Version dated 27 November 2018
Download this document as a pdf-file
Privacy notice for Coinfinity GmbH, based in Graz with business address Griesgasse 10, 8020 Graz, Austria (henceforth abbreviated to “Coinfinity” or “we”), for the website https://www.cardwallet.com/ (henceforth referred to as “website”) and also contracts relating to Coinfinity Card Wallet sales.
Thank you for your interest in our products. Below we provide you with comprehensive information about how we process your data and what rights you have in this regard. Protecting your privacy is particularly important to us and, accordingly, we would like to provide you with information on your rights and choices in order to support a trusting, long-term relationship. Our data protection strategy is implemented in accordance with the European Union’s General Data Protection Regulation (henceforth “GDPR”) in conjunction with the 2018 Austrian Data Protection Amendment Act (henceforth “DS-AG” [Datenschutz-Anpassungsgesetz]), the Telecommunications Act (TKG [Telekommunikationsgesetz]) and other relevant statutory provisions.
Legal data protection provisions must always be observed when processing personal data. In terms of this privacy notice, we will draw on the definition of terms in the GDPR. Consequently, the “processing” of personal data is understood to mean any kind of handling of this kind of data. If data processed by us can be related to a person, making it possible to identify you as an individual (especially enabling discovery of your full name) – even if only in conjunction with a third party or by means of additional information – this is always deemed to constitute personal data.
This privacy notice relates exclusively to the website specified. If you navigate to other internet sites via links on our website, please refer directly to the destination site for relevant information on their handling of your data. We do not accept any responsibility or liability for content on third-party websites that are linked via our own web pages.
1. Data processing when using our website
For technical reasons, when you visit our website certain data will be captured that is transmitted to us by your web browser or by your web space provider (so-called server log files). This includes the following:
- browser type and version
- operating system used
- web page from which you are visiting our site (referrer URL
- web page that you are visiting
- date and time of access
- your internet protocol (IP) address.
These anonymous data will be stored separately from any personal data you might provide and so cannot be linked back to any particular individual. This data processing is performed in order to track visitors, to check the efficacy of advertising activities, to deliver targeted promotional features and messages and also in order to ensure security and improve the quality of our offering. It is based on Art. 6 para. 1(f) of the GDPR (overwhelming legitimate interest, in other words achieving the objectives just described). This information does not enable us to identify you as an individual in any way.
2. Data processing when handling orders
As part of your order, the following personal data will be collected: first name, surname, address details, email address, IP address or other data required for order processing and also data relating to the order itself, such as number of items, product numbers, invoice amount and tax as a percentage, invoicing information etc. These personal data are required by us for contractual performance and to comply with statutory requirements (Art. 6 para. 1(b) GDPR, Art 6 para. 1(c) GDPR). Data are stored for at least the duration of each contract with Coinfinity, although provision may be made for a longer period of retention, especially based on legal requirements (statutory retention obligations, statutes of limitation on potential legal claims). If the data no longer need to be stored for the purpose that prompted their original collection (or as part of a legally permissible change of purpose), we will arrange for the data to be destroyed, unless there is any legal provision to the contrary.
If you select a third-party provider for payment processing, personal data will also be transmitted to the relevant payment provider during this transaction.
If you select Stripe as your payment method, once you have a submitted the order you will be transferred to the website for the online provider Stripe Ltd., 510 Townsend Street, San Francisco, CA 94103, USA. Once your details have been authenticated, your individual details and personal account data will be passed to Stripe Ltd. so that your account status can be checked. We have no influence over the transmission of these data. In this regard, please refer to the supplementary data protection information from Stripe Ltd., which you will be referred to when using this service.
If you have any additional questions regarding the use of your personal data, you can contact Stripe Ltd. via Homepage https://stripe.com/contact or in writing (Stripe Ltd., Privacy, 510 Townsend Street, San Francisco, CA 94103, USA).
If you select Giropay as your payment method, once you have a submitted the order you will be transferred to the website for the online provider giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany. Once your details have been authenticated, your individual details and personal account data will be passed to giropay GmbH so that your account status can be checked. We have no influence over the transmission of these data. In this regard, please refer to the supplementary data protection information from giropay GmbH, which you will be referred to when using this service.
If you have any additional questions regarding the use of your personal data, you can contact giropay GmbH by email ([email protected]) or in writing (giropay GmbH, Privacy, An der Welle 4, 60322 Frankfurt, Germany).
If you select EPS as your payment method, once you have a submitted the order you will be transferred to the website for the online provider Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH (STUZZA), Frankgasse 10/8, 1090 Vienna, Austria. Once your details have been authenticated, your individual details and personal account data will be passed to STUZZA so that your account status can be checked. We have no influence over the transmission of these data. In this regard, please refer to the supplementary data protection information from STUZZA, which you will be referred to when using this service.
If you have any additional questions regarding the use of your personal data, you can contact STUZZA by email ([email protected]) or in writing (Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Frankgasse 10/8, 1090 Vienna, Austria).
Our website also offers you the option of registering for our newsletter. To do this, you must disclose your email address. Your email address is required in order to send the newsletter (Art 6 para. 1(b) GDPR). The newsletter will only be sent to email addresses provided by interested parties themselves. When you subscribe to our newsletter, we will also store your IP address and the date and time of your registration. This serves to protect us in the event of a third party abusing your email address and subscribing to the newsletter without your knowledge. If you no longer wish to receive the newsletter, you can unsubscribe at any time by clicking on the “unsubscribe from this list” button at the end of every newsletter we send. The data collected for sending out the newsletter will be deleted following cancellation of the subscription – unless there is a legal provision to the contrary or the data are being processed based on a separate legal principle.
Your data will be used to send you the requested newsletter.
We use the MailChimp newsletter service provided by the Rocket Science Group to send out our newsletters.
4. Data processing for minors
We have no business relationships with minors.
5. Rights of the data subject
A fundamental concern for data protection legislation is to provide you with control over your personal data even after data processing has already commenced. For this purpose, the data subject has a number of rights, and we will comply with any request regarding these rights immediately and no later than within one (1) month. To exercise your rights, please contact us via the following email address: [email protected] The following specific rights are provided:
- SIf you exercise your right of access and there are no statutory restrictions to the contrary, we will provide you with comprehensive information about our processing of your data. To do this, we will provide you with (i) copies of the data (emails, database extracts etc.), plus information on (ii) specific data processed, (iii) purposes of processing, (iv) categories of data processed, (v) recipients, (vi) the retention period and criteria used to determine this period, (vii) the origin of the data and (viii) potentially other information depending on the particular case. However, please note that we cannot issue any documents which could affect another individual’s rights.
- Under the right to rectification you can demand that we rectify any incorrectly recorded data, or any data which has become inaccurate or data which is incomplete (for the relevant processing purpose). Your request will be checked, whereby you may demand that the relevant data processing is restricted for the duration of this checking process.
- You can exercise your right to erasure at any time (i) if the purpose of processing cannot be justified as being necessary, (ii) in the event of you withdrawing your consent, (iii) in the event of a particular objection, insofar as the relevant data processing is based on Coinfinity’s legitimate interests, (iv) if the data processing is unlawful or (v) if there is a legal obligation to delete the data.
- There is a supplementary right to restrict processing in certain cases which, if exercised, means that the affected data may only be stored. As well as the option to restrict processing for the duration of any checks on requests for rectification, this also includes (i) unlawful data processing (provided erasure of the data is not requested) and (ii) the duration of any checks on a special objection request.
- In addition, you have a fundamental right to object to data processing at any time. However, this is only applicable if the processing is based on Coinfinity’s legitimate interests.
- You may also exercise your right of complaint by contacting the supervisory authority.
Please also note that we cannot comply with your request, if the processing is necessary for compelling reasons which are worthy of protection (balancing of interests) or if the processing is related to the assertion, exercise or defence of legal claims (on our part). The same is true in the event of excessive requests and a fee may be charged for handling obviously unjustified requests.
6. Data security and deletion
Coinfinity will take all appropriate technical and organisational measures to ensure that by default only personal data that is absolutely essential for commercial purposes will be processed. The measures taken by us relate to the quantity of data collected, the scope of processing and also the retention period and accessibility. These measures allow us to ensure that settings are in place to restrict access to personal data to a very limited number of people and only when absolutely necessary. Other people will never be granted access to personal data without explicit authorisation from the data subject. We also use various security mechanisms (backups, encryption) to secure our online presence and other systems. This should serve to offer optimal protection for your (personal) data against loss or theft, deletion, unauthorised access, modification or disclosure.
In accordance with the GDPR provisions, all (personal) data collected by us via the website will only be stored for as long as needed in terms of the legal basis on which it is being processed, unless longer term retention is a statutory requirement. We comply with the obligation to delete data in accordance with our specific in-house data deletion strategy. More detailed information on this can be issued on request.
All Coinfinity staff are provided with adequate information about legal data protection requirements, internal data protection guidelines and also data protection arrangements and they are required to preserve the confidentiality of any information entrusted to them or made available to them during the course of their professional activities. The GDPR provisions are strictly adhered to here and personal data is only made accessible to individual staff if this is required for the purposes of data collection or in order for us to meet any obligations arising as a consequence.
If we use external data processors, framework agreements are put in place to ensure that they are also obliged to adhere to all applicable data protection provisions. In addition, when handling your (personal) data, processors are strictly bound by our specifications, in particular regarding the nature and scope of any processing.
7. Transmission of data
If necessary, we may pass on your (personal) data to third parties for the purposes outlined in this privacy notice.
Our external processor for the production of personalised products and shipping is youniqx Identity AG, address: Tenschertstraße 7, 1230 Vienna, which is owned 100% by the company Österreichische Staatsdruckerei Holding AG. The privacy notice for youniqx Identity AG can be found at https://www.youniqx.com/datenschutz/.
We use so-called cookies, little text files which are stored on your computer when you access our website. These help us make our offering more user-friendly, attractive and secure. The cookies, together with your IP address, are used exclusively for the technical operation of the website (e.g. login, load distribution by Cloudflare, storing language preferences). In many cases these involve “session cookies”, which are deleted without any action on your part as soon as you end your current browser session. Other cookies (for example to store your language preference) remain for a longer period or until you manually request their deletion. Cookies never store any personal data.
Most browsers accept cookies automatically. However, you have the option of modifying your browser settings so that cookies are either refused in general or so that only particular kinds of cookie are accepted (e.g. only reject third-party cookies). Nonetheless, if you change your browser’s cookie settings, it will then not be possible to use all the functionality provided by our website. The settings vary from browser to browser, so we suggest you consult the support pages for your particular browser.
9. Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). This usage is based on Art. 6 para. 1 clause 1(f) of the GDPR. Google Analytics uses so-called “cookies”, text files stored on your computer that enable analysis of your use of the website. The information regarding your use of the website generated by the cookie includes:
- browser type/version
- operating system used
- referrer URL (the previously visited page)
- hostname of the accessing PC (IP address)
- time of the server request
and is generally transmitted for storage on a Google server in the USA. The IP address transmitted by your browser as part of the Google Analytics process will not be combined with other data by Google. In addition, on this website we have added the “anonymizeIP” instruction to Google Analytics. This ensures your IP address is masked, so that all data is collected anonymously. The full IP address is only transmitted to a Google server in the USA in exceptional cases, and it is then truncated by the relevant server.
Google uses this information on behalf of the website operator to evaluate your use of the website, to produce reports about website activity and to perform other services for the website operator associated with website and internet usage. You can configure your browser settings to disable the saving of cookies; however, we should point out that you may then be unable to use the full functionality offered by this website.
You can also prevent Google from capturing or processing data generated by the cookie about your use of the website (incl. your IP address) by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Alternatively, visit the page https://www.cardwallet.com/test/(opt-out) to prevent Google Analytics collecting data about you within this website – you will find an “opt-out cookie” at this page. Your browser will need to be configured to allow cookies in order for this to work. If you delete your cookies regularly, you will need to revisit this page.
We also use Google Analytics for the statistical evaluation of data from double-click cookies and AdWords. If you don’t want this, you can disable this function via the Ad Preferences Manager (https://adssettings.google.com/authenticated?hl=en).
Additional information on data protection connected with Google Analytics can be obtained from (https://support.google.com/analytics/answer/6004245?hl=en).
10. Google Adwords
In order to promote our website, we also use the Google marketing tool “Google Adwords”. As part of this system our website uses the “Conversion Tracking” analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, henceforth referred to as “Google”. If you access our website via a Google advert, a cookie is deposited on your computer. Cookies are little text files that are deposited and stored on your computer by your web browser. These so-called “conversion cookies” become invalid after 30 days and do not serve to personally identify you. If you visit particular pages on our website and the cookie has not yet expired, we and Google are able to detect that you clicked on one of our ads placed with Google and that you were transferred on to our website.
The information collected with the help of “conversion cookies” allows Google to create visitor statistics for our website. These statistics mean we can establish the total number of users who have clicked on our advert and also identify which pages on our website were then requested by the relevant user. However, neither we nor any other body advertising via “Google Adwords” receive any information that could be used to identify users in person.
You can disable the installation of “conversion cookies” through the relevant browser settings, either by configuring your browser to disable cookies in general or by specifically blocking cookies from the “googleadservices.com” domain. Alternatively, there is the option of permanently disabling cookies for advertising purposes by downloading and installing the browser plugin available via the following link: http://www.google.com/settings/ads/plugin?hl=en
You can find Google’s privacy notice for this area via the following link: https://services.google.com/sitestats/en.html
11. Right of appeal
If you believe that we have contravened the applicable data protection legislation in the processing of your data, you have the right to file a complaint with the Austrian Data Protection Authority. The stipulations for such a complaint are defined in Section 24ff of the DS-AG [Österreichischer Datenschutz-Anpassungsgesetz: Austrian Data Protection Amendment Act]. However, we would ask you to get in touch with us before doing this so we can try to clear up any possible questions or problems. The contact details for the data protection authority are as follows:
Österreichische Datenschutzbehörde [Austrian Data Protection Authority]
1080 Vienna, Austria
Telephone: +43 1 52 152-0
Email: [email protected]
12. Contact for legal data protection questions, information, requests
Für datenschutzrechtliche Fragen, Mitteilungen oder Ansuchen verwenden Sie bitte die folgende Kontaktadresse:
For any legal data protection questions, information or requests, please use the following contact address:
8020 Graz, Austria
Telephone: +43 316 711 744
Email: [email protected]