Privacy Policy

Last updated: January 2019

Privacy policy of Silhouette International Schmied AG (“Silhouette”; “we”), Ellbognerstraße 24, 4020 Linz, for the website www.silhouette.com (“website”)

Thank you very much for your interest in our products. In this privacy policy, we provide you with detailed information about how we process your data and which rights you have with regard to this data processing. Protecting your privacy is a major priority for us. Therefore, we want to explain your rights and options so that we can foster a long-term business relationship based on trust. We practise data protection in accordance with the EU General Data Protection Regulation (GDPR) in conjunction with the Austrian Data Protection Act (DSG), the Austrian Telemedia Act (TMG) and other applicable legislation.

Data protection regulations must always be observed whenever personal data is processed. The scope of this privacy policy is based on the terminology used in the GDPR. “Processing” of personal data essentially refers to any handling of such data. Whenever the data we process can be traced to specific individuals (even if only via third parties, within an overview or by means of additional knowledge) and make you identifiable as an individual (particularly when the data discloses your full name), then this data is essentially considered to be “personal data”.

Whenever you visit our website, we collect the following data: IP address.
You can visit our website without having to disclose information about yourself. Whenever you access the website, only certain access data (your IP address and other metadata, such as the date and time of access and the requesting provider) are processed with the support of automated processes, particularly for the purposes of security or improvement of the website’s quality. This information does not enable us to identify you personally. Nevertheless, IP addresses are considered personal data under the GDPR. You can visit our website for purely informational purposes, to find out about our products, services and activities, without it becoming possible for us to link such data to you personally.

For the purposes explained in this privacy policy, we will transfer your (personal) data to the following recipients:

Within our organisation, your data will be transferred to the offices and/or employees who need it to fulfil our contractual or legal obligations or where we have a legitimate interest to process your data.

Furthermore, your data will be transferred to (external) data processors contracted by us, insofar as they require it to perform their duties (whereby the possibility of accessing personal data is sufficient). All data processors are contractually obliged to treat your data as confidential and only to process in order to provide their services. The following data processors receive your data:

• Customer management

• Analytics tools

• IT service providers contracted by us

• Marketing management

• Any logistics companies used for distributing the Silhouette Journal magazine

We maintain a current list of types of data recipient and contractors.
Some of the aforementioned recipients are located or process your (personal) data outside the EU. However, we take measures to guarantee that all recipients demonstrate appropriate privacy standards. For example, we agree to standardised contractual clauses which can be provided to you upon request. Alternatively, we use suppliers who are certified under the EU-US Privacy Shield, which is an appropriate level of data protection under the GDPR (as per the adequacy decision by the European Commission).
If we use any data processors, then, as stated, these are bound to our privacy guidelines and your personal data is also handled as strictly confidential. Under no circumstances will data processors transfer your data to third parties or use it without our explicit consent, for any purposes other than for the fulfilment of your obligations towards Silhouette, or for those based on our explicit instructions.

One of the main objectives of data protection legislation is to grant you certain options for controlling your personal data after data processing has already begun. For this purpose, data subjects have various rights which we must observe immediately upon your request (or, in any case, within one (1) month of your request). To exercise your rights, contact us at the following e-mail address: dataprotection@silhouette-international.com. Specifically, you have the following rights:

(a) Should you exercise your right to information, and no legal restrictions apply, we will provide you with comprehensive information about our processing of your data. To do so, we will provide you with (i) copies of the data (e-mails, database excerpts, etc.), as well as information related to (ii) specifically processed data, (iii) processing purposes, (iv) categories of data being processed, (v) data recipients, (vi) storage limits and/or criteria for determining these, (vii) the origin of the data, and (viii) other information, as necessary, depending on your specific case. Please note, however, that we cannot issue any documents which could infringe upon the rights of other persons.

(b) With your right to correction, you can request that we correct information that we have recorded incorrectly, that is no longer correct or that is incomplete (for the specific processing purposes in question). Your request will be evaluated, during which time you can request for the data processing in question to be restricted until the evaluation is complete.

(c) The right to (data) deletion can be exercised (i) in the event that there is no necessity with regard to the processing purpose, (ii) in case you withdraw your consent, (iii) in case of a special objection, if the data processing in question is based on Silhouette’s legitimate interests, (iv) in case of improper data processing, (v) in the event that there is a legal requirement to delete the data, and (vi) in case of processing of personal data referring to minors under the age of 16.

(d) In specific cases, the data subject has a right to restriction of processing. After this right is exercised, the data in question can only be stored. In addition to the option of restriction during the evaluation period for data corrections, this extends to (i) unlawful data processing (insofar as no deletion is requested) and (ii) the duration of the evaluation of a special objection.

(e) Furthermore, you have a fundamental right to object to data processing at any time. This only applies whenever the processing is based on Silhouette’s legitimate interests. Please note, however, that legitimate interests can only be invoked as a legal basis for processing activities in specific cases.

(f) You can also exercise your right to complain to supervisory authorities (see point 11).

(g) You also have a right to data portability, under the exercise of which the data in question is to be received in a structured, conventional and computer-readable format and shall be transferred to another controller.

Please also note that in some cases we will be unable to comply with your request due to mandatory, protected reasons for processing (weighing of interests) and/or processing based on the exertion, exercise or defence of legal claims (on our side). The same applies in the case of excessive requests, in which case (as in the case of compliance with manifestly unfounded requests), a fee may be imposed.

Silhouette takes all the suitable technical and organisational measures to ensure that, by default, personal data is only processed to the extent strictly necessary for the business purpose in question. The measures taken by Silhouette relate to the quantity of the collected data, the scope of the processing as well as the storage limits and accessibility of the data. Through these measures, Silhouette ensures that personal data is made available by default only to a strictly limited and necessary number of persons. No other persons are granted access to personal data without the explicit consent of the data subject. Furthermore, Silhouette uses various safety mechanisms (back-ups, encryption) to secure its website and other systems. These are intended to provide your (personal) data with the greatest possible level of protection against loss, theft, destruction, unauthorised access, modification or distribution.

All Silhouette employees are adequately informed of all applicable regulations under data protection law as well as internal data protection rules and data security precautions. They are bound to confidentiality with respect to any information made known and/or accessible to them within the scope of their work. The provisions of the GDPR are strictly observed and personal data is only provided to individual employees to the extent necessary with regard to the purpose of the data collection and our obligations arising from it. If Silhouette engages processors, they are bound to us by specific framework agreements to act in accordance with our data protection practice.

In accordance with the provisions of the GDPR, all (personal) data collected by us via our websites and app shall only be stored for as long as necessary with regard to the legal grounds for processing them, unless a longer storage period is stipulated by law. We uphold our obligation to delete data with our company’s own internal data deletion procedure. We can provide you with further information about it, at your request.

We use links to the third party webpages on our website, which consist on the one hand of links to our long-term partners, and on the other, of links to social networks (e.g. Facebook, Twitter, Instagram, Pinterest). If you click on any of these links, you will be redirected directly to the relevant webpage. The only data that the website operators will receive is that you have come via our website. We therefore refer you to the privacy policies of these websites. Please note, however, that if you do not want a particular social network to assign data collected via our website to your profile in that social network, you must log out before clicking on the link and accessing it.

You can read more about the purpose and scope of data collection and further processing by Facebook, as well as your rights and options for adjustment in Facebook’s Privacy Policy at the following link: https://www.facebook.com/policy.php

We use small pieces of text data called “cookies” that are stored on your computer when you use our website. These help us to optimise our service to make it more user-friendly and secure, and to make design improvements. In many cases, the cookies installed will be “session cookies”, which will be automatically deleted when you finish your browser session without needing further action on your part. Other cookies (e.g. those that store your language preferences) are stored over a longer period of time, and must be deleted manually. Cookies contain absolutely no personal data.
Most browsers automatically accept cookies. However, you can change your browser settings so that cookies are either totally blocked or only certain types are permitted (e.g. you can choose to only block third-party cookies). Please note that you may not be able to enjoy the full functionality of the website if you change your cookie settings. You can find out how to change your settings on the most common browsers using the following links:

Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://support.apple.com/kb/ph21411
Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera™: https://www.opera.com/help/tutorials/security/privacy/

Our website uses Google Analytics, a website analysis tool by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Cookies allow Google Analytics to evaluate your usage of a particular website. We will process your data in accordance with our legitimate interest to collect website visitor statistics in a cost-efficient and convenient way (Art. 6 Para. 1 Letter F of the GDPR regulations).

The information gathered by the cookies about your use of the website will be transmitted to Google’s servers in the USA and stored there. We do not store any data that is generated through Google Analytics. However, due to the activation of IP anonymisation on this website, your IP address will be abbreviated by Google in advance within member states of the European Union or countries within the European Economic Area. In exceptional cases, your full IP address will be sent to the USA and shortened there. Google uses this information to evaluate your website usage for us and to compile reports about your website activity in order to offer us additional services relating to website behaviour and Internet usage. Your IP address will not be associated with any other data held by Google, and will not therefore allow your identity to be discerned.

Google is a participant of the EU-US Privacy Shield, which requires Google to uphold the agreement and comply with European data protection standards. The certification for the Privacy Shield can be found at https://www.privacyshield.gov/list.

Using the process described in point 6, you can set up your browser preferences to stop it from storing cookies (or restrict third-party cookies only) on your computer. Moreover, you can prevent Google from collecting and processing data gathered from cookies tracking your website usage (incl. your IP address) by downloading and installing the appropriate browser plugin (http://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can click here to install an “opt-out cookie” which will be stored on your device and which also prevents Google Analytics from collecting your data. You will need to repeat this step again if you delete all your cookies. However, we would also point out that you may not be able to enjoy the website’s full functionality if you do so.

You can find more detailed information about your data privacy with regard to Google Analytics and how you can manage it at https://policies.google.com/privacy?hl=en.

In order to keep data capture forms on our website secure we use the "reCAPTCHA" service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereafter referred to as “Google”). The service allows us to tell whether data being entered is being made by a human being or improperly by an automated process.

In doing so, the referrer URL, IP address, the website visitor’s behaviour, information about their operating system, browser and visit duration, cookies, display instructions and scripts, the behaviour of the user during data entry and their mouse movements in the “reCAPTCHA” checkbox area will be transmitted to Google.

Google uses the information collected for a range of applications, such as the digitisation of books and other printed materials, as well as optimising services such as Google Street View and Google Maps (e.g. house numbers and street name recognition).

The IP address transmitted during the “reCAPTCHA” process will not be associated with any other Google data unless you are signed in to your Google account when the “reCAPTCHA” plugin is being used. If you want to prevent Google from receiving and storing data regarding your website usage, you have to log out of Google before visiting our website and using the “reCAPTCHA” plugin.

The information collected whilst the “reCAPTCHA” service is being used is processed according to Google’s terms of use, which you can find at the following link: https://policies.google.com/privacy?hl=en.

Our website uses the “Visitor Action Pixel” from Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”). This enables us to track users when they click on a Facebook ad and land on a promotional page, allowing us to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to help optimise future ads. In doing so, we process your data on the basis of our prevailing legitimate interests to conduct targeted advertising, pursue an efficient marketing strategy and compile easily applicable website access statistics in a cost-efficient way (Art. 6.1.f of the GDPR).

If you are a member of Facebook and have granted permission to Facebook via the privacy settings of your account, Facebook will also link the information collected about your visit with your member account and use this for the targeted display of Facebook ads. Furthermore, a cookie can be stored on your computer for these purposes. The data is anonymised and we cannot determine the user’s identity. However, the data is stored and processed by Facebook so that it is possible to link it to an individual user profile, and so that Facebook can use the data for its own advertising purposes in accordance with its Privacy Policy (www.facebook.com/about/privacy). If you do not wish for data to be collected via the Facebook pixel, you can deactivate it here: www.facebook.com/settings?tab=ads (you must be logged into Facebook for this). If you are not a Facebook member, you can prevent it from processing your data by clicking the deactivation button for the supplier “Facebook” on the YourOnlineChoices website of the European Interactive Digital Advertising Alliance: www.youronlinechoices.com/uk/your-ad-choices. Here, you can also choose to stop the pixel from collecting your data (so-called “opt-out”): Face­book-Opt-Out.

On our website you have the option of signing up to the Silhouette newsletter. To do so, you are required to submit your name and your e-mail address. You can also voluntarily submit your date of birth and your country of residence to receive more personalised information. We need the data to send you the newsletter and address you correctly (Art 6.1.b of the GDPR). Under no circumstances will any newsletter or other form of electronic marketing be sent without your prior consent. The Silhouette newsletter will also keep you up-to-date about the latest Silhouette products and trends, and will only be sent to those who have voluntarily provided their e-mail address. Of course, should you wish to stop receiving the newsletter at any time, you can click on the “unsubscribe from the newsletter” button. Providing there is no further legal requirement or legal basis for processing it, the data stored for sending the newsletter will be deleted after you unsubscribe. We also use the newsletter to make statistical analyses regarding your personal data, and we measure the performance of the newsletter by monitoring if the newsletter is opened, what content is clicked on and technical information regarding sending the newsletter. Processing is carried out in line with our legitimate interest to produce readily-accessible newsletter statistics that help our marketing efforts in a cost-effective way.

We use the “Eyepin” newsletter service operated by eyepin GmbH. To utilise the service, the personal data you voluntarily provided will be stored on Eyepin’s servers in Austria and Germany. Your data will only be used in order to send you the newsletter that you ordered.

On our website, you can also subscribe to the Silhouette Journal (“Journal”) magazine. To do so, you must provide your name, postal address and country. This data is required to send you the journal and to address you correctly (Art. 6.1.b of the GDPR). Under no circumstances will the Journal be sent without your prior consent. The Journal informs you about the latest Silhouette products and current trends, and is sent exclusively to the postal addresses provided by the subscribers. If you no longer wish to receive the Journal, you can unsubscribe to it at any time by filling out the contact form on our website at www.silhouette.com/contact. The data collected for distribution of the Journal will be deleted after any such de-registration (unless the law stipulates otherwise or there is another legal basis for processing the data).

On our website you have the option of filling out a contact form to ask us specific questions or get in touch with us. Our processing is based on our prevailing legitimate interests to be able to process requests individually and as quickly as possible (Art. 6.1.f of the GDPR). The information that you submit will only be used to respond to your question and will not be stored.

If you decide that we have infringed against incumbent data privacy laws, you have the right to file a complaint with the relevant national data protection authority. The requirements for such a complaint are based on § 24ff of the Austrian Data Protection Act (DSG). However, we encourage you to contact us before filing a complaint so that we can resolve any questions or problems.

Below are the contact details of the relevant Data Protection Authority:

Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

Please send questions, notifications or requests regarding data protection law to the following contact address:

Silhouette International Schmied AG
Ellbognerstraße 24
4021 Linz
Austria

E-mail: dataprotection@silhouette-international.com