PhiShop App
Go to App

PRIVACY POLICY

ARTICLE 13 GENERAL DATA PROTECTION REGULATION (GDPR)

With this information sheet, PhiAcademy GmbH (hereinafter “PhiAcademy“ or “we“) informs you about the processing of your personal data (“Data“) as well as your Data protection claims and rights:

1 WHICH DATA ARE PROCESSED AND FROM WHICH SOURCES DO THEY COME FROM?

We process the Data that we receive from you as part of your visit or purchase on our website www.phishop.com (hereinafter “Website“) or Webshop-App (hereinafter “Mobileshop”). We do not collect and process any special categories of personal Data.

Personal Data include:
Your personal details: e.g. name, address, e-mail address, telephone number and gender
Data about your PhiShop purchases: e.g. customer number, UID number, previous purchases,
invoice number, purchase date and time, product, quantity and price
Data about your payment method: e.g. bank details, used credit card company,...

2 FOR WHAT PURPOSES AND FOR WHAT DURATION ARE DATA PROCESSED?

We process your Data in accordance with applicable data protection law and for specific purposes and for a specific period. The most important purposes and duration of the processing are listed below. If we collect Data from you for other purposes, we will inform you separately before collecting that Data.

2.1 PURCHASE AT PHISHOP

We process the Data you provide when purchasing goods for the purpose of fulfilling our contractual obligations to you. This includes, for example, the delivery of goods ordered by you. We process this data until the fulfillment of our obligations; beyond that, only as long as there is a legal obligation to do so or we need Data for the exercise or defence of legal claims.

2.2 PHISHOP CUSTOMER ACCOUNT

We process the Data provided by you when creating your PhiShop customer account for the provision of PhiShop service offers. With your PhiShop customer account you can process purchases faster, save more than one address, track your orders and much more. If you purchase goods online via your customer account, we also process your Data to perform and fulfill your purchase.

We will process the Data you provided for the PhiShop customer account until you delete your customer account; beyond that, only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims.

2.3 PHIACADEMY NEWSLETTER

We process the Data you provided when you signed up for the PhiShop Newsletter for the purposes of direct marketing. We will send you personalized newsletters via e-mail and inform you about offers, services and events of PhiAcademy GmbH and our partner companies if, based on your Data, we assume that this information is particularly relevant and interesting for you. These partner companies are: Craftmaster GmbH, PhiAcademy d.o.o, PhiAcademy LTD.
We process the Data you provided by signing up for the PhiShop Newsletter as long as you wish to receive the newsletter and furthermore only as long as we need the Data for the exercise or defense of legal claims.

2.4 PHIACADEMY CUSTOMER SERVICE

When contacting our Customer Service („contact us“) for requests or issues we process your Data to respond to your requests or to fulfill your issues.
We process the Data you provide only for the duration of the response or fulfillment of your requests and issues. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims.

2.5 PHIACADEMY CHAT

When you contact our PhiAcademy Chat for requests or issues, and therefore provide us with your Data (name, e-mail address and message), these Data will be processes only to respond to your requests or fulfill your issues.
The Data that you provide for the PhiAcademy-Chat will be processed for the duration of the response to fulfill your requests and issues. Beyond that, we will process the Data only as long as there is a legal obligation to do so or we need the Data for the exercise or defense of legal claims and for internal administrative purposes.

3 ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

3.1 ON THE BASIS OF YOUR CONSENT (ARTICLE 6 (1) (A) GDPR):

If you have given us your consent to the processing of your Data - for example to receive the PhiAcademy Newsletter - this processing will only be carried out in accordance with the purposes specified in the respective declaration of consent and to the extent agreed therein. 

You can withdraw your given consent at any time with effect for the future by sending us an e-mail or letter to our contact address as stated in point 9. The withdrawal of consent does not affect the lawfulness of the processing of your Data based on your consent before its withdrawal.

3.2 TO FULFILL CONTRACTUAL OBLIGATIONS (ARTICLE 6 (1) (B) GDPR):
We process your Data in order to fulfill our contractual obligations to you. For example, we need your name and address to send you ordered goods and issue an invoice for your order. If there are any delivery problems or if you have concerns or requests, we need, for example, your e-mail address or phone number in order to contact you.

3.3 TO FULFILL LEGAL OBLIGATIONS (ARTICLE 6 (1) (C) GDPR):

The processing of your Data may be required to fulfill our legal obligations (in particular for the storage of business papers and contractual documents). Such obligations may arise from the Austrian Commercial Code (UGB), Austrian Federal Fiscal Code (BAO) or Austrian Civil Code (ABGB).

3.4 FOR THE PURPOSES OF THE LEGITIMATE INTERESTS (ARTICLE 6 (1) (F) GDPR):
If it is necessary for the purposes of our legitimate interests or the legitimate interests of third parties, we process your Data:

Our legitimate interest in the processing your Data includes own and third-party marketing purposes, customer loyalty or direct marketing.

In addition, we have a legitimate interest in the processing of your Data for administrative purposes within PhiAcademy and its affilliates (Craftmaster GmbH und PhiAcademy d.o.o.) and for the exercise or defense of legal claims.

4 WHO RECEIVES YOUR DATA?

Within PhiAcademy, our parent company, PhiAcademy d.o.o., and our affiliate Craftmaster GmbH, those employees will receive your personal information, who need them for the purposes outlined above. If we are legally obliged to do so, we will also transfer your Data to public bodies and authorities. In addition, companies commissioned by us (in particular IT or payment services and back office providers) will receive your Data if they need them to fulfill their respective tasks. These providers are obliged to treat all Data confidentially, to process it only to the extent necessary for their service provision and they provide their processing activities within the European Economic Area. If these companies provide their processing activities outside the European Economic Area, there are appropriate safeguards according to Art 46 GDPR in place to ensure an adequate level of data protection.

We will transfer your Data to the following recipients:

Company Name:
Located in:
Safeguards
DHL Express (Austria) GmbHAustria 
Stripe, Inc.USA
Standard Contractual Clauses
PayPal (Europe) S.à.r.l. & CieLuxembourg
Klarna Bank ABSweden 
Falcon.io ApSDenmark
The Rocket Science Group LLC (MailChimp)USA
Standard Contractual Clauses
Freshworks Inc.USA
Standard Contractual Clauses
banibis GmbHAustria
Craftmaster GmbHAustria
PhiAcademy d.o.oSerbiaStandard Contractual Clauses
platform.shGermany
Vanilla Reply GmbHGermany
Klaviyo, Inc.USA


MM Operations GmbHAustria
 
5 COOKIES

5.1 TECHNICALLY REQUIRED COOKIES

We use cookies on our Website, which are small files stored on your device (e.g. web browser or mobile device). On your next visit to our Website or Mobileshop using the same device, the information stored in cookies will subsequently be returned to us. Additionally, as you browse the Website, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Website, and information about how you interact with the Website or the Mobileshop. We use the Data collected through these cookies to better represent our Website and Mobileshop and to make our offers more user-friendly, for example to evaluate the use of our Website or Mobileshop. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit. Other cookies are only stored for the duration of your visit.

For collecting this Data we use the following technologies:

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

“Log files” track actions occurring on the Website or Mobileshop, and collect data including your IP address, browser type, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Website and use the Mobileshop.

WEBSITE:

Cookies Necessary for the Functioning of the Store:
Cookie Name
Purpose
Storage period
section_data_idsFacilitates the caching of content in the browser, so pages load faster.Until the end of the page visit
PHPSESSIDYour session ID on the server.1 hour
product_data_storageSaves the configuration for product data related to recently displayed / compared products.Until the end of the page visit
recently_compared_productStores product IDs of recently compared products.Until the end of the page visit
recently_viewed_product_previousStores product IDs of previously viewed products for easy navigation.Until the end of the page visit
mage-translation-file-versionFacilitates the translation of content into other languages.Until the end of the page visit
recently_viewed_productStores product IDs of recently viewed products for easy navigation.Until the end of the page visit
form_keyStores randomly generated keys to prevent the use of forged information.1 hour
PnctestTests whether cookies are supported by your browser.1 hour
recently_compared_product_previousStores product IDs of previously compared products for easy navigation.Until the end of the page visit
mage-cache-storage-section-invalidationFacilitates the caching of content in the browser, so pages load faster.Until the end of the page visit
mage-cache-storageFacilitates the caching of content in the browser, so pages load faster.Until the end of the page visit
mage-messagesContains information on whether new messages are available in the shop for the visitor / customer.Until the end of the page visit
mage-translation-storageFacilitates the translation of content into other languages.Until the end of the page visit
  
All these cookies are technically necessary for the presentation of the Website. You can deactivate the setting of cookies in the settings of your browser. Please note that a general deactivation of cookies may possibly lead to functional limitations of our Website.

MOBILESHOP:
Cookie Name
Purpose
Storage period
shopgate_analytics_SHOPNUMMER_uuidStores anonymous data for the creation of statistics in the retailer area.10 years
SSIDDone through Facebook and Google listed below.Until you close the app.

Cookies Necessary for the Functioning of the Store:
All these cookies are technically necessary for the presentation of the Mobileshop.

Additionally, we use pixels and tags from the following third parties (which may in turn place cookies):

Third Party
Description
Privacy Policy
Google AnalyticsWe use Google Analytics to help measure how users interact with our websites.https://policies.google.com/privacy
Google AdsWe use Google Ads to deliver targeted advertisements to individuals who visit our websites.https://policies.google.com/privacy
FacebookWe use Facebook Custom Audiences to deliver targeted advertisements to individuals who visit our websites.https://www.facebook.com/policy.php
PinterestWe use Pinterest Custom Audiences to deliver targeted advertisements to individuals who visit our websites.https://policy.pinterest.com/en-gb/privacy-policy#section-residents-of-the-eea
SnapchatWe use Snapchat Custom Audiences to deliver targeted advertisements to individuals who visit our websites.https://www.snap.com/en-GB/privacy/privacy-policy
TikTokWe use TikTok Custom Audiences to deliver targeted advertisements to individuals who visit our websites.https://www.tiktok.com/legal/privacy-policy?lang=en
LinkedInWe use LinkedIn Custom Audiences to deliver targeted advertisements to individuals who visit our websites.https://www.linkedin.com/legal/privacy-policy?
PayPalWe use PayPal as one of our payment providers to process your orders and capture payments.https://www.paypal.com/en/webapps/mpp/ua/privacy-full
StripeWe use Stripe as one of our payment providers to process your orders and capture payments.https://stripe.com/privacy-center/legal
  

5.2 GOOGLE ANALYTICS

Furthermore, we use cookies of Google Analytics, a web analysis service provided by Google LLC (hereinafter “Google”). These cookies transmit data about your usage of the website to a Google server in the USA. However, your IP address will be shortened by Google prior to transmission and the transmitted data can no longer be associated with your person. Google will use this information to evaluate general usage data of our website and to compile reports on website activities. If you want to prevent the use of Google Analytics cookies on the website, you can either do this through your browser settings (see point 5.1), or you can install the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout.

For information about how Google and its affiliates use data and storage practices, please visit Google’s Privacy Policy, currently available at: https://www.google.com/privacy.html.
Google Analytics Cookie
Purpose
Storage period
_gatDetermined by Google Analytics to identify unique sessions30 minutes
_gidDetermined by Google Analytics to identify unique sessions30 minutes
_gaDetermined by Google Analytics to identify unique sessions30 minutes
  
Click here to revoke your agreement to use Google Analytics.

5.3 FACEBOOK AUDIENCE PIXEL

We also use the Facebook Audience Pixel analysis tool from Facebook Ireland Limited or Facebook Inc. to measure the effectiveness of our advertising. The pixel collects information about website and mobile app usage, such as when the website or app are used and whether goods are placed in the shopping basket, and transmits this information to Facebook’s servers in Ireland and the United States. This information may also be cross-checked with other Facebook information or our information that we have about you. All data collected by this pixel is encrypted by Facebook using “hashes”. Facebook Ireland Limited is located in the European Union; Facebook Inc. is located in the United States and has a Privacy Shield Certificate which ensures the protection of your data.

The collection of data by Facebook Pixel only takes place with your consent. This consent can be withdrawn by you at any time. The comparison of the data with the data stored by us is based on our legitimate interest in marketing and customer loyalty.

5.4 SNAPCHAT PIXEL

Our website uses the "Snapchat Pixel" provided by Snap Inc, 63 Market Street, Venice, CA 90291, USA ("Snapchat"). This service allows us to track users' behaviour after they have seen or clicked on a Snapchat ad and have been redirected to our site. This process is used to evaluate the effectiveness of Snapchat ads for statistical and market research purposes and can help us to optimise our advertising efforts. The IP address, pixel ID or web page domain may also be transmitted to Snapchat to enable optimised measurement of the advertising campaigns. This data is stored and processed by Snapchat so enabling a connection to the respective user profile and allowing Snapchat to use the data for its own advertising purposes, in accordance with Snapchat's Privacy Policy. Whenever Snapchat transfers data of EU users outside the EU, Snapchat makes sure an adequate transfer mechanism is in place.


5.5 TIKTOK PIXEL

We use the "TikTok pixel" on this website which is provided by TikTok (for EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.). We have implemented this code on our website. The code establishes a connection with the TikTok servers when users visit our website in order to track the behaviour of users on our website. This process is used to evaluate the effectiveness of Tiktok advertisements for statistical and market research purposes and may help us to optimise our advertising efforts. Personal data such as the IP address, as well as other information such as device ID, device type and operating system may also be transferred to TikTok to enable optimised targeting of advertising campaigns. TikTok processes this data to identify users of our website and associate their actions with a TikTok user account. TikTok processes this data to display targeted and personalised advertising to its users.

TikTok’s Privacy Policy can be accessed here. Where TikTok transfers personal data to countries outside the EEA, TikTok does so under the European Commission’s model contracts for the transfer of personal data to third countries (i.e. standard contractual clauses) pursuant to Commission Decision 2004/915/EC or 2010/87/EU (as appropriate) or in line with any replacement mechanism approved under EU law.

5.6 PINTERST TAG

Our website uses the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to display relevant advertisements and offers on Pinterest to our website visitors who have already taken an interest in our website and our content/offers and are Pinterest members. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when a user visits our website that they have called up our website and in which parts of our offer they are interested. This procedure is used to evaluate the effectiveness of the Pinterest ads for statistical and market research purposes and can help to optimise our advertising measures. Personal data such as the IP address, as well as other information such as the device ID, device type and operating system may also be transferred to Pinterest in order to enable optimised measurement of the advertising campaigns. Because Pinterest is a worldwide service, Pinterest may transfer the personal data of EEA residents to a country outside the EEA. When Pinterest transfers information from the EEA to a country that doesn't provide an adequate level of protection, Pinterest will only do so under appropriate safeguards, such as standard contractual clauses. Pinterest’s Privacy Policy can be accessed here.


5.7 LINKEDIN INSIGHT TAG

Our website makes use of function "LinkedIn Insight Tag" of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn receives the information (containing your IP-address) that you have visited our web pages. If you click the LinkedIn "Recommend button" and are logged into your account at LinkedIn, LinkedIn will be able to assign the information that you have visited our website to your user account. As the provider of this website, we would like to point out that we have no information on what data is transmitted or how this transmitted data is used by LinkedIn. By using LinkedIn Insight Tag, we can analyze the success of our campaigns on LinkedIn. LinkedIn is certified under the Privacy Shield agreement. (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). For years LinkedIn has relied on overlapping protections under both Standard Contractual Clauses (SCCs) and the Privacy Shield legal frameworks for data transfers. While the ruling by the European Court of Justice of the July 16, 2020 invalidated the use of Privacy Shield, SCCs remain in place and LinkedIn continues to transfer data from the EU, EEA and Switzerland using SCCs. LinkedIn is also monitoring ongoing negotiations between the U.S. Department of Commerce and EU Commission regarding a Privacy Shield replacement. Despite its invalidation as a transfer mechanism, LinkedIn has elected to maintain its Privacy Shield certification from the U.S. Department of Commerce.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.


6 ARE YOU OBLIGED TO PROVIDE DATA?

To receive a service – a purchase, customer account or newsletter – it is necessary that you provide the Data we need to fulfill our contractual obligations to you and to perform our voluntary performances and services. Those Data are marked with (*) as mandatory. Unless you provide those mandatory Data, we will generally be unable to provide our services.


7 YOUR RIGHTS IN THE CONTEXT OF THE PROCESSING OF YOUR DATA

You have the right:

To request information about which of your personal Data we process (Article 15 GDPR);

To rectify or erase your Data (Article 16 GDPR);

To restrict the processing of your Data (Article 18 GDPR);

To withdraw your consent (Article 7 GDPR);

To object to the processing of your Data (Article 21 GDPR);

To Data portability (Article 20 GDPR).

If you believe that we violate your rights under the GDPR or national data protection law when processing your Data, please contact us. This is the best way we can treat your concerns as quickly as possible. You also have the right to lodge a complaint with a supervisory authority (in Austria: www.dsb.gv.at).


8 AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling according to Article 22 GDPR.

9 WHO CAN YOU CONTACT?

If you have any requests or concerns, you can contact us directly by e-mail or by post to the following address:

PhiAcademy GmbH
Wiegelestraße 10, 1230 Vienna
E-Mail: info@phishop.com

Information on the processing of personal data (Privacy policy to applicants)


Dear applicant! Dear Applicant!

 In fulfillment of the information obligations under the General Data Protection Regulation (Articles 13 and 14), we hereby inform you about the processing of your personal data in the context of the application procedure. 

Purpose and legal basis of data processing

We process the data provided by you (e.g. from your CV, the submitted references, the application questionnaire, the interview, etc.) for the purpose of the selection procedure on the basis of your consent. 

By submitting or transmitting your application documents, you therefore consent to the processing of personal data such as name, title, date of birth, home address, telephone number, e-mail address, education, work experience, salary requirements and those data and images contained in the letter of application, curriculum vitae, references or other documents submitted or transmitted, for the purpose of recording them in an applicant database of our company.  

Transmission of data

Your data will be treated with absolute confidentiality during the application process and will not be passed on to third parties under any circumstances without your express consent. 

Data will only be passed on during the application process in exceptional cases and with your consent, for example if this is necessary for the preliminary clarification of an intended job promotion. Possible recipients for this are in particular:

  • Public Employment Service
  • Social Ministry Service
  • Austria Wirtschaftsservice GmbH

 Duration of data storage

For the purpose of processing the application, the data provided will be stored in our applicant database for the duration of the selection process. In addition, in the event of rejection in accordance with the provisions of the Equal Treatment Act, the necessary data will generally remain stored for a further six months. In the event of legal proceedings, the data relevant to the proceedings will remain stored until the legal conclusion of the proceedings. After the relevant periods have expired, your data will be deleted unless you give us your consent to store it for a longer period of time to keep records for future job placements.

 Your rights

You have the following rights under data protection law: information, correction, deletion, restriction, objection. Please contact us regarding these claims.

 If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you have the right to complain to the data protection authority.

You can reach us at the following contact details: 

PhiAcademy GmbH - Wiegelestraße 10, 1230 Vienna - 01 375 1618 1618 - contact@phiacademy.at