Privacy Policy

The controller within the meaning of Art. 4 (7) GDPR and other data-protection provisions is:

Appointment of a data protection officer is not legally required. Please direct any data-protection enquiries to the contact details above.

Ferdinand Schwarzer GmbH processes personal data of its customers exclusively on the basis of the GDPR, the Austrian Data Protection Act (DSG) and other applicable provisions. Processing only takes place to the extent necessary for the performance of a contract, to safeguard legitimate interests, to fulfil legal obligations, or with your express consent.

Where this Privacy Policy refers to content, tools or other means provided by third parties, this is always done on the basis of an appropriate legal basis under Art. 6 (1) GDPR.

(a) Visits to our website (server log files). When you visit our website, technically required data is automatically transmitted to our hosting provider, in particular IP address, date and time, browser type and version, operating system, language settings, referrer URL and the name of the requested file. Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the stability, security and functionality of our website). Storage period: 14 days, unless security incidents require longer retention.

(b) Contact. When you contact us via the contact form or email, we process the information you provide (name, email address, subject, message) in order to handle your request. Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures) and lit. f GDPR (legitimate interest in efficient communication). Storage period: until your request has been resolved; longer where statutory retention obligations apply.

(c) Orders and contract performance. To process your order we collect salutation, first and last name, delivery and billing address, email address, phone number where applicable, ordered products, payment details and engraving or gift-message text (if provided). Legal basis: Art. 6 (1) lit. b GDPR (performance of contract) and – with regard to tax and commercial records – Art. 6 (1) lit. c GDPR in conjunction with § 132 BAO and § 212 UGB. Storage period: 7 years from the end of the financial year.

(d) Newsletter. If you subscribe to our newsletter, we process your email address in order to send editorial content and product-related information. Legal basis: Art. 6 (1) lit. a GDPR (consent). You may withdraw your consent at any time with effect for the future, e.g. via the unsubscribe link in any newsletter or by email to fs@schwarzer.jewelry.

(e) Customer account. If you create a customer account, the data provided in the registration form is processed for the purpose of managing the account and simplifying future orders. Legal basis: Art. 6 (1) lit. b GDPR. You may have your account deleted at any time, unless statutory retention obligations require otherwise.

Personal data is disclosed to third parties only on the basis of Art. 6 (1) GDPR and only to the extent required for the performance of the contract or the protection of legitimate interests. Data processing agreements pursuant to Art. 28 GDPR are in place with all processors.

We use the following service providers in particular:

• Shopify International Limited (Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland) as our e-commerce platform and payment processor. Shopify processes order, payment and shipping data on our behalf. Transfers to third countries may occur; in such cases Shopify relies on the EU Commission's Standard Contractual Clauses. Details: shopify.com/legal/privacy.
• Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) as the hosting provider for our storefront. Server log data is processed in data centres located within the EU.
• Shipping providers (e.g. Austrian Post, DHL/Deutsche Post). We disclose name and delivery address to the extent necessary for delivery.
• Payment service providers (e.g. Shopify Payments, Klarna, PayPal). Depending on the payment method you select, the data necessary for processing is transmitted directly to the respective provider, whose privacy notice will then apply.
• Tax advisors and tax authorities to the extent required to fulfil statutory recording and reporting obligations.

Transfers to third countries outside the EEA only take place where the requirements of Art. 44 et seq. GDPR are met (adequacy decision, Standard Contractual Clauses or explicit consent).

Our website uses cookies and similar technologies to ensure the functionality of the site, to make its use more comfortable and – subject to your consent – to measure reach. Cookies are small text files stored on your device.

Strictly necessary cookies (e.g. shopping cart, language preference, security and session cookies) are set without consent on the basis of Art. 6 (1) lit. f GDPR and § 165 (3) TKG 2021.

Statistics, analytics and marketing cookies are set only with your express consent given via the cookie banner pursuant to Art. 6 (1) lit. a GDPR and § 165 (3) TKG 2021. You may withdraw your consent at any time with effect for the future by reopening the cookie settings at the bottom of the page or by deleting cookies in your browser.

(a) Web Analytics (Google Analytics 4). Subject to your consent in the cookie banner, we use Google Analytics 4, a web-analytics service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). We use IP anonymisation, so that your IP address is truncated before storage. Data processed includes pages visited, time spent on the site, approximate location, device and browser information. Transfers to the United States cannot be excluded; Google is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6 (1) lit. a GDPR (consent). Storage period: up to 14 months.

(b) Google profile photos in customer reviews. Our website displays public Google reviews of our business. The review texts are fetched server-side by us via the Google Places API as part of our build process and then served as static content; when you load the page no direct connection between your browser and Google takes place in this regard. Subject to your consent in the cookie banner, we additionally load the reviewers' public profile photos directly from Google's CDN (lh3.googleusercontent.com); this may transmit your IP address to Google. Without consent, the reviewers' initials are displayed in place of the profile photos. Legal basis: Art. 6 (1) lit. a GDPR (consent).

Further information: policies.google.com/privacy.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or unauthorised disclosure. In particular, data transmission between your browser and our website is secured via a TLS-encrypted connection (HTTPS).

Despite reasonable safeguards, complete security of data transmitted over the internet cannot be guaranteed. Liability for damages resulting from transmission errors or unauthorised third-party access is excluded to the extent permitted by law.

Personal data is stored only for as long as necessary to achieve the respective processing purpose, or as required by statutory retention periods (e.g. § 132 BAO, § 212 UGB: 7 years). Once the relevant period expires, the data is deleted or anonymised.

You have the following rights vis-à-vis Ferdinand Schwarzer GmbH regarding personal data concerning you:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent with effect for the future (Art. 7 (3) GDPR)

To exercise your rights, an informal notice to fs@schwarzer.jewelry is sufficient.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR. The competent supervisory authority in Austria is:

The provision of personal data is neither legally nor contractually required. However, in order to conclude a purchase contract we need the data that is strictly necessary for the performance of the contract and for compliance with statutory recording obligations. If such data is not provided, we will not be able to enter into a contract with you.

We reserve the right to amend this Privacy Policy where this becomes necessary due to changes in the legal framework, new functionality or modified processing operations. The version available at the time of your visit applies.