or to send you e-mails connected with your orders or with technical information. You may object to the use of your data at any time free of charge if the processing serves the purposes of direct marketing (for details please see section 9).
      3. If you register through an existing account (such as Facebook, Google or WeChat), you agree that we will access the data that you store in this account (such as your name, e-mail address, address) and that they will be processed for the purposes described in this section 4.3. For this purpose, during registration, you must once again explicitly consent to data transmission from the respective existing account.
      4. We process your personal data for the performance of the contract according to Art. 6 Para 1 (b) GDPR and because of our legitimate interest according to Art. 6 Para 1 (f) GDPR.

    3. PROCESSING OF PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS
      We might also process the personal data provided in connection with registration and ordering (e.g. your name, billing and delivery address, e-mail address, telephone number, the serial number assigned to the ordered item as well as additional information on the goods that you purchased) to improve our products and services. In addition, we process the specified data categories for internal statistical and operational purposes, for example, to measure and understand trends related to demographics, users, user interests, purchases and other trends among our users, as well as for recall actions and for the quick processing of complaints based on our legitimate interests. The data may also be processed for research, precautionary, defence and other measures in particular with regard to non-compliance with this Privacy Policy, illegal actions or suspected fraud, or to take measures in situations in which the potential risk of violation of our legal rights or the rights of other persons exists. You may object to the use of your data at any time if the processing serves the purposes of direct marketing (for details please see section 9).

    4. PRIZE GAMES AND CONTESTS
      In connection with the prize games, contests or promotional activities that we offer, we will use your personal data solely for holding the prize game, contest or promotional activity (for example, to contact winners, to send the prize), unless you have granted us your explicit consent for use in other ways.
  5. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES
    We also transmit your personal data to the necessary extent to external performance agents or service providers (including our other companies of the HEAD Group):
    • to IT service providers and/or providers of data hosting or data processing or similar services;
    • to other service providers, providers of tools and software solutions who also support us in providing our services and work on our behalf (incl. providers of marketing tools, marketing agencies, communication service providers and call centres);
    • to other Group companies of the HEAD Group (a list of our Group companies to which personal data is transmitted can be found for contract performance, based on an existing legitimate interest and fulfilment of legal obligations;
    • to any third parties who are involved in fulfilling our obligations to you (for example, parcel service providers for the shipment of your online store order to you, payment service providers for payment processing in the online store, banks for payment processing);
    • to other external third parties to the necessary extent (for example, auditors, insurance companies if an insured event occurs, legal representatives should the situation arise etc.);
    • to officials and other public offices to the extent required by law (for example, tax authorities etc.).
  1. TRANSMISSION OF YOUR PERSONAL DATA TO THIRD PARTIES OUTSIDE OF THE EU/EEA
    We might transmit your personal data to companies and contractual partners outside of the EU/EEA for the provision of our services, the operation of the website, the handling of your order, the maintenance of our IT systems and software etc. However, such transmission does not change anything in our obligation to protect your personal data in accordance with this Privacy Policy. If your personal data is forwarded outside of the EU/EEA, we guarantee an adequate measure of security by forwarding them to countries that have an appropriate level of protection based on confirmation by the European Commission, or by concluding an appropriately formulated contract between us and the legal person outside of the EU/EEA who receives the data. In other cases, the data transfer might be based art. 49 para. 1 GDPR. You may receive a copy of the suitable guarantees by sending an e-mail to us at privacy@tyrolia.com.
  1. DATA SECURITY
    We take appropriate technical and organisational security measures to protect your personal data from unintentional or unauthorised deletion or modification, and from loss, theft and unauthorised viewing, forwarding, reproduction, use, alteration or access. We and our employees are also bound to data secrecy and confidentiality. Likewise, performance agents and authorised agents of the HEAD Group who must have access to your personal data to fulfil their professional duties will receive access and will be subject to the same obligations to observe data secrecy and confidentiality.
  1. STORAGE PERIOD
    We will save the personal data processed via our website as long as they are required for the fulfilment of our contractual obligations. If processing depends upon your consent, we will store this data as long as you do not withdraw your consent. We will also store your data only as long as we are obligated by law to store them and as long as claims can be asserted against us.
  1. YOUR RIGHTS
    You have the right to receive information in a clear, transparent and intelligible manner regarding how we process personal data and regarding your rights as a data subject (Art. 13 et seqq. GDPR):
    • You therefore have the right to information and to receive a copy of the personal data about you that is processed; (Art. 15 GDPR);
    • If the personal data is incorrect or no longer current, you have the right to rectification; (Art. 16 GDPR);
    • You also have the right to erasure of your data (“right to be forgotten”); (Art. 17 GDPR)
    • You also have the right to unsubscribe from marketing campaigns and to opt out in this regard at any time; (Art.21 Para. 2 GDPR);
    • You may also revoke your consent to the processing of personal data at any time with effect for the future if processing is based on your consent; (Art 7 GDPR)
    • You also have the right to data portability (Art. 20 GDPR) in a commonly used and machine-readable format. This applies exclusively to data that you have provided, with which processing is based on a contract or consent and with which processing takes place automatically;
    • Finally, you have the right to request that the processing of data by us be restricted (Art. 18 GDPR), so that we may only continue to store them and no longer use or process them. However, this applies only in the following situations:
      • The accuracy of the personal data is contested by you for a period enabling us to verify the accuracy of the personal data;
      • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
      • We no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
      • You have objected to processing based on our legitimate interests and the verification of whether legitimate grounds on our side override those on your side is not yet certain.
    • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
    • You also have the right to lodge a complaint with the competent data protection authorities if you are of the opinion that the processing of the personal data about you violates the applicable data protection laws (Art. 77 GDPR).

      Before you lodge a complaint with the data protection authorities, or if you have questions, you may also contact us:

      Head Sport GmbH
      To the attention of the Legal Department Wuhrkopfweg 1, 6921 Kennelbach
      Via e-mail at privacy@tyrolia.com

      Your right to object

      As the data subject, you may object to the use of your data at any time if the processing serves the purposes of direct marketing. If we process your data for legitimate purposes, you also have the right to object at any time if grounds for this arise from your specific situation. In this case, we ask you to provide reasons as to why the data should not be processed in the future.


      So that we can process your inquiry regarding your rights specified above and ensure that personal data is not given to unauthorised third parties, please address the inquiry with a short description regarding the scope of the exercise of your data subject rights listed above.

 

Version date: September 2021