Shop-Vac – DatA PROTECTION Statement FOR THE WeBSITE
Welcome to the Shop-Vac Data Protection Statement. For the purposes of this Data Protection Statement, Shop-Vac International Inc. will be referred to as Shop-Vac.
Shop-Vac respects your privacy and is committed to protecting your personal data. The purpose of this Data Protection Statement is to describe how we will handle your personal data if you visit our website (irrespective of where you are accessing it) and inform you of your data protection rights as well as the legal provisions in place to protect you.
Please read Item 10 to make sure you understand the terminology used in this Data Protection Statement.
1. Important information about this Data Protection Statement and about us
Purpose of this Data Protection Statement
The purpose of this Data Protection Statement is to inform you of how Shop-Vac will collect and process your personal data obtained through your use of this website, including all data that you provide to us through this website when you subscribe to our newsletter or purchase a product or service.
This website is not meant to be used by children and we do not knowingly collect any data about children.
It is important to read this Data Protection Statement in combination with all other data protection information or information on fair data processing which we have provided or will provide to you on certain occasions when collecting or processing your personal data, so that you fully understand how and why we are using your data. This Data Protection Statement supplements such other information and is not intended to invalidate it.
Shop-Vac International Inc., Philipsstraße 27, 8403 Lebring, Austria
firstname.lastname@example.org; phone: 0043 3182 34405, fax: 0043 3182 49466
You have the right to contact the Data Protection Authority at any time. However, we would appreciate it if you gave us the chance to deal with your concern before involving the authority. So please contact us first.
Changes in your data
It is important that the personal data which we store about you are accurate and up to date. Please notify us if your personal data change during your business relationship with us.
2. Which data will we collect about you?
Personal data or personal information means any information relating to a natural person which can be used to identify that person. This does not include data from which the identifier has been deleted (anonymous data).
We are entitled to collect, use, store and transmit various types of personal data about you, which we have listed as follows:
- Identity data comprise your first name, surname and title.
- Contact data comprise your invoice address, delivery address, e-mail address and telephone number and, where applicable, your VAT number.
- Financial data comprise your bank account data and payment card data.
- Transaction data comprise information about payments made to you and by you as well as other details regarding products and services you have purchased from us.
- Technical data comprise your Internet protocol (IP) address, your log-in data, your time zone settings and your location as well as the browser plug-in types and versions which you use to access this website.
- Profile data comprise your previous purchases or orders as well as your preferences.
- Usage data comprise information about how you are using our website, products and services.
- Marketing and communication data comprise your preferences for receiving our marketing and promotional material and your preferred communication channels.
In addition, we will also collect, use and share aggregated data, such as statistical or demographic data, for all purposes. Aggregated data may be derived from your personal data but do not classify as personal data as these data neither directly nor indirectly disclose your identity. We may, for example, aggregate your usage data in order to calculate the percentage of users accessing a certain feature on our website. If, however, we combine or connect aggregated data with your personal data in such a manner that it becomes possible to directly or indirectly identify you, we will treat such combined data as personal data and use them in compliance with this Data Protection Statement.
We will not collect any special categories of personal data (which include information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health as well as genetic or biometric data) about you. Neither will we collect any information about criminal convictions or criminal offences.
What will happen if you do not provide us with any personal data?
If the law or a contract with you oblige us to collect personal data and you fail to provide us with such data, we may not be able to perform the contract we have entered or intended to enter into with you (e.g. for the delivery of products or the performance of services). In such case, we may have to cancel the order you have placed for a product or a service. However, we will inform you accordingly should this be the case.
3. How will we collect your personal data?
We use different methods to collect data from and about you. These include the following:
- Direct interaction. You may provide us with data about your identity, your contact data and your financial data by filling in forms or by corresponding with us by mail, telephone, e-mail or via our website or any other channel. This may also include personal data which you provide to us when you
- show an interest in our products and services;
- open an account on our website;
- subscribe to our information service or our publications; or
- request us to send you promotional material.
- Third parties or publicly accessible sources. We may also receive personal data about you from various third parties, as described below:
- Technical data from analytics providers, such as Google, which are based outside the EU;
- Contact, financial and transaction data from providers of technical services or payment and delivery service providers based within the EU;
- Identity data and contact data from publicly accessible sources such as the commercial register.
4. How will we use your personal data?
We will use your personal data only as permitted by law. We will use your personal data mainly in the following cases:
- Where we have to perform the contract which we have entered into with you.
- Where this is necessary for our legitimate interests (or those of a third party) provided that neither your interests nor your fundamental rights are overriding.
- Where we have to meet a legal or official obligation.
As a rule, we do not rely on your consent as a legal basis when processing your personal data, except in the case of sending direct marketing information to you per e-mail or text message. You have the right to withdraw your consent to receiving marketing material from us at any time. All you have to do is contact us.
For which purposes will we use your personal data?
In the following table, we have described how we are planning to use your personal data and on which legal basis we will do so. Where applicable, we have also specified our legitimate interests.
Please bear in mind that we are entitled to process your personal data for more than one lawful purpose, depending on the purposes for which we are using your data. Please contact us should you require any information on the specific legal basis on which we are processing your personal data in any of the cases where more than one reason is listed in the table below.
|Purpose/activity||Type of data||Legal basis for processing, including the basis for our legitimate interest|
|Registering you as a new customer||(a) Identity
|Performing a contract with you|
|Processing and delivering your order, including:
(a) Administration of payments, fees and duties
(b) Collection of the amounts owed to us
(e) Marketing and communication
|(a) Performing a contract with you
(b) Necessary for our legitimate interests (for collecting the receivables to which we are entitled)
|Administration of our business relationship with you, which may include the following:
(a) Notification of changes in our terms and conditions or our privacy policies
(b) Request to provide a review or to participate in a survey
(d) Marketing and communication
|(a) Performing a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records up to date and to analyse how our customers are using our products/services)
|Management and protection of our company and this website (including error correction, data analysis, tests, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (to conduct our business, to provide administrative services and IT services, for purposes of system safety, to prevent fraud and in the course of corporate reorganisation measures or a restructuring of our group)
(b) Necessary to meet a legal obligation
|Display of relevant website content||(a) Identity
(e) Marketing and communication
|Necessary for our legitimate interests (to understand how our customers are using our products/services, for the development and expansion of our business and to inform our marketing strategy department)|
|Use of data analyses to enhance our website, our products/services, our marketing, our customer relations and, where applicable, our experience||(a) Technical
|Necessary for our legitimate interests (to define customer types for our products and services, to keep our website up to date and provide relevant content, to develop our business and to inform our marketing strategy department)|
|Provision of suggestions and recommendations for goods or services which may be of interest to you||(a) Identity
|Necessary for our legitimate interests (to develop our products/services and to expand our business)|
We make an effort to provide you with several options regarding the use of certain personal data, in particular regarding marketing and advertising:
Our promotional offers for you
We may use your identity, contact, technical, usage and profile data to gain an overview of what we think you may want to have or need or what you may be interested in. On this basis, we will decide which products, services and offers may be relevant for you (that is what we call marketing).
You will receive marketing notifications from us if you have ordered information from us or bought goods or services from us and if you have not opted against receiving such marketing information.
We will obtain your express consent prior to forwarding any of your personal data to companies outside the Shop-Vac Group for marketing purposes.
You may, at any time, request us to stop sending you marketing information. In order to adjust your marketing preferences, please log on to the website, click on “click here to unsubscribe from our mailing list” and fill in the form, or contact us at any time.
If you decide against receiving these marketing notifications, this will not apply to personal data which are provided to us as a result of a purchase of a product/service or any other software-related transactions.
Change in purpose
We will use your data exclusively for the purposes for which we have collected them, unless we take the view that we have to use them for a different reason and such reason is compatible with the original purpose. If you are interested in an explanation as to how the processing for the new purpose is compatible with the original purpose, do not hesitate to contact us.
If we have to use your personal data for another purpose, we will inform you accordingly and explain the legal bases which enable us to do so.
Please note that we are entitled to process your personal data without your knowledge and without your consent in compliance with the above rules to the extent that this is required or permitted by law.
5. Disclosure of your personal data
We may have to forward your personal data to the parties listed below for the purposes listed in the table in Item 4 above.
- Internal third parties pursuant to Item 10
- External third parties pursuant to Item 10
- Third parties to which we may sell or transfer parts of our company or our assets or with which we may combine parts of our company or our assets. Alternatively, we may attempt to acquire other companies or merge with them. Should a change in our company structure occur, the new owners will be entitled to use your personal data in the same manner as described in this Data Protection Statement.
We require of all third parties that they respect the safety of your personal data and handle them in compliance with the law. We do not allow our third-party providers to use your personal data for their own purposes and only grant them the right to process your personal data for certain purposes and in line with our instructions.
6. International transmission
We will transmit your personal data within the Shop-Vac Group, also outside the European Economic Area (EEA).
Whenever we transmit your personal data outside the EEA, we will ensure that a comparable level of protection is afforded by making sure that appropriate protection measures are taken.
Please contact us if you require additional information on the specific mechanism that we use when transmitting your personal data outside the EEA.
7. Data security
We have taken appropriate protection measures to prevent any accidental loss, use or unauthorised retrieval, alteration or transmission of your personal data. Moreover, we limit access to your personal data to employees, representatives, contractors and other third parties that require such access to your data for business purposes. They will only process your personal data if instructed to do so by us, and are bound by secrecy.
We have introduced procedures to deal with any suspected personal data breach and will inform you and the competent authorities of any such data breach provided that we are legally obliged to do so.
8. Storage of data
How long will you use my personal data?
We will store your personal data only as long as necessary for fulfilling the purposes ascertained by us, including compliance with legal, accounting or documentation obligations.
When determining the appropriate storage period for personal data, we take into account the scope, type and sensitivity of the personal data, the potential risk of damage through the unauthorised use or transmission of your personal data, the purposes for which we process your personal data and whether these purposes can be achieved by other means, as well as the applicable legal provisions.
For legal, financial and tax reasons we are obliged by law to keep fundamental information pertaining to our customers (including contact, identity, financial and transaction data) for seven years after these persons cease to be our customers.
Under certain circumstances you may request that we delete your data: For further information, please refer to Item 10 under “Request to delete (your personal data)”.
Under certain circumstances we may anonymise your personal data (so that they can no longer be attributed to you) for research or statistical purposes and use this information indefinitely, without notifying you thereof.
9. Your legal rights
Under certain circumstances you have specific privacy rights regarding your personal data. For further information on each of the following rights, please refer to Item 10:
- Request to access your personal data
- Request to rectify your personal data
- Request to delete your personal data
- Objection to the processing of your personal data
- Request to restrict the processing of your personal data
- Request to transmit your personal data
- Right to withdraw your consent
Should you wish to exercise one of the above rights, please notify us.
Generally free of charge
You do not have to pay any fee to access your personal data (or to exercise other rights). However, we may charge an appropriate fee in the event that your request is clearly unfounded or disproportionate or if you make repeated requests. Alternatively, we may refuse to meet your request under such circumstances.
What we may require of you
We may have to request specific information from you in order to verify your identity and ensure your right to access your personal data (or to exercise your other rights). This is a precaution taken to guarantee that personal data are not transmitted to any unauthorised persons. We may also contact you and ask you for further information concerning your request in order to speed up our reply.
Period for reply
We try to answer all justified requests within one month. Occasionally, it may take longer than one month if your request is particularly complex or if you have made several requests. In such a case, we will notify you and keep you updated.
Legitimate interest means the interest of our company in transacting and managing our business so as to be able to provide you with top-quality service and the best and safest possible experience. We make sure that we consider and compensate all potential (positive and negative) effects on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for any activities if the effects on you override our interests (unless we have obtained your consent or are otherwise legally obliged to do so or it is legally permitted).
Performance of contract means the processing of your data if required for the performance of a contract to which you are a party or if, upon your request, we process your data prior to the conclusion of such a contract.
Compliance with a legal or official obligation means the processing of your personal data if required for the fulfilment of a legal or official obligation to which we are subject.
Internal third parties
Other companies of the Shop-Vac Group which are located in the USA and provide administrative services.
External third parties
Service providers which operate as processors within the EEA and provide IT and system administration services (at present VIVEUM) as well as (at present) Volksbank.
YOUR LEGAL RIGHTS
You have the following rights:
Request to access your personal data, which allows you to obtain a copy of your personal data stored by us and verify whether we process them lawfully.
Request to rectify your personal data stored by us, which allows you to have any incomplete or imprecise stored data rectified, although we have to verify the correctness of the new data provided by you.
Request to delete your personal data, which allows you to require us to delete personal data if there is no valid reason justifying their further processing. You also have the right to require us to delete your personal data if you have successfully exercised your right of objection (see below), if we have processed your data unlawfully, or if we are obliged to delete your personal data to comply with national laws. Please note that for certain legal reasons, of which you will be notified at the time of your request, if applicable, we will not always be in a position to meet your request to delete your personal data.
Objection to the processing of your personal data in the event that we invoke legitimate interests pursued by us (or by a third party) and, in your particular situation, you wish to raise an objection to the processing on this ground because in your opinion this infringes your fundamental rights and freedoms. You also have the right to object to our processing of your personal data for the purposes of direct marketing. In some cases we may be able to demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.
Request to restrict the processing of your personal data. This enables you to request us not to process your data in the following situations: (a) when you want us to verify the accuracy of the personal data; (b) when our use of the data is unlawful but you do not wish us to delete them; (c) when we no longer need the data but you want us to keep them for the purpose of establishing, exercising or defending legal claims; or (d) when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds for using them.
Request to transmit your personal data to you or a third party. We will provide you or a third party selected by you with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you have initially placed at our disposal or we have used to perform a contract with you.
You have the right to withdraw your consent at any time in cases where our processing of your personal data requires your consent. The withdrawal of your consent will not affect the lawfulness of processing that was done based on your consent before its withdrawal. If you withdraw your consent, we may not be able to provide you with certain products or services. Should this be the case, we will inform you thereof at the time you withdraw your consent.
Separate information pursuant to Article 21(4) of the GDPR:
To the extent that the processing is based on the legitimate interest of the company, the data subject has the right to object pursuant to Article 21(1) of the GDPR. However, this applies only on grounds relating to his or her particular situation. It would not suffice for the data subject to object in general to any kind of storage or other processing. Rather, the data subject has to put forward personal reasons explaining why the (further) processing of his or her personal data is unacceptable to the data subject – unlike the cases of other customers and users. If this is made evident, further processing of the data subject’s personal data is only permissible in two cases:
- if the company demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or
- if the data are processed for the establishment, exercise or defence of legal claims.
Pursuant to Article 21(2) of the GDPR, the data subject, in any event, has the right to object to the processing of personal data concerning him or her for direct marketing purposes. The data subject also has the right only to object to the processing of selected individual categories of data concerning him or her, e.g. the use of his or her e-mail address for advertising purposes.
We have enabled the IP anonymisation feature on this website. As a consequence, Google will truncate your IP address in Member States of the European Union or in other states that are parties to the Agreement on the European Economic Area before transmitting it to the USA. In exceptional cases only, the full IP address will be sent to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google Analytics will not associate the IP address provided by your browser with any other data held by Google.
Objection to collection of data
You can prevent the data generated by the cookie about your use of the website from being transmitted to Google and being processed by Google, by downloading and installing the browser plug-in that is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
For instructions on how to prevent Google from storing your data, please go to: https://developers.google.com/analytics/devguides/…
This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send us as the site operator. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL encryption has been enabled, the data you transfer to us cannot be read by third parties.