Privacy Policy
1. Controller
The controller responsible for data processing on this website is:
Gerald Jerabek – Gerrys Treasure Box
Obere Dorfstraße 1
7512 Badersdorf
Austria
Phone: +436764885720
Email: gerrys_treasurebox@gmx.at
This privacy policy applies to the website and online shop of "Gerry's Treasure Box" and all associated subpages.
2. Processing of personal data when visiting the website
When you access our website, technically necessary data is automatically transmitted by your browser to our server (e.g., IP address, date and time of access, page accessed, browser used, operating system).
This data is processed to ensure the stable and secure operation of the website, based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Log files are stored only as long as necessary for operation, security, and error analysis, and are then deleted or anonymized.
3. Data processing in connection with orders
If When you order organic products from Greece in our online shop, we process the personal data you provide during the ordering process (e.g., name, address, delivery address, email address, telephone number, ordered products, payment information).
This processing is carried out for the purpose of fulfilling and processing the contract (Art. 6 para. 1 lit. b GDPR), in particular for order processing, shipping, invoicing, and customer communication.
We store order data for the duration of statutory retention periods (e.g., tax and commercial law obligations in Austria, generally up to 7 years).
4. Payment Processing
Depending on your chosen payment method, we use payment service providers for payment processing (e.g., credit card, PayPal, online banking).
The data required for payment is transmitted to the respective payment service provider (e.g., name, invoice amount, IBAN/BIC or card details, transaction number), based on Art. 6 para. 1 lit. b GDPR (contract fulfillment) and, where applicable, Art. Article 6(1)(f) GDPR (legitimate interest in secure and efficient payment processing).
Please also note the privacy policies of the respective payment service providers, as they are responsible for the transaction data.
5. Shipping and Logistics
To ship our organic products from Greece to your delivery address, we will share your address and contact details (e.g., name, address, and, if applicable, telephone number/email for shipping notifications) with shipping and logistics companies commissioned by us.
This data transfer is based on Article 6(1)(b) GDPR (performance of a contract, delivery of goods).
For international deliveries within the EU, delivery data may also be transmitted to customs or other authorities, insofar as this is legally required.
6. Contacting Us (Email/Telephone)
If you contact us by email or telephone, we will process the data you provide (e.g., name, contact details, content of the inquiry) to process and respond to your request.
This processing is based on Article 6 paragraph 1 letter b GDPR (pre-contractual measures or contract performance) or Article 6 paragraph 1 letter f GDPR (legitimate interest in customer communication and service).
Contact requests are stored only as long as necessary for processing, documentation, and compliance with legal obligations.
7. Cookies and Tracking Technologies
Our website may use cookies to provide basic functions (e.g., shopping cart functionality, login, language selection) and to analyze website usage.
Technically necessary cookies are used on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in a functioning online shop).
If analytics, marketing, or third-party cookies (e.g., web analytics tools, embedded content) are used, we will obtain your consent – where necessary – in accordance with Art. 6 para. 1 lit. a GDPR (e.g., via a cookie banner).
You can restrict or disable cookies at any time in your browser settings. This may, however, impair the functionality of our online shop.
8. Legal Basis for Processing
We process personal data on the basis of the following legal grounds under the GDPR:
Art. 6 para. 1 lit. b GDPR (performance of a contract and pre-contractual measures) for orders, payment processing, and customer service
Art. 6 para. 1 lit. c GDPR (legitimate obligation) for tax and commercial law retention obligations
Art. 6 para. 1 lit. f GDPR (legitimate interest) for IT security, fraud prevention, efficient operation of the online shop, and general business management
Art. 6 para. 1 lit. a GDPR (consent), insofar as you have expressly consented to certain processing activities (e.g., newsletters, optional cookies)
In addition, the national data protection regulations in Austria apply, in particular the Data Protection Act (DSG).
9. Data Processors and Third-Party Providers
In some cases, we use external service providers as so-called data processors (e.g., hosting providers, Email/newsletter services, IT service providers, and, if applicable, accounting or invoicing software such as sevdesk).
We conclude data processing agreements with these service providers in accordance with Article 28 GDPR, which obligate them to process data in compliance with data protection regulations and to maintain confidentiality.
Personal data is only transferred to third countries outside the EU/EEA if an adequate level of data protection is guaranteed (e.g., an adequacy decision by the EU Commission, standard contractual clauses) or if you have given your consent.
10. Storage period
Personal data is stored only as long as it is necessary for the respective purpose or as required by statutory retention periods.
Once the purpose ceases to apply or the retention periods expire, the data is deleted or anonymized, unless other legitimate interests (e.g., assertion or defense of legal claims) preclude this.
11. Your rights as a data subject
As a data subject, you have the following rights under the GDPR:
Right to information about whether and which Personal data we process about you (Art. 15 GDPR)
Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
Right to erasure of your data, provided there are no legal retention obligations to the contrary (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability in a structured, commonly used and machine-readable format (Art. 20 GDPR)
Right to object to processing based on Art. 6 para. 1 lit. e or f GDPR (Art. 21 GDPR)
Right to withdraw consent at any time with effect for the future (Art. 7 para. 3 GDPR)
To exercise your rights, you can contact us at any time using the contact details provided above.
12. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority.
In Austria, this is The:
Austrian Data Protection Authority (DSB)
Barichgasse 40–42
1030 Vienna
Website: https://www.dsb.gv.at
13. Update to this Privacy Policy
We reserve the right to amend this Privacy Policy if the legal situation, our data processing procedures, or the services used change.
The current version of this Privacy Policy published on our website applies in each case.