- Leica Camera Austria GmbH -
When you order goods from our dealer store on the leicashop.com platform of Leica Camera AG ("Leica"), we as the data controller will process personal data and store it for the period necessary to meet our specified purposes and legal obligations. The information below serves to inform you about the type of data concerned, how it is processed and your rights.
Pursuant to Art. 4 (1) of the General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person.
1. Name and contact information of the data controller
Leica Camera Austria GmbH, Annagasse 5/3/10, 1010 Wien, Österreich, Tel.: +43 1 523 56 59 34, email@example.com
Feel free to contact us at any time if you have any questions regarding data protection law or your rights as the data subject.
2. Processing of personal data and purposes of processing
a) When visiting leicashop.com
We do not collect any data when you visit a Leica website.
b) When ordering from our dealer store
If you order goods from Leica through us as a third-party supplier, Leica may transmit the following data to us which is required for order processing and shipping as well as for invoicing:
- title, name
- billing address
- e-mail address
- shipping address, if necessary
- telephone number
- payment information
The data is processed for the following purposes:
- to be able to identify you as a contractual party,
- to check the entered data for plausibility,
- for order and payment processing,
- for the processing of any existing warranty claims as well as to establish claims.
Art. 6 (1) (b) of the GDPR provides the legal basis for the processing of your data, which is required for the aforementioned purposes in order to properly process your order and for the mutual fulfilment of the obligations arising from the purchase contract.
We will store personal information collected by Leica for the processing of your order and transmitted to us until expiry of statutory retention obligation and then delete it, unless we are obliged to retain the data for a longer period of time to meet retention and documentation obligations pursuant to tax and commercial law in accordance with Art. 6 (1) (c) of the GDPR or if you have consented to additional retention in accordance with Art. 6 (1) (a) of the GDPR.
c) When contacting us
If you have any questions, you can contact us at our e-mail address or at Leica. To this end, we may process the following information, if necessary:
- first name and last name
- e-mail address
- your message
The aforementioned data is necessary for us to identify the sender of the request and to be able to contact you personally. In addition, you can also provide your telephone number which is voluntary and not required for use of the contact form. However, it helps us understand the request more easily and clarify any questions we might have.
Data is processed upon your request pursuant to Art. 6 (1) (f) of the GDPR. Our legitimate interests result from the aforementioned purposes.
The personal information we collect when you use the contact form will be deleted after processing your request or when the conversation with you has ended, provided that no legal data retention periods prohibit such deletion.
3. Transferring data to third parties
Your personal information will not be transferred to third parties for any other purposes than those listed below.
a) Contract fulfilment
If legally permitted and necessary for contract fulfilment pursuant to Art. 6 (1) (b) of the GDPR, your personal information will be transferred to third parties. In particular, this includes transferring data to shipping companies for the purpose of shipping the goods you ordered. The data transferred may only be used by the third party for the purposes mentioned above.
b) Other purposes
Furthermore, we will only transfer your personal information to third parties if:
- you have given your explicit consent in accordance with Art. 6 (1) (a) of the GDPR;
- there is a legal obligation to transfer data pursuant to Art. 6 (1) (c) of the GDPR;
- the data transfer is necessary pursuant to Art. 6 (1) (f) of the GDPR to establish, exercise or defend legal claims and if there is no reason to assume that you may have an overriding legitimate interest in the secrecy of your data.
- pursuant to Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to correct, delete, restrict any processing or to object, the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if necessary, detailed information about it;
- pursuant to Art. 16 of the GDPR, to immediately demand the correction of inaccurate or incomplete personal data stored by us;
- pursuant to Art. 17 of the GDPR, to request the erasure of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;
- pursuant to Art. 18 of the GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to establish, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 of the GDPR;
- pursuant to Art. 20 of the GDPR, to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible for data processing;
- pursuant to Art. 7 (3) of the GDPR, to withdraw your given consent at any time resulting in the fact that we will no longer be allowed to continue processing your data in the future based on your previous consent, and
- to complain to a supervisory authority pursuant to Art. 77 of the GDPR. For this purpose, you can typically contact the supervisory authority of your habitual residence or place of work or our company headquarters.
c) Payment processing
In order to fulfil the contract pursuant to Art. 6 (1) (b) of the GDPR, we use various payment service providers for payment processing. For payment processing it may be necessary for us to transfer personal information collected during the payment process to the payment service provider. This refers to information such as name, address, telephone number, e-mail address, credit card or bank account data and transaction data. Occasionally, payment service providers collect this data themselves.
You can pay using the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). If you pay using your PayPal account, you will be redirected to the PayPal website where you can log in with your account details and initiate the payment. You can initiate the payment with or without a PayPal account by providing the required payment information. We have no access to any personal information collected by PayPal. PayPal is responsible for their own processing.
For payment processing and any refunds you may receive, we use our payment service provider Adyen B.V., Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands ("Adyen"). In this case, your IP address, information about your order such as billing amount, customer number, your e-mail address, and a payment ID as well as the credit card or account data you entered will be transmitted to Adyen for further payment processing. Adyen will also transfer this information to other third parties if necessary for payment processing (e.g., banking institution, credit card institution). Furthermore, Adyen may transfer this information to credit agencies such as SCHUFA Holding AG to check your identity and creditworthiness.
Adyen is solely responsible for the processing of payment data during the subsequent payment processing process. Data collection and transfer are encrypted and we do not have access to this information. Here you can find more information about data protection related to Adyen.
We use Adyen to integrate other payment services. In this case, your IP address, customer data, order and billing data as well as payment information related to the payment service used will be transmitted to Adyen where necessary to technically enable the integration of the payment services on our website for you. Below please find information about the individual payment services and a possible integration via Adyen.
Google Pay: We offer payment processing through the payment service provider Google Payment Ireland Limited, 70 Sir John Rogersons's Quay, Dublin 2, Ireland ("Google Pay"). If you decide to use Google Pay for your payment, you will be redirected to the Google Pay page where you can log in with your account information and initiate the payment. After being redirected to the Google Pay website, we will have no access to the data collected by Google Pay. Google Pay is integrated through Adyen (see above). Here you can find more information on data protection related to Google Pay.
Apple Pay: We offer payment processing through the payment service provider Apple Inc., 1 Apple Park Way, Cupertino, California, 95014, United States ("Apple Pay"). If you decide to use Apple Pay for your payment, you will be redirected to the Apple Pay page where you can log in with your account information and initiate the payment. After being redirected to the Apple Pay website, we will have no access to the data collected by Apple Pay. Apple Pay is integrated through Adyen (see above). Here you can find more information on data protection related to Apple Pay.
4. Data security
All data you transmit personally will be encrypted by Leica using the common secure TLS (Transport Layer Security) standard. TLS is a secure and tested standard which is also used, for example, for online banking. You can recognize a secure TLS connection by the “s” appended to http (i.e. https://..) in the address bar of your browser or the lock symbol in the lower part of your browser.
We also use proper technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. We constantly improve our security measures in line with technological developments.
5. Rights of the data subject
You have the right:
Information about your right to object pursuant to Art. 21 of the GDPR
On grounds relating to your particular situation, you have the right to object to the processing of personal data relating to you based on Art. 6 (1) (e) of the GDPR (data processing for reasons of public interest) and Art. 6 (1) (f) of the GDPR (data processing based on a balancing of interests) at any time; this includes profiling based on the provisions of Art. 4 no. 4 of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If your objection concerns the processing of data for the purpose of direct marketing, we will immediately stop data processing. In this case, it is not necessary to specify a particular situation, including profiling to the extent that it is related to such direct marketing.
If you wish to exercise your right to object, simply send an e-mail to firstname.lastname@example.org.