General Information
This privacy policy provides comprehensive details about the handling of your personal data when you visit any of our website www.tollify.at. Personal data encompasses any information that can be used to personally identify you. Our commitment is to strictly adhere to legal regulations, especially the General Data Protection Regulation (GDPR), when processing your data. Your security and privacy during your visit to our website are of utmost importance to us.
Data Controller
The entity responsible for collecting and processing personal data on this website, as mandated by data protection laws, is:
Name: Tollify
Represented by: Alain de Man
Street Address: Jacob Schorerlaan 1
Postal Code, City: 2525 ZP Den haag
Country: Netherlands
Email: info@tollify.at
Phone: +31 (0) 6 10 27 78 89
Website:www.tollify.at
Accessing Data (Server Log Files)
When you visit our website, we routinely gather and retain access data in server log files. This access data is automatically transmitted by your browser and includes:
Cookies
To enhance your website experience and enable the use of specific features, we employ cookies. Cookies are small text files stored on your device, and they cannot execute programs or transmit viruses to your computer system.
Cookies essential for executing electronic communication processes or providing requested functions are stored based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in storing cookies to ensure the technically flawless and optimized delivery of our services. If other cookies, such as those for analyzing your browsing behavior, are stored, they are addressed separately in this privacy statement.
The majority of cookies we use are "session cookies," automatically deleted at the end of your visit. However, certain cookies remain on your device until manually deleted, allowing us to recognize your browser during your subsequent visits.
You can configure your browser to notify you about cookie settings and only allow cookies on a per-case basis. You can also choose to block cookies for specific instances or altogether, and enable automatic cookie deletion upon closing your browser. Please note that disabling cookies may limit the functionality of this website.
Google Analytics
We utilize the web analytics service Google Analytics on our website. The service is provided by Google Ireland Ltd, located at Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics employs "cookies," which are text files stored on your computer that facilitate the analysis of your interactions with our website. Typically, the information generated by these cookies regarding your website usage is transmitted to and stored on a Google server in the United States.
The legal basis for processing your data is your prior consent, granted through the cookie consent tool, in accordance with Article 6, Paragraph 1, Sentence 1, Letter (a) of the General Data Protection Regulation (GDPR).
IP Anonymization
We have implemented the IP anonymization feature on this website. This means that your IP address is abbreviated by Google within the member states of the European Union or in other countries that are part of the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases will the complete IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to assess your use of our website, compile reports on website activity, and provide us with other services related to website activity and internet usage. The IP address sent by your browser as part of Google Analytics will not be combined with other data by Google.
Data Processing Compliance
We have established a data processing agreement with Google and meticulously adhere to the stringent standards set forth by German data protection authorities when employing Google Analytics.
Data Retention
Information retained by Google at the user and event levels, which are associated with cookies, user identifiers (such as user ID), or advertising IDs (such as DoubleClick cookies or Android advertising ID), undergoes anonymization or is deleted after 14 months. Further details are available at the following link: https://support.google.com/analytics/answer/7667196
Objection to data collection
You have the option to decline data collection by adjusting your browser settings; however, please be aware that this may restrict your ability to fully utilize all features of our website.
Additionally, you can prevent the collection of data generated by cookies, which includes your IP address and pertains to your website usage, and its processing by Google. To do this, you can download and install the browser add-on provided at the following link to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en . If you delete cookies on your computer, you will need to reconfigure the opt-out cookie.
For more details on how Google Analytics manages user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en .
Further information regarding data protection is available in Google's privacy policy: https://policies.google.com/privacy-policy?hl=en&gl=en .
Hotjar
We employ Hotjar to gain deeper insights into our users' needs and enhance the overall experience on this website. Hotjar's technology allows us to gain a better understanding of user interactions, such as the time spent on specific pages, clicked links, preferences, and user feedback. It helps us tailor our offerings based on user input. Hotjar employs cookies and other technologies to gather data about user behavior and device attributes, including anonymized IP addresses during your website usage, screen size, unique device identifiers, browser details, location (country only), and preferred language for website viewing. Hotjar securely stores this data on our behalf in pseudonymous user profiles, and it is contractually prohibited from selling any of the data collected on our behalf.
For further information, please visit the 'about Hotjar' section on https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.
Google Tag Manager
Our website utilizes Google Tag Manager, provided by Google. Google Tag Manager is a platform that empowers marketers to manage website tags through a user-friendly interface. The mechanism responsible for executing these tags operates from a domain that doesn't employ cookies and refrains from storing any personal information. Its primary role is to trigger additional tags, which might, in turn, gather data. It's important to note that Google Tag Manager does not access or interact with this data. If deactivation has been applied at the domain or cookie level, it persists for all tracking tags managed through Google Tag Manager.
Google Ads and Google Conversion Tracking
Our website utilizes Google Ads, formerly known as Google AdWords, which is an online advertising platform provided by Google.
Google Ads allows us to promote our offerings through various advertising media on external websites and assess the effectiveness of individual advertising campaigns. This enables us to display advertisements that are relevant to your interests, enhance the appeal of our website, and ensure a fair assessment of advertising expenses.
Within the scope of our Google Ads advertising activities, we implement a process known as conversion tracking. Google delivers advertising materials through its 'AdServers,' and to measure specific success parameters such as ad displays or user clicks, we utilize AdServer cookies. These cookies are used when you click on a Google-placed ad and are stored as small text files in your internet browser. They remain valid for 30 days but do not contain any personal identifying information. Instead, they allow Google to recognize your web browser. If you visit certain pages of our website within the cookie's validity period, both Google and we can identify that you clicked on a particular advertisement and were subsequently redirected to our site.
It's important to note that each Google Ads client receives a distinct cookie, making it impossible to track these cookies across various Ads customer websites. Typically, the following information is stored as analysis values within the cookie: a unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), opt-out information (indicating that the user no longer wishes to be targeted). The data collected through the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. These statistics provide Ads clients with insights into the total number of users who clicked on their ad and were subsequently directed to a page featuring a conversion tracking tag. Importantly, no information that can be used to personally identify users is disclosed.
If you prefer not to participate in this tracking, you can easily disable the Google conversion tracking cookie through your internet browser's user settings. By doing so, you will not be included in the conversion tracking statistics.
The aggregation of data collected within your Google account is solely based on your consent, which you can grant or withdraw through Google (Art. 6 para. 1 lit. a GDPR). In cases where data collection processes are not associated with your Google account (e.g., when you do not have a Google account or have objected to such merging), data collection is carried out in accordance with Art. 6 (1) lit. f GDPR. Our legitimate interest in this case arises from our desire to perform anonymized visitor analysis for advertising purposes, allowing us to optimize both our website offerings and our advertising.
For additional information and details regarding data protection, please refer to Google's privacy policy available at: https://policies.google.com/technologies/ads?hl=en.
Microsoft Advertising (formerly Bing Ads)
Our website utilizes Microsoft Advertising, a tracking and advertising service that employs cookies and web beacons provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, United States of America. These cookies have a maximum lifespan of 1 year and 25 days.
The primary purposes of data collection and processing are advertising and conversion tracking. The following categories of (personal) data may be collected and analyzed as part of this service: browser language, ads clicked, digital signature, GUID generated by the UET tag, IP address, Microsoft click ID, Microsoft cookie, page title, referrer URL, screen color depth, screen resolution, UET ID tag, page load time, publisher/URL access.
Data processing primarily occurs within the European Union; however, it may also be transferred to third countries. Please be aware that this service may involve the transfer of data outside the European Union and the European Economic Area to a country that may not offer an adequate level of data protection.
If data is transferred to the United States, there is a possibility that your data may be subject to processing by US authorities for control and monitoring purposes, potentially without legal recourse. As an additional safeguard for an appropriate level of data protection, Microsoft has incorporated standard data protection clauses in its terms of use.
For more detailed information and to review Microsoft's privacy policy, please visit the following link: https://learn.microsoft.com/de-de/compliance/regulatory/offering-EU-Model-Clauses?view=o365-worldwide.
Contact form
If you contact us by e-mail or via a contact form, the transmitted data including your contact details will be stored in order to be able to process your enquiry or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke your consent at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to store it or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
GiroPay
For payment via GiroPay, access to online banking at a participating bank is required. If you select GiroPay, you will be redirected to the online portal of Paydirekt GmbH or secupay AG at the end of the ordering process. There you can log into your online banking account to initiate the payment to us. This requires you to enter your access data for online banking. Further information on the processing of personal data by GiroPay can be found in the data protection regulations of Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany. For further information on the processing of personal data by Giropay, please refer to the data protection provisions of secupay AG, Goethestraße 6,01896 Pulsnitz, Germany.
iDEAL, Bancontact
iDEAL, Bancontact Customers with accounts at a Dutch bank can pay with iDEAL. Customers who have a Bancontact card at a participating Belgian bank can pay with Bancontact. If you choose iDEAL as your payment method, you will need an account and access to online banking at a participating Dutch bank. If you choose Bancontact as your payment method, you only need a bank account at a Belgian bank and a smartphone or card reader. If you select iDEAL or Bancontact, you will be redirected to the payment page of your bank at the end of the order process. Here you can make a transfer of the payment as usual. After completing the transaction, you will be redirected back to the operator's website. When choosing these payment methods, the operator only receives the information about whether the payment was successful or not. For more information on the processing of personal data by iDEAL, please refer to the Privacy Policy of Currence B.V., Gustav Mahlerplein 33-35, Amsterdam, Noord-Holland 1082 MS, Netherlands. For more information on the processing of personal data by Bancontact, please refer to the privacy policy of Bancontact Payconiq Company NV/SA, Rue d'Arlon 82, 1040-Brussels, Belgium.
Blik
We offer payments on our website via the Polish payment system Blik for bank transfer. After selecting Blik on our website, you need to enter a secure Blik code in the payment form. You receive this unique six-digit code from your banking application and enter it on your checkout page. This links the transaction to the correct banking application. The blik code expires in 120 seconds. As soon as you select 'Pay,' Blik sends a push notification to your banking application. You must authorize the payment within 45 seconds in his banking app for the payment to go through. For more information on the processing of personal data by Blik, please refer to the Privacy Policy of Polski Standard Płatności sp. z o.o.. , Warsaw (00-718), ul. Czerniakowska 87A, Poland.
Visa/VPay
We offer payments with Visa on our website. The service provider is the American company Visa Inc. The company responsible for the European region is Visa Europe Services Inc, 1 Sheldon Square, London W2 6TT, United Kingdom. The data processing is essentially done by Visa. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Visa services where you have a user account. You can find out more about the data processed through the use of Visa in the Privacy Policy at https://www.visa.de/visa-privacy-center.html.
PayPal
We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg is responsible for the European region. The data processing is essentially carried out by PayPal. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other PayPal services where you have a user account. You can find out more about the data processed through the use of PayPal in the Privacy Policy onhttps://www.paypal.com/de/webapps/mpp/ua/privacy-policy-full.
Mastercard/Maestro
We use the payment service provider Mastercard on our website. The service provider is the American company Mastercard Inc. The company responsible for the European region is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. The data processing is essentially carried out by Mastercard. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other Mastercard services with which you have a user account. You can find out more about the data processed through the use of Mastercard in the Privacy Policy onhttps://www.mastercard.com/global/en/vision/corp-responsibility/commitment-to-privacy/privacy-policy.html.
giropay
We use the online payment provider giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany. You can find out more about the data processed through the use of giropay in the data protection declaration on https://www.giropay.de/agb/index.html .
American Express
We use American Express on our website. The service provider is the American Express Company. The company responsible for the European region is American Express Europe S.A., Avenida Partenón 12-14, 28042, Madrid, Spain. The data processing is essentially carried out by American Express. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It is also possible that this data may be linked to data from other American Express services with which you have a user account. You can find out more about the data processed through the use of American Express in the Privacy Policy onhttps://www.americanexpress.com/uk/company/legal/privacy-policy-centre/.
EPS
For payment via EPS, access to online banking at a participating bank is required. If you select EPS, you will be redirected to the online portal of PSA Payment Services Austria GmbH at the end of the order process. There you can log into your online banking account to initiate the payment to us. This requires you to enter your access data for online banking. Further information on the processing of personal data by EPS can be found in the privacy policy of PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria.
Data Handling and Disclosure
At our core, we prioritize the security and confidentiality of your personal data. When you entrust us with your information, whether during the ordering process or via email (such as your name, address, or email address), please rest assured that we will not sell or market this information to third parties. Your personal data will be handled exclusively for the purpose of communicating with you and for the specific reason for which you provided us with this information. In cases involving payment processing, we will securely transmit your payment data to the designated financial institution responsible for handling your payment.
Any data that is automatically collected during your visit to our website serves only the purposes outlined above and will not be utilized for any other objectives. We want to emphasize that your personal data will not be shared with external parties unless compelled to do so by legal obligations or with your explicit prior consent. Your privacy and data protection are of utmost importance to us.
SSL/TLS Encryption
To ensure the security and confidentiality of your data, our website utilizes SSL/TLS encryption. This encryption safeguards sensitive information, such as orders and inquiries, when you transmit them to us as the site operator. You can identify an encrypted connection by observing that the address line in your browser changes from 'http://' to 'https://' and by the presence of a lock symbol in your browser's address bar.
When SSL/TLS encryption is active, any data you send to us becomes unreadable to third parties, providing you with an added layer of protection.
Data Storage Period
Any personal data shared with us through our website is retained only until its intended purpose has been fulfilled. If there are mandatory retention periods dictated by commercial or tax regulations, certain data may be stored for a duration of up to 10 years.
Data Subjects' Rights
As a data subject, you have specific rights concerning your personal data in accordance with applicable legal provisions. These rights include:
Right of Withdrawal
Many data processing operations rely on your explicit consent. If your data processing is based on consent, you have the right, as per Art. 7(3) of the GDPR, to withdraw your consent at any time, affecting future data processing. The withdrawal of consent does not impact the legality of prior data processing carried out with your consent. Data retention for billing and accounting purposes remains unaffected by consent withdrawal.
Right to Information
Under Article 15 of the GDPR, you have the right to confirm whether we process your personal data. If such processing occurs, you can request information about your personal data, including its purpose, categories, recipients, storage duration, the existence of correction, erasure, or access rights, the right to file complaints with a supervisory authority, and more.
Right of Rectification
As per Art. 16 of the GDPR, you can demand the immediate correction of inaccurate personal data concerning you or complete incomplete data.
Right to Erasure
You can request the deletion of your personal data in accordance with Art. 17 of the GDPR if certain conditions are met, such as when the data is no longer necessary for its original purpose, or you withdraw consent.
Additional Data Subject Rights
In addition to the previously mentioned rights, you also have the following rights as a data subject:
Right to Erasure (Right to Be Forgotten)
You can request the deletion of your personal data in accordance with Art. 17 of the GDPR under certain conditions. This includes situations where your data has been processed unlawfully, or when it is no longer necessary for its original purpose. However, this right may not apply in specific cases, such as when data processing is required for exercising the right to freedom of expression and information, compliance with legal obligations, public health, or the establishment, exercise, or defense of legal claims.
If we have made your personal data public and are obligated to erase it, we will take reasonable steps to inform other data controllers processing your data about your request to erase links to your data, copies, or replications thereof.
Right to Restrict Processing
Under Art. 18 of the GDPR, you have the right to request the restriction (blocking) of your personal data's processing in certain situations:
When processing is restricted, your data may only be processed with your consent, for legal claims, or to protect the rights of another natural or legal person, or for important public interest reasons in the European Union or a Member State.
Additional Data Subject Rights
Right to Information
If you have asserted the right to rectification, erasure, or restriction of processing, we are obligated to notify all recipients to whom your personal data have been disclosed about these actions, unless it is impossible or involves a disproportionate effort. According to Art. 19 of the GDPR, you have the right to request information about these recipients upon your request.
Right Not to Be Subject to Automated Decisions
You have the right not to be subject to decisions based solely on automated processing, including profiling, if they have legal effects on you or similarly significantly affect you, as stated in Article 22 of the GDPR.
This right does not apply if the decision is necessary for the conclusion or performance of a contract between you and us, authorized by Union or Member State law with adequate safeguards, or made with your express consent. However, decisions in these cases cannot be based on special categories of personal data unless specific conditions apply.
In cases (a) and (c), we will take reasonable steps to protect your rights and freedoms, including your right to obtain human intervention, express your viewpoint, and contest the decision.
Right to Data Portability
If your data processing is based on consent or a contract and is carried out through automated processes, you have the right, under Art. 20 of the GDPR, to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller if technically feasible.
Right of Objection
If we process your personal data based on the balance of interests, you have the right to object at any time for reasons arising from your particular situation, including profiling. We will no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if it is for legal claims.
For direct marketing purposes, you have the right to object, including profiling for such marketing. If you object, your personal data will no longer be used for direct advertising.
You can exercise your right to object, particularly regarding information society services, using automated procedures.
Right of Appeal to Supervisory Authority
If there are GDPR breaches, data subjects can appeal to a supervisory authority, especially in their habitual residence, place of work, or where the breach occurred. This right of appeal does not affect other administrative or judicial remedies.