1 Introduction

1.1 This Privacy Policy (“Policy“) sets out how the company named in the imprint in its capacity as the Controller (hereinafter “Thalheimer Heilwasser”, “we”, “us”, “our”) collects and processes personal information about you when you visit our website (“Website“). By continuing to use this Website, you confirm that you have read this Policy.

1.2 If we change anything important about this Policy (the information we collect, how we use it or why we use it) we will highlight those changes at the top of the Policy and provide a prominent link to it for 30 days following the change and prior to the change taking effect.

2 Information we collect

2.1 Information you give us. You may give us information, including information that can identify you (“personal information“), when you use our Website, correspond with us, enter into any of our competitions, promotions or surveys, post on our website, subscribe to receive our newsletter, purchase our goods, create an account or when you communicate with us and at us through one of our social media platforms. Where we request required information from you, we will collect the information contained in the relevant forms or pages. You may choose to provide additional information to us when you contact us or otherwise interact with us.

2.2 If you are a regular user of our Website, you may wish to create an Account (“Account“) with us. The information that you provide when setting up your Account may include your name, Account username, email address, gender, country of residence, telephone number. If you register to hold an Account with us, you will also create a unique password, which enables you to access your Account.

2.3 If you purchase goods on our Website, we will also collect your delivery address, billing address and payment information. Please note that we will not be storing your payment information, this will be done via a third-party payments company.

2.4 If you subscribe to receive one of our newsletters or receive other forms of direct communications from us, then you may provide us with your name, email address, gender, date of birth and interests.

2.5 When you use our Websites, we may use your personal information to create specialised recommendations to enhance your user experience.

2.6 Information we collect automatically. When you visit our Website, we may automatically collect the following information: your IP address, log-in information, location information, browser type and version, browser plug-in types and versions, operating system and platform, information about your visit including the URL clickstream to, through and from our Website, your advertising ID (if this is supported by your device such as an Apple product or Google product),products you viewed or searched for, length of visits to certain pages, page interactions, screen resolution, buffering issues, user behaviour and unique device identifiers (for example an IMEI address (a unique number assigned to mobile phones that is used by GSM networks to help them identify valid mobile devices)). We collect information automatically through the use of various technologies, including through “cookies” and “web beacons”.

2.7 We may also collect information about you through our security systems when you visit our premises.

2.8 We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them (including information that is publicly available).

3 Why we use your information

We use the information we collect in order to provide you with the best possible experience when you access our Website and engage with us. This includes using your information for the following purposes:

  • (a) providing and improving our products and services: we use your information in order to provide you with the products and services you have requested, including when making a purchase, sending you confirmation emails or contacting you regarding your Account. We use your information to improve and adapt our Website, products and services to better suit the behaviors and technical capabilities of our users;
  • (b) creating and managing your Account: we use your information in order to create your Account and manage our relationship with you. We also use your information to communicate with you regarding your Account and our services;
  • (c) administering the Website: we use your information in order to administer our Website for internal operations, including troubleshooting purposes and to understand any errors you may encounter when using our Website;
  • (d) improving use and content of our web page: we use your information in order to improve the content of our web page and ensure that it is presented in the most effective manner for you and your devices;
  • (e) safety and security: we use information collected on our Website as part of our efforts to keep our Website safe and secure and to help manage and administer our IT systems. We use information collected through our security systems to help keep our premises and individuals safe and secure.
  • (f) Online-Marketing: Wir verwenden Ihre Daten, um die Effektivität der Werbung, die wir an Sie und andere ausliefern zu messen und zu verstehen, und um Ihnen relevante Werbung zu liefern. Wir verwenden Ihre Daten auch, wenn wir mit Ihnen über die sozialen Medien kommunizieren, um unsere Social Media-Marke aufzubauen und zu pflegen.
  • (g) personalising and tailoring your experience: where permitted by law, we may combine information we receive from third party sources, with information you give to us and information we collect about you, including cookie and web beacon information. We may use this information and the combined information for learning more about your preferences as our customer, for enhancing your user experience on our Website;
  • (h) providing a consistent experience across devices and platforms: we will match information collected from and provided by you on one device or platform with information collected from and provided by you on other devices and platforms;
  • (i) providing customer service and managing any complaints or requests: we may use your information in order to provide you with a more efficient customer care service and managing any complaints or requests on your behalf;
  • (j) to make necessary disclosures and law enforcement: we may use your information in order to make necessary disclosures in response requests which We are legally required to comply with, to law enforcement or regulatory authority, body or agency or in the defence of a legal claims. Furthermore, to enforce our Terms and Conditions and/or this Policy; and
  • (k) administering a sale, transfer or reorganisation of one of our business entities.


4 Legal basis for using your information

Our processing of your personal information will be based on a variety of legal basis, including:

  • (a) where you have provided your consent: for example, we require your consent when using technology such as cookies or when processing special categories of data;
  • (b) where the processing is necessary for the performance of a contract: for example, deliver goods you have ordered on our web shop;
  • (c) where we need to comply with a legal obligation: for example, we may need to disclose your data to a law enforcement agency or to your or our representatives acting in a legal dispute; and
  • (d) where the processing is necessary for the purposes of our legitimate interests: this includes, for example, to: (1) provide our products to you; (2) ensure your Account is adequately protected and to ensure that our Website, network and information technology are secure and are being used in an appropriate manner; (3) better understand how you use our products and Website and to make improvements; (4) research and analyse the products you want; (5) efficiently communicate; (6) provide security over our business and who we partner with and to monitor the areas around and within our premises to safeguard our employees, customers and members of the public against wrongdoing or criminal activity; (7) develop and maintain relationships with vendors, partners and other companies and dealing with individuals who work for them; (8) to remain aware of updated market practice to ensure that we are offering a service which is competitive and meets the expectations of our customers; and (9) determine the effectiveness of advertising on our Website. In some jurisdictions, this type of processing requires consent. We will obtain your consent where we are legally required do so.


5 How we share and disclose your information

5.1 We may share your information with third parties for the purposes outlined at section 3 of this Policy and with third parties providing a service to us or acting as our agents, including, but not limited to, sub-contractors (including their agents) and professional advisers, advertising agencies, ad networks, IT suppliers, database providers, backup and disaster recovery specialists, email providers and other service providers necessary for improving our products and services.

5.2 We will:

  • (a) share aggregated, anonymised or other de-identified data with advertisers, advertising networks and social networks that require the data to select and serve relevant adverts to you and others. We will also use aggregate information to help advertisers reach the kind of audience they want to target;
  • (b) make use of the personal information we have collected from you to help our advertisers display their advertisements to a target audience and to present our promotional messages to you. This means you will be presented with advertisements that are more relevant to you as a result of the personal information we hold about you; and
  • (c) share your personal data with and access information from analytics and search engine providers that assist us in the improvement and optimisation of the Website for better personalisation of content and advertising.

5.3 Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your personal information, will only be provided in connection with the performance of their function. They will not be permitted to use your personal data for any purposes other than those outlined in this Policy.

6 How to opt in or opt out of direct marketing

6.1 We, and selected third parties, may use the information you give us on our Website for direct marketing purposes to provide updates, newsletters, or other communications that we think may interest you.

6.2 Where required by law, your prior consent will be obtained before we send you direct marketing. In any event, we will offer you the option to unsubscribe in every communication sent.

6.3 You may object to receiving direct marketing from us at any time by contacting us by email at the email address detailed below or selecting the unsubscribe option in our email communications.

7 Cookies and other technologies

7.1 We collect information automatically through the use of “cookies”. Cookies may be set by us, or they may be set by third parties. A cookie is a text file containing small amounts of information that a website can send to your browser, which may then be stored on your computer as a tag that distinguishes your computer but does not name you. Some of our Website pages use cookies to better serve you when you return to the Website and also to verify the minimum age. You can decide which Cookies we activate in our Cookie Settings.

7.2 We also make use of “web beacons” also commonly known as “single pixel GIFs”, “clear GIFs” or “tags”. Web beacons are small graphic images that may be included on our Website. Web beacons allow us optimise our products and services and provide us and third-party partners with analytics information, such as how many visitors our Website receives. We may also use web beacons in our email correspondence to determine whether you open them or take any further action. We also work with other organisations to place our web beacons on their websites or in their advertisements. We do this to helps us develop statistics on how often clicking on an advertisement on a Thalheimer Heilwasser website results in a purchase or other interaction on the advertiser’s website.

8 Links to other websites and social media

8.1 Where we provide links to other websites, we do so for information purposes only. The other websites are outside our control and are not covered by this Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

8.2 In some pages of our Website, third parties that provide content, applications or plug-ins through our Website may track your use of content, applications and plug-ins or customize content, applications and plug-ins for you. For example, when you share an article using a social media sharing button on our Website (e.g., Facebook, Twitter, or Google Plus), the social network that has created the button will record that you have done this.

9 Data retention

9.1 We will not retain your information for longer than is necessary for our business purposes or for legal or regulatory requirements.

9.2 We will retain your information for as long as you have an Account with Thalheimer Heilwasser and for a period of time thereafter if it is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes. We retain your information in accordance with our internal data retention procedures.

9.3 If you object or opt-out of receiving direct marketing communications from us, we will remove your contact details and marketing permissions to ensure that you do not receive any future marketing communications from us. Also, we will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

9.4 In all cases, we will continue to protect your personal data in accordance with the terms of this Policy. We will also routinely refresh our information to ensure we keep it up-to-date.

10 Your rights

10.1 Subject to applicable law, you may have the following rights, in certain circumstances, in relation to your personal information:

  • (a) Right to access your personal information. If you wish to obtain a copy of the personal information that we hold about you, please contact us at the email address stated below. Before responding to your request, we may ask you to verify your identity and to provide further details about your request. We will endeavour to respond within an appropriate timeframe and, in any event, within any timescales required by law.
  • (b) Right to rectify, erase or restrict the processing of your personal information. If you wish to rectify, erase or restrict the processing of your personal information please contact us at the email address stated below. It is your responsibility to ensure that you submit true, accurate and complete information to us and keep this information up to date.
  • (c) Right to withdraw consent. Where you have provided your consent to processing, you may withdraw your consent at any time by contacting us at the email address stated below.
  • (d) Right to data portability. You can ask us to help you move some of your information to other companies. To help with that you have a right to ask that we provide your information in an easily readable format to another company. You can email your request to the email address stated below.
  • (e) Right to object. You can object to the way we process your personal information or object to direct marketing based on profiling where this is based on legitimate interests, by emailing your request to the email address stated below.
  • (f) Right not to be subject to an automated decision
  • (g) Right to lodge a complaint with a supervisory authority. You can get in touch with your local regulator if you have a complaint in relation to how we handle your personal information.

10.2 If you have chosen to have an Account then you can access the personal information we hold about you via your Account to obtain a copy of it and to correct, amend, or delete information that is inaccurate. You can also close your Account at any time.

10.3 If you would like to exercise any of your rights listed above, you can contact us at the email address detailed below.

11 Profiling

12.1 We may use your data in order to try and learn more about you so that we can aim to better predict what products and services you may be interested in.

12.2 On some of our e-commerce websites, we engage service providers who use automated decision making in order to verify your address and assess your creditworthiness. This allows us to ensure we use correct address data and to evaluate the risk of non-payment for our products and services.

12 Information security

12.1 We apply physical, technical and administrative measures to protect your personal information that is under our control from unauthorised access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers.

12.2 Where you have a password, which enables you to access our Website, you are responsible for keeping this password secure and confidential.

13 International transfers

13.1 Given that the Internet is a global environment, using the Internet to collect and process personal information necessarily involves the transmission of data on an international basis. While we generally store all of the personal information that we collect about you through our Website in your region (for example for European visitors, in the European Economic Area), it is possible that your personal information will be transmitted to parties outside your region (where data protection laws may be different e.g. in the United States).

13.2 If such transfer happens, we have implemented safeguards and data protection solutions to ensure your information is adequately protected in any third countries e.g. by using standard contractual clauses. If you would like to obtain the details of such safeguards, you can request these by contacting us by email detailed below.

14 Use of this Website by minors

14.1 By using this Website, you confirm that you are over the age of 16. If you are 16 or younger and share data with us, we will cease processing these data as soon as we become aware of the fact.

15 Changes to the Policy

16.1 This Policy was last updated on [12.05.2022].  A notice will be displayed for 30 days whenever this Policy is changed in a material way. By continuing to use our Website, you confirm your acceptance of the relevant changes.

16 Questions, Concerns, Complaints about this Policy and DPO Contact Details

16.1 If you have a question, concern or complaint about this Policy or our handling of your information, you can contact us: office@thalheimerheilwasser.at.