1. General Information on Data Processing

In this Privacy Policy, we inform you about the processing of personal data in connection with our online shop.

We process personal data exclusively in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2021 (TKG 2021).

Personal data means all information relating to an identified or identifiable natural person. This includes, in particular, name, address, email address, telephone number, payment data, order data, shipping data, and technical usage data.

2. Controller

The controller within the meaning of the GDPR is:

Andreas Kolb
Herzmoargasse 308 a
8967 Haus
Austria

Email: shop@andikolb.com
Phone: +43 664 5370217

VAT-Nr.: ATU74398948

3. Scope

This Privacy Policy applies to the online shop of Andreas Kolb available at:
https://andikolb.com/shop

The online shop is intended exclusively for consumers, i.e. private individuals. Sales to businesses are not intended.

4. Legal Bases for Processing

Your personal data is processed in particular on the basis of the following legal grounds:

• Art. 6(1)(a) GDPR – Consent, e.g. newsletters, statistics and marketing cookies
• Art. 6(1)(b) GDPR – Performance of a contract, e.g. orders, payment, delivery
• Art. 6(1)(c) GDPR – Legal obligation, e.g. tax and commercial retention obligations
• Art. 6(1)(f) GDPR – Legitimate interests, e.g. technical functionality, system security, fraud prevention

5. Access Data and Server Log Files

When accessing our online shop, technical information is automatically collected and processed in so-called server log files.

This may include in particular:

• IP address
• Hostname
• Date and time of access
• Accessed pages and files
• Browser used
• Browser version
• Operating system used
• Language settings
• Referrer URL
• Duration of visit
• Internet service provider
• Technical connection data

The processing of this data is carried out for technical reasons, to provide the website, ensure system security, analyze errors, and prevent misuse.

The legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR in maintaining a secure, stable, and functional online shop.

As a rule, this data is not merged with other personal data. However, we reserve the right to subsequently review server log files if there are concrete indications of unlawful use or attacks on our systems.

6. Contact Requests

If you contact us via email, telephone, or contact form, we process the data you provide in order to handle your request and any follow-up questions.

This may include in particular:

• Name
• Email address
• Telephone number, if provided
• Content of the request
• Communication history

Processing is carried out on the basis of Art. 6(1)(b) GDPR if the request relates to an order or contract.

In all other cases, processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR in handling and documenting inquiries.

Data from inquiries is generally stored for six months unless longer statutory retention obligations apply or further storage is necessary for the establishment, exercise, or defense of legal claims.

Your data will not be disclosed without your consent unless this is necessary to process your request or legally required.

7. Data Processing in Connection with Orders

If you place an order through our online shop, we process the personal data required to fulfill the order.

This includes in particular:

• First and last name
• Billing address
• Shipping address
• Email address
• Telephone number, if provided or required for delivery
• Ordered products
• Order number
• Order date
• Payment information
• Transaction data
• Shipping and tracking data
• Communication relating to the order

Processing is carried out for the purpose of contract fulfillment, payment processing, delivery, returns handling, and customer communication.

Without the required data, a contract cannot be concluded.

The legal basis is contract performance pursuant to Art. 6(1)(b) GDPR.

Where we are legally obliged to retain order, invoice, payment, or accounting data, processing is additionally based on Art. 6(1)(c) GDPR.

If the ordering process is cancelled, the stored data will be deleted unless there is a legal basis for further retention.

As part of technically necessary processes and cookies, IP addresses and technical identifiers may also be processed.

8. Payment Service Providers

We use external payment service providers to process payments.

The following payment methods are available in particular:

• Credit card
• PayPal
• Apple Pay

Depending on the selected payment method, personal data is transmitted to and processed by the respective payment service provider.

This may include in particular:

• Name
• Billing information
• Payment amount
• Payment reference
• Transaction data
• Payment status
• Payment and account information where applicable

Processing is carried out for payment execution and thus for contract fulfillment pursuant to Art. 6(1)(b) GDPR.

The specific payment process is carried out by the respective payment provider. Their privacy notices apply in addition.

9. Shipping and Fulfillment

For delivery of ordered goods, we transfer the necessary personal data to shipping, logistics, and fulfillment service providers.

This includes in particular:

• Name
• Delivery address
• Email address
• Telephone number, if required for delivery
• Order and shipment data

Recipients may include shipping providers such as DHL, Austrian Post, or comparable logistics partners.

The transfer takes place exclusively to the extent necessary for delivery, shipment tracking, or handling shipping and returns.

The legal basis is contract performance pursuant to Art. 6(1)(b) GDPR.

10. Customer Account

If a customer account is offered and created by you, we process the necessary data to provide and manage the account.

This may include:

• Name
• Email address
• Password or login data
• Billing and shipping addresses
• Order history

The legal basis is Art. 6(1)(b) GDPR.

You may request deletion of your customer account at any time unless statutory retention obligations prevent deletion.

11. Newsletter

You have the option to subscribe to our newsletter.

For this purpose, we require your email address and your consent. Optionally, further data such as your name may be processed if voluntarily provided.

This may include:

• Email address
• Name, if provided
• Date and time of registration
• IP address at the time of registration
• Technical proof of consent
• Open and click rates, if used

Newsletter registration takes place using the double opt-in procedure.

The newsletter is sent exclusively on the basis of your express consent pursuant to Art. 6(1)(a) GDPR.

A newsletter service provider may be used for dispatch and technical processing. Such provider processes personal data either on our behalf pursuant to Art. 28 GDPR or, where legally permitted, under its own responsibility.

You may revoke your consent at any time with future effect, in particular via the unsubscribe link in the newsletter or by emailing shop@andikolb.com.

12. Cookies and Consent Management

Our online shop uses cookies and similar technologies.

Cookies are small text files stored on your device. They are used to technically provide the online shop, improve usability, and enable certain functions.

We distinguish in particular between:

• Technically necessary cookies
• Statistics cookies
• Marketing cookies

Technically necessary cookies are required for the proper functioning of the online shop, including cart, login, security, and checkout functions.

Processing of technically necessary cookies is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.

Statistics and marketing cookies are only set if you provide consent. The legal basis is Art. 6(1)(a) GDPR.

You may adjust your cookie settings or withdraw consent at any time via the cookie banner or website settings.

Disabling certain cookies may limit website functionality.

13. Web Analytics with Google Analytics

If you have consented, we use Google Analytics, a web analytics service provided by Google Ireland Limited.

Google Analytics helps us understand how visitors use our online shop, which content is relevant, and how we can improve our services.

This may include processing of:

• IP address
• Device information
• Browser information
• Visited pages
• Duration of visit
• Click and usage behavior
• Referrer page
• Technical identifiers
• Cookie IDs or comparable identifiers

Google Analytics is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

IP anonymization is activated.

Transfer of data to the USA cannot be excluded. Where personal data is transferred to third countries, this is carried out in accordance with legal requirements, in particular on the basis of an adequacy decision by the European Commission or suitable safeguards such as EU Standard Contractual Clauses.

You may withdraw your consent at any time via the website cookie settings.

14. Social Media and External Links

Our website may contain links to social media platforms such as Facebook, Instagram, or comparable platforms.

If you click such a link, you leave our website. The respective platform provider is solely responsible for data processing on their platform.

Further information can be found in the privacy policies of the respective providers.

15. Recipients of Personal Data

Personal data may, where necessary, be disclosed to the following categories of recipients:

• IT and hosting service providers
• Shop system and technical service providers
• Payment service providers, particularly for credit card payments, PayPal, and Apple Pay
• Shipping, logistics, and fulfillment service providers such as DHL, Austrian Post, or comparable providers
• Newsletter service providers
• Analytics and tracking technology providers, particularly Google Analytics
• Tax advisors, accounting, and legal advisors
• Authorities where legally required

Disclosure only takes place where necessary for the respective purposes, legally required, or based on consent.

16. Data Processors

Where we use service providers that process personal data on our behalf, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.

This applies in particular to technical service providers, hosting providers, newsletter providers, fulfillment providers, and other external service providers that do not process personal data under their own responsibility.

17. Transfers to Third Countries

Personal data is transferred outside the European Union or the European Economic Area only where necessary for contract performance, legally permitted, consented to, or where appropriate safeguards pursuant to the GDPR exist.

Where service providers outside the EU/EEA are used, transfers are carried out in particular on the basis of adequacy decisions or EU Standard Contractual Clauses.

18. Storage Duration

We store personal data only as long as necessary for the respective purposes or as required by law.

In particular:

• Contractual data, especially order, invoice, payment, and accounting data, is generally stored for 7 years due to tax retention obligations.
• Product liability-related data may be stored for up to 10 years.
• Contact inquiries are generally stored for 6 months unless longer retention is necessary.
• Data processed on the basis of consent is stored until consent is withdrawn unless another legal basis applies.
• Server log files are stored only as long as technically necessary.

19. Your Rights

You have the following rights regarding your personal data:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to object pursuant to Art. 21 GDPR
• Right to withdraw consent pursuant to Art. 7(3) GDPR

To exercise your rights, contact us at:
shop@andikolb.com

20. Withdrawal of Consent

Where processing is based on your consent, you may withdraw such consent at any time with future effect.

The legality of processing prior to withdrawal remains unaffected.

21. Objection to Processing Based on Legitimate Interests

Where we process personal data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you may object to such processing for reasons arising from your particular situation.

In the event of a justified objection, we will cease processing unless compelling legitimate grounds or legal claims require continued processing.

22. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with us or with a supervisory authority.

In Austria, the competent authority is in particular:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria

Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

23. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy where necessary, particularly in the event of changes to the online shop, service providers, technical systems, or legal requirements.

Status: January 2026

Liability for Content

The content of this website (https://andikolb.com/en/shop/) has been created with the utmost care. However, the website operator, Andreas Kolb, cannot guarantee the accuracy, completeness, or timeliness of the content.

As a service provider, Andreas Kolb is responsible for his own content on these pages in accordance with general laws. However, there is no obligation to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.

Obligations to remove or block the use of information under general laws remain unaffected. Liability in this respect is only possible from the point in time at which a specific legal infringement becomes known. Upon becoming aware of such legal violations, the affected content will be removed immediately.

Liability for Links

This website contains links to external third-party websites over whose content the website operator has no control. Therefore, no liability can be assumed for these external contents. The respective provider or operator of the linked pages is always responsible for their content.

Despite careful control of the content, Andreas Kolb assumes no liability for the content of external links. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at that time. Permanent monitoring of the content of linked pages is not reasonable without concrete evidence of a violation.

If you become aware of outgoing links that refer to websites with illegal activities or unlawful information, please notify us at andi@andikolb.com. Such links will be removed immediately in accordance with Section 17 (2) ECG.

Copyright

The content, images, and works created or used on this website are subject to applicable copyright laws. Any reproduction, editing, distribution, or any kind of use outside the limits of copyright law requires the prior written consent of the respective author or creator.

Downloads and copies of this website are permitted for private, non-commercial use only.

The website operator makes every effort to respect the copyrights of third parties. Third-party content is identified as such where applicable.

If you nevertheless become aware of a copyright infringement, please notify us at andi@andikolb.com. Upon becoming aware of any such legal violations, the affected content will be removed immediately.