Privacy policy

1. General Information

Protecting your personal data is very important to us. We therefore process your data exclusively in accordance with the applicable legal regulations (GDPR, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing on our website.

2. Data Storage

The website provider automatically collects and stores information in server log files, which your browser transmits to our server. These include:

  • Visited page

  • Time of access

  • Amount of data sent (in bytes)

  • Referring source (e.g., link or search engine)

  • Browser used

  • Operating system used

  • IP address (anonymized)

These data are used for statistical purposes and to improve the website. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.

Order-related personal data is processed to enable the provision and billing of our services and products. The following data may be included:

  • First name, last name

  • Address (shipping and, if applicable, billing address)

  • Email address

  • Phone number (optional, e.g., for delivery services)

  • Ordered products

  • Payment method and status

This is technically necessary and therefore constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

3. Legal Basis for Processing

Regarding the legal principles and provisions, which is the legal bases of the General Data Protection Regulation (GDPR), transparent information is provided. This allows us to process personal data.

We process your data only if at least one of the following conditions is met:

  • Consent (Article 6(1)(a) GDPR)

    You have given us your consent to process data for a specific purpose, e.g., storage of data submitted via a contract form.

  • Contract (Article 6(1)(b) GDPR)

    We process your data to fulfill a contract or pre-contractual obligations with you.

  • Legal Obligation (Article 6(1)(c) GDPR)

    If we are subject to a legal obligation, we process your data accordingly, e.g., by retaining invoices for accounting purposes.

  • Legitimate Interests (Article 6(1)(f) GDPR)

    If we have legitimate interests that do not override your fundamental rights, we may process personal data. For example, certain data must be processed to operate our website securely and efficiently. This constitutes a legitimate interest.

4. Legal Disclosure

The collected data is never transferred to third parties, with the exception of the transmission of payment data (such as credit card information) to the responsible banks or payment service providers for the purpose of processing the purchase, to the shipping company commissioned by us for delivering the goods, and to our tax advisor in order to fulfill our tax obligations.

5. Retention Period

We store your personal data only for as long as necessary to fulfill the purposes mentioned above or as required by statutory retention periods. After that, the data will be deleted or anonymized. If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.

6. Cookies

The website uses cookies to store user-specific data. These are small text files stored on your device via your browser. Some are essential for functionality or to make the site more user-friendly, such as the shopping cart. Others collect anonymized data to help us understand how the website is used.

Most of the cookies used are "session cookies". Session cookies are automatically deleted after your visit ends. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit.

If you do not want this, you can configure your browser to inform you about the use of cookies and to allow them only on a case-by-case basis. Disabling cookies may limit the functionality of our website.

7. Web Analytics (Google Analytics)

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies that allow an analysis of the use of the website by users.

The information generated by the cookie is usually transmitted to a Google server and stored there. However, we use IP anonymization, which means your IP address is shortened beforehand and cannot be traced back to you personally. You can prevent this by configuring your browser so that no cookies are saved or by installing a browser add-on to disable Google Analytics.

8. Social Media Plugins

Instagram plugins, provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, are integrated into this website. When you visit a page containing such a plugin, your browser may establish a direct connection to Instagram’s servers. Data such as your IP address may be transmitted, even if you are not logged in. The integration only occurs with your consent (Art. 6 para. 1 lit. a GDPR).

For more information, see Instagram’s privacy policy: https://privacycenter.instagram.com/

9. Email

If you communicate with us via email, data is stored on the respective device (computer, laptop, smartphone, etc.) as well as on the email server. The data is deleted once the business matter has been concluded and legal regulations permit deletion.

10. Contact Form

If you contact us via the contact form on our website, the information you provide, including the contact details you enter, will be stored for the purpose of processing your inquiry and in case of follow-up questions.

This data is used exclusively to handle your request and to get in touch with you.

11. Newsletter Subscription

You have the option to subscribe to our newsletter via our website. To do so, we need your email address and your confirmation that you agree to receive the newsletter. To provide you with targeted information, we may also collect and process additional data you voluntarily provide (e.g., name, preferences).

After subscribing, you will receive a confirmation email with a link to complete your registration (double opt-in). Only after confirming this link will your address be added to our mailing list.

You can unsubscribe from the newsletter at any time using the unsubscribe link in the newsletter or by contacting us directly. We will then delete your data related to the newsletter. The lawfulness of the data processing carried out on the basis of consent before its withdrawal remains unaffected

12. TLS Encryption

We use TLS (Transport Layer Security) encryption to protect your data during transmission and to ensure the security of communications with our website. This encryption technology is used to prevent unauthorized access to confidential information, such as messages sent via the contact form or personal data provided during checkout.

You can recognize an encrypted connection by the padlock symbol in your browser’s address bar and the use of "https://" at the beginning of the URL. When TLS encryption is active, the data you transmit to us cannot be read by third parties.

13. Rights under the General Data Protection Regulation (GDPR)

As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), provided the relevant legal requirements are met:

  • Right to access (Art. 15 GDPR)

    You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and information regarding its processing.

  • Right to rectification (Art. 16 GDPR)

    You have the right to request the correction of inaccurate personal data or the completion of incomplete data.

  • Right to erasure ("Right to be forgotten", Art. 17 GDPR)

    You have the right to request the deletion of your personal data, particularly if it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal basis for processing.

  • Right to restriction of processing (Art. 18 GDPR)

    You may request the restriction of processing under certain conditions, such as if the accuracy of the data is contested or the processing is unlawful.

  • Right to data portability (Art. 20 GDPR)

    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller.

  • Right to object (Art. 21 GDPR)

    You have the right to object at any time to the processing of your personal data, particularly where it is processed based on legitimate interests or for direct marketing purposes.

  • Right to withdraw consent (Article 7(3) GDPR)
    If the processing of your personal data is based on your consent, you may withdraw this consent at any time. The withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

If you believe that the processing of your data violates data protection law, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde).

Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Wien
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

14. Changes to this Privacy Policy

We reserve the right to revise this privacy policy periodically in order to adapt it to changing legal or technical requirements. Any changes will be published on this page along with the updated date.

15. Controller of Data Processing

If you have any questions regarding data protection, you can contact the controller using the contact details below.

Name: Martin Kainrath
Address: Harruckerstraße 20, 4040 Linz, Austria
Email: contact@karmisart.com

Effectice as of: 1 August 2025