📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€
📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€
📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€
📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€
📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€
📦 Versand nach AT 4€ / nach D 6€ • 🚚 Versandkostenfrei nach AT & D ab 50€

Emmys Kerzen

Privacy Policy

Privacy Policy

(valid for Austria, status: October 2025)

1. Controller

Emmys Kerzen
Owner: Alexandra Huber
shop@emmyskerzen.com

Website: https://emmyskerzen.com

The person named above is the controller within the meaning of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

2. General Information on Data Processing

We process personal data (e.g. name, address, email address, payment information) exclusively in accordance with the legal provisions of the GDPR and the Austrian Data Protection Act (DSG).

Data is collected and processed only insofar as this is necessary for the provision of our website, the processing of orders, and the fulfillment of contractual or legal obligations.

The legal bases for data processing are in particular:

  • Art. 6(1)(b) GDPR – performance of a contract
  • Art. 6(1)(c) GDPR – legal obligation
  • Art. 6(1)(f) GDPR – legitimate interest

3. Hosting

Our website is hosted by World4You.

In doing so, so-called server log files are automatically recorded (IP address, time of access, browser type, operating system).

These data are used to ensure technical operation and system security.

The legal basis is Art. 6(1)(f) GDPR.

4. Order Processing via WooCommerce

We use the WordPress plugin WooCommerce to process orders.

The data you provide during the ordering process (name, billing address, shipping address, email address, payment method, ordered products) are stored and processed in order to handle your order.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

5. Payment Processing

a) Klarna

If you select Klarna as a payment method, your data (name, address, email address, telephone number, payment information) will be transmitted to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

Klarna may use its own procedures or credit agencies for credit checks.

Further details can be found in Klarna’s privacy policy:

👉 https://www.klarna.com/at/datenschutz/

b) EPS Transfer

If you use EPS transfer, payment data are passed on to the respective payment service provider and your bank.

Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract).

c) PayPal

If you select PayPal as a payment method, your payment data will be transmitted as part of the payment process to

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.

The transmission takes place pursuant to Art. 6(1)(b) GDPR (performance of a contract).

For certain payment methods (e.g. purchase on account via PayPal), PayPal reserves the right to carry out a credit check.

Further information can be found in PayPal’s privacy policy:

👉 https://www.paypal.com/de/webapps/mpp/ua/privacy-full

d) Rechnung

Wenn du per Rechnung bezahlst, verwenden wir deine angegebenen Daten (Name, Anschrift, E-Mail-Adresse) zur Rechnungsstellung, Zahlungsabwicklung und Buchhaltung.

Data is stored in accordance with Austrian statutory retention obligations for business records (7 years pursuant to Section 132 BAO).

SEPA Direct Debit

When selecting SEPA Direct Debit as the payment method, the data required for payment processing (name, address, IBAN and payment information) will be transmitted to the payment service provider appointed by us.
The debit is carried out within the framework of the SEPA direct debit scheme on the basis of the SEPA direct debit mandat issued by you.
Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract).

Bank Transfer (Advance Payment)

When selecting Bank Transfer (Advance Payment) as the payment method, payment is made directly from your bank account to the bank account specified by us.
The data required for payment processing is transmitted exclusivly to the credit institution used by you. No data is passed on to further payment service providers.

6. Shipping via DPD

For shipping your order, we pass on your name, delivery address, and email address to DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, A-2333 Leopoldsdorf.

This transfer is carried out solely for the purpose of delivering your order in accordance with Art. 6(1)(b) GDPR.

7. Cookies

Our website uses cookies to ensure functionality (e.g. shopping cart, language settings).

Cookies are small text files stored on your device.

Some cookies are technically necessary, while others serve statistical or marketing purposes.

When you visit our website for the first time, you will be asked for your consent via our cookie banner.

Legal basis:

  • Art. 6(1)(a) GDPR (consent) for optional cookies
  • Art. 6(1)(f) GDPR for technically necessary cookies

8. Embedded Content from Other Websites

Posts on this website may contain embedded content (e.g. videos, images, posts).

Such embedded content behaves in the same way as if the visitor had visited the other website directly.

These websites may collect data, set cookies, and track your user behavior.

9. Duration of Data Storage

We store personal data only for as long as is necessary for the respective processing purpose or as required by law.

Order and invoice data are stored for seven years in accordance with Section 132 BAO.

10. Your Rights

As a data subject, you have the following rights under the GDPR and DSG:

  • • Right of access to your stored data (Art. 15 GDPR)
  • • Right to rectification of inaccurate data (Art. 16 GDPR)
  • • Right to erasure (“right to be forgotten”, Art. 17 GDPR)
  • • Right to restriction of processing (Art. 18 GDPR)
  • • Right to data portability (Art. 20 GDPR)
  • • Right to object to processing (Art. 21 GDPR)

If you believe that the processing of your data violates data protection law, you may lodge a complaint with the Austrian Data Protection Authority:

https://www.dsb.gv.at

11. Data Security

We use SSL/TLS encryption to protect your data during transmission.

Our systems are regularly updated to ensure data security.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy in the event of legal changes or adjustments to our processes.

The current version is always available at: https://www.emmyskerzen.com/datenschutz abrufbar.

13. Review requests after purchase

If customers expressly consent, we use the email address provided during the order process to send a one-time review request. This review request is used exclusively to collect feedback on our products and services.

The review request is sent only with prior consent in accordance with Art. 6(1)(a) GDPR and can be withdrawn at any time with effect for the future, without providing reasons. The data will not be passed on to third parties for this purpose.
gemäß Art. 6 Abs. 1 lit. a DSGVO und kann jederzeit ohne Angabe von Gründen
für die Zukunft widerrufen werden. Es erfolgt keine Weitergabe der Daten
an Dritte zu diesem Zweck.