Privacy Policy

Data protection information

The protection of your personal data is very important to us. We would therefore like to list all the information about the processing and storage of your data when you visit our website and in our companies.

 

In order to be able to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).

 

 

Responsible body

BLACK SHEEP BONES, Schattauberg 77/8, 8211 Ilztal, AUSTRIA

 Represented by: Katharina Maunz

Contact
Email: shopblacksheepbones@gmail. com

 

Further information can be found in the imprint.

 

 

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using what is known as TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for data transmission on the internet. You can usually recognise "TLS" by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

  1. COLLECTION OF ACCESS AND LOG DATA 

This website automatically collects and stores server log file information that your browser transmits to us. 

These are:

  • IP address of the user
  • Date and time of access
  • Type of enquiry
  • Customer information such as type and version
  • Operating system of the user (device, OS version of the device),
  • Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup.

We have concluded an order processing contract with the provider of this website, Big Cartel, LLC, based in the USA, in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that Big Cartel, LLC processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. Data transfers to the USA are carried out on the basis of standard contractual clauses. Further information about Big Cartel, LLC can be found at https://www.bigcartel.com/resources/help/article/data-processing-addendum 

The data collected is stored in server log files that your browser automatically transmits to us in encrypted form. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

  1. ENQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR. 

 

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries in response to our replies. 

  1. ORGANISING COMPETITIONS

You can take part in competitions on our website, via our newsletter or by other means. Unless otherwise specified in the respective competition or unless you have given us further express consent, the personal data you provide to us as part of your participation in the competition will be used exclusively for the purpose of organising the competition (e.g. determining the winner, notifying the winner, sending the prize). 

The legal basis for data processing in the context of competitions is the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. In the event that a declaration of consent is submitted as part of a competition, Art. 6 para. 1 lit. a) GDPR is the legal basis for data processing based on consent. If you have given your consent in the context of a competition, you have the option of withdrawing this consent at any time with effect for the future.

The data will only be passed on to third parties if this is necessary for the processing of the competition (e.g. sending the prize via a logistics company).

After the end of the competition and the announcement of the winners, the personal data of the participants will be deleted. If non-cash prizes are offered, we will store the winners' personal data for the duration of the respective statutory warranty period in order to arrange for a repair or replacement in the event of a defect.

  1. online shop

In order to be able to place orders via the online shop, we collect your e-mail address, title, first name and surname. When ordering as a guest, we only collect the data required to fulfil the delivery. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. You provide this data as part of your contractual relationship.

Commissioned shipment of goods: If the delivery address differs from the billing address, personal data of persons who do not order directly from our shop may also be processed. Experience has shown that these orders often serve as gifts. We have received your address from a person who gives you our products as a gift. Your address data therefore does not come from publicly accessible sources (Art. 14 para. 2 lit. f) GDPR). The legal basis for this data processing is the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

Processing your order: Before checkout (payment), you have the option of entering "Comments on the order" in a free text field. We request that you do not enter any personal data here. We collect your data for invoicing and to process the dispatch. The legal basis for this data processing is the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

Payment options: You can make the payment via Stripe or PayPal. You will be redirected to the website of the selected payment service provider. You can enter your payment details there and finalise the order. For this purpose, the specific payment amount is transmitted to the service provider used. Further information on the data processing carried out can be found in the information texts on the input screen/website of the service provider. You will also find further contact information there. Payment processing takes place directly via the selected payment service provider. The legal basis for this is Article 6(1)(b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.

Further information about PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A. based in Luxembourg: https://www.paypal.com/myaccount/privacy/privacyhub 

Further information about STRIPE: Stripe Payments Europe, based in Ireland. Data protection at Stripe: https://stripe.com/at/privacy  

Storage period: We store your data for 10 years to fulfil legal requirements. 

  1. USE OF WEB ANALYSIS TOOLS AND COOKIES  

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone (end device) via the browser when you visit a website. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website. 

Cookies themselves do not contain any personal data about users. They are only used to clearly identify what our customers find interesting and useful on our website. We also use so-called "web beacons" (small graphic images, also known as "pixel tags" or "clear GIFs") on our website. They are used together with cookies to track general user behaviour on the website. 

The data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR and § 25 para. 1 TTDSG. 

 

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our "Cookie Consent Tool" to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time.

 

Once cookies have been saved, you can also delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available. 

 

We use cookies for the following purposes: 

  • Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
  • Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can better customise our website to the habits of our users.
  • Marketing: This allows us to show you advertising content tailored to you based on an analysis of your usage behaviour. Your usage behaviour can also be tracked across different websites, browsers or end devices using a user ID (unique identifier).

 

Technically necessary

 

Name

Provider

Period of validity

Purpose

__paypal_storage__

Host of the website

Persistent

Local storage: Used in connection with the PayPal payment function on the website. The cookie is necessary to enable a secure transaction via PayPal.

 

__openreplay_pageno

Host of the website

Session

Session memory

_ab

stripe.com

Session

This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information.

 

_mf

stripe.com

Session

 

This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information.

 

id

stripe.com

Session

This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information.

 

__stripe_mid

1 year

.blacksheepbones.bigcartel.com

This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com, which enables online transactions without storing credit card information.

 

m

2 years

Stripe.com

Combating fraud

LANG

9 hours

.paypal.com

This cookie is used to save language settings in order to possibly provide content in the saved language

l7_az

30 minutes

.paypal.com

This cookie is used for the PayPal login function on the website.

nsid

Session

.paypal.com

PayPal sets this cookie to activate the PayPal payment service on the website.

ts

11 months

.paypal.com

 

ts_c

11 months

.paypal.com

PayPal sets this cookie to activate the PayPal payment service on the website.

tsrce

3 days

.paypal.com

PayPal sets this cookie to activate the PayPal payment service on the website.

x-pp-s

Session

.paypal.com

PayPal sets this cookie to process payments on the website.

 

AMP_MKTG_*

1 year

.bigcartel.com

Sentry: to store and track visits across websites

 

AMP_*

1 year

.bigcartel.com

Sentry: to store and track visits across websites

 

_cfuvid

Session

.bigcartel.com

Dieses Cookie ist Teil der von Cloudflare bereitgestellten Dienste – einschließlich Lastausgleich, Bereitstellung von Website-Inhalten und Bereitstellung der DNS-Verbindung für Website-Betreiber.

 

_clck

1 year

.bigcartel.com

Microsoft Clarity - To store a unique user id.

_clsk

1 day

.bigcartel.com

Microsoft Clarity - To store a unique user id. to store and combine pageviews by a user into a single session recording.

 

_fbp

3 months

.bigcartel.com

Facebook: to store and track visits across websites.

 

_ga

2 years

.bigcartel.com

Google: to store and count pageviewes

_ga_*

1 year

.bigcartel.com

Google: to store and count pageviewes

_gcl_au

Persistent

.bigcartel.com

Google: to store and track conversions

_storefront_session

Session

.bigcartel.com

Saves the shopping basket information to enable smooth use.

_vis_opt_s

3 months

.bigcartel.com

is used for cookie banner management

_vis_opt_test_cookie

Session

.bigcartel.com

is used for cookie banner management

_vwo_ds

3 months

.bigcartel.com

Collects data about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were loaded, with the aim of creating reports to optimise website content

 

_vwo_uuid

1 year

.bigcartel.com

Used by Visual Website Optimiser to ensure that the same user interface variant is displayed for each visit when the user is involved in a design experiment

_vwo_uuid_v2

1 year

.bigcartel.com

This cookie is set to perform split tests on the website that optimise the relevance of the website for the visitor - the cookie can also be set to improve the visitor's user experience on a website

visited

Session

.bigcartel.com

is used for the management of the cookie banner

rc::c

Session

Session memory

to read and filter requests from bots.

 

rc::b

Session

Session memory

to read and filter requests from bots.

 

 

We may use specialised service providers from the online marketing sector in the context of data processing (with the help of cookies and similar techniques for processing usage data). These process your data on our behalf as processors and are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above providers work for us as processors.

 

Consent management  

We use a cookie consent tool to obtain consent under data protection law. This is used to obtain the legally required consent for the use of cookies and other data processing requiring consent. 

The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest is based on the legally compliant documentation and verifiability of consents to fulfil accountability obligations. No personal data is stored.

You can revoke your consent at any time.

Operation of social media presences

We maintain the following social media presences:  

TikTok: www.tiktok.com/@blacksheepbones 

Instagram: www.instagram.com/blacksheepbones 

Instagram is a product of Meta Platforms Inc. (formerly Facebook Inc.): Facebook.com/help/1561485474074139/?helpref=related

Data processing by us:

  1. Maintaining the above-mentioned social media pages and placing ads ("adverts")

The personal data entered on social media pages such as comments, videos, images, likes, public messages etc. are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place adverts via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication. 

  1. Page Insights

The social media platforms provide anonymised statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called "page insights"). These Page Insights are created based on certain information about people who have visited our site. 

 

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website. 

 

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint responsibility, a separate agreement must be concluded. 

 

TikTok: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

 

Instagram: https://www.facebook.com/legal/terms/page_controller_addendum

 

 

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

 

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address. 

 

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterisation), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in compliance with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

 TikTok: https://ads.tiktok.com/i18n/official/policy/privacy? 

Instagram: help.instagram.com/519522125107875

 

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA. Certain third countries are certified by the European Commission with a so-called adequacy decision. This means that the legal situation for the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. Certification in accordance with the adequacy decision for the USA, the Data Privacy Framework, exists for Meta Platforms Inc (Instagram). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.  

 

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform will use your profile and behavioural data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

 

Rights of data subjects

In accordance with Art. 15 para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the interests of the data subject in objecting.

If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing. 

 

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint may be lodged with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

Contact details of the competent data protection authority

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61, 10555 Berlin, GERMANY

E-mail: [email protected]

 

No automated decision-making

We do not carry out automated decision-making or profiling.

Provision

Unless otherwise stated in the previous sections, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

 

This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.