Privacy Policy

Last updated: May 2019

Silhouette International Schmied AG, Ellbognerstraße 24, 4020 Linz ("Silhouette" or "we") is the operator of the website www.silhouette.com and responsible for the following data processing operations. This privacy policy covers the website www.silhouette.com ("Website")

Thank you for your interest in our products. Below you will find comprehensive information on the extent to which we process your data and the rights you have in this regard. The protection of your privacy is very important to us and we would like to inform you accordingly about your rights and options in order to effectively support a trusting business relationship. Our data protection practice is in accordance with the General Data Protection Regulation of the European Union ("GDPR") in conjunction with the Austrian Data Protection Act ("DSG"), the Telecommunications Act ("TKG") and other relevant legal provisions.

Data protection laws are generally relevant in case any processing of personal data is concerned. The scope of this privacy policy is based on the understanding of the GDPR. Thus, the "processing" of personal data essentially includes any handling of such data. Insofar as data processed by us are human-related and—even if only via third parties, in a synopsis or by means of additional knowledge—makes you identifiable as a person (in particular by letting us know your full name), they are to be considered personal data.

Whenever you visit our website, we collect the following data: IP address.
You can visit our Website without providing any personal information. When you access our Website, only certain access data (your IP address and other metadata, e.g. date/time of access, inquiring provider), in particular for purposes of technical security, improvement of website quality and statistical purposes, are processed automatically; this processing is based on our overriding legitimate interests (Art 6 para 1 lit f GDPR), which consist in achieving the aforementioned purposes. This information does not enable us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. As a mere Website visitor, you can therefore inform yourself about our offers and activities without any obligation and without the possibility for us to link such data to your person.

For the purposes explained in this privacy policy, we will transfer your (personal) data to the following recipients:

Within our organization, your data will be provided to those entities or employees who need them to fulfill their contractual or legal obligations and for data processing that is based on our legitimate interests.

Furthermore, (external) processors deployed by us receive your data if they need such data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision. This includes the following categories of recipients:

• Customer management

• Analytics tools

• IT service providers contracted by us and IT support

• Marketing management

• Shipping companies regarding the shipment of the Silhouette Print Journal

We have a constantly updated list of our recipient categories regarding data transfers and processors.

Some of the abovementioned recipients are located outside the EU or process your (personal) data outside the EU. However, we take steps to ensure that all recipients have an adequate level of data protection. For example, we conclude standard contractual clauses, which can be provided on request. Alternatively, we use providers that are certified according to the EU-US Privacy Shield and therefore have an adequate level of data protection according to the GDPR (following the adequacy decision of the European Commission).

Should we deploy processors, they are bound by our data protection practice as mentioned above and your personal data will be treated strictly confidential. Under no circumstances will processors – without your express consent – transfer your data to third parties or use it for any other purpose than to fulfil their obligations to Silhouette or to comply with our explicit instructions.

A central aspect of data protection regulations is the implementation of adequate options allowing you to dispose of your own personal data, even after processing of said personal data has already taken place. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights without undue delay and in any event within one (1) month of receipt of the request. Please direct your request to the following address: dataprotection@silhouette-international.com. Specifically, the following rights are stipulated:

(a) Should you exercise your right to information, we shall provide you with all relevant information regarding the processing of your personal data by us, permitted to the extent of the law. For this purpose, we will send you (i) copies of the data (e-mails, database excerpts, etc.), as well as information on (ii) concretely processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for determining it, (vii) the origin of the data and (viii) any further information depending on the individual case. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.

(b) With the right to rectification you may request that we rectify wrongly recorded data, data that have become inaccurate or incomplete personal data (for the purpose of the respective processing). Your request will then be examined and the data processing operations affected may be restricted for the duration of the examination upon request.

(c) The right to (data) erasure may be exercised (i) where the storage of the data is not necessary for the purpose of the processing operation, (ii) where your consent has been revoked, (iii) where there is a particular objection to the processing in question being based on Silhouette's legitimate interests, (iv) where the processing is unlawful, (v) where there is a legal obligation to delete the data, and (vi) where the processing is carried out by minors under the age of 16.

(d) A right to restriction of processing, after the exercise of which affected data may only be stored, exists (only) in special cases. In addition to the possibility of restriction during the evaluation period of data correction requests, (i) unlawful data processing (unless erasure is required) and (ii) the duration of the review of an objection request pursuant to Art 21 (1) GDPR are also covered.

(e) You also have the right to object to data processing at any time. But this only applies if the processing is based on the legitimate interests of Silhouette. Note, however, that legitimate interests are only used as a legal basis for processing operations in individual cases.

(f) You have the right to lodge a complaint with a relevant national supervisory authority (see point 10).

(g) You also have a right to data transfer, after the exercise of which you have the right to obtain the concerned data in a structured, common and machine-readable format and to transfer these data to another responsible person as well as to request a direct transfer to another responsible person.

Please also note that we may be unable to comply with your request due to compelling reasons worthy of protection in regards to the processing operation (weighing of interests) or if processing is necessary due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby a fee may be charged as well as for the fulfilment of manifestly unfounded requests.

Silhouette takes all appropriate technical and organizational measures to ensure that only those personal data that are absolutely necessary for the business purpose are processed by default. The measures taken by Silhouette concern the amount of data collected, the scope of processing as well as its storage period and accessibility. Silhouette uses these measures to ensure that personal data are only made available to a limited and necessary number of persons through default settings. Other persons will under no circumstances be granted access to personal data without the explicit consent of the data subject. In addition, Silhouette uses various protection mechanisms (backups, encryption) to safeguard the Website and other systems. This is intended to provide the best possible protection for your (personal) data against loss or theft, destruction, unauthorized access, alteration and distribution.

All Silhouette employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations as well as data security precautions and are required to keep confidential all information entrusted or made available to them in the course of their professional activities. The requirements of the GDPR are strictly observed and personal data are only made available to individual employees insofar as this is necessary regarding the purpose of data collection and our obligations arising therefrom. If Silhouette deploys processors, these are obliged to act in accordance with our data protection practice on the basis of specific framework agreements concluded with us.

In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website will only be stored for as long as it is required with regard to the legal basis of the processing operation, unless long-term storage is provided for by law. We comply with our obligation to delete data on the basis of our specific internal deletion concept, wherefore we can provide you with further information on request.

Our Website uses "cookies". Cookies are small text files, which are stored on your computer when accessing our Website in order to make our services more user-friendly, more attractive and safer. In many cases these are "session cookies", which are deleted without your intervention as soon as you close your current browser session. Other cookies (e.g. to save your language settings) remain stored for a longer period of time or until you manually remove them. Cookies generally do not contain any personal data. We use cookies, as an example, to save information concerning the resolution of accessing devices, enabling our Website to be displayed ideally in regards to the respective end device.
Most browsers automatically accept cookies. However, you have the option to customize your browser settings so that cookies are either generally rejected or only allowed in certain ways (e.g., limiting refusal to third party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. The setting options for the most common browsers can be found under the following links:

Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari™: https://www.whatismybrowser.com/guides/how-to-enable-cookies/safari
Chrome™: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en
Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Opera™: https://help.opera.com/en/latest/web-preferences/#cookies

The following analysis tools are used on our platform, whereby the processing of personal data is carried out on the basis of our overriding legitimate interest in creating cost-efficient website access statistics that are easy to use (Art 6 para 1 lit f GDPR):

Our Website uses "Google Analytics", a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google's representative within the meaning of Art 27 GDPR and the general contact person for all Google products used on our Website within the EU is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics enables us to analyse the use of this Website by visitors. Due to the deactivation of the creation of a user ID for our Website, you will only be assigned a client ID when accessing it, which has to be regenerated for different end devices, for example. Tracking is performed by the tracking code analytics.js (Java Script). In this context, we process your data on the basis of our overriding legitimate interest in compiling easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR).

By using the software, cookies are set (for the client ID), which are stored on your computer. The information generated about your use of this Website will generally be transferred to and stored by Google on servers in the USA. However, due to the activation of IP anonymization on this Website, your IP address will be reduced by Google in advance within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activities and providing other services relating to website activities and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data Google holds. Your person cannot be identified by Google.

Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection corresponding to European data protection standards. The Privacy Shield certification can be viewed at [https://www.privacyshield.gov/list](Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection corresponding to European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.).

With the procedure described under point 5, you can prevent the storage of cookies by setting up your browser software accordingly (possibly limited to third-party cookies). You can also prevent Google from collecting data generated by cookies and related to your use of the Website (including your IP address) and from processing this data by downloading and installing a browser plug-in (http://tools.google.com/dlpage/gaoptout?hl=de). Alternatively, you can click here (Cookie was successfully set) to set an “opt-out cookie” which is stored on your device and also prevents Google Analytics from collecting your data. Should you delete your stored cookies, however, this step is required again. However, we would like to point out that you may then not be able to use all the functions of the Website to their full extent.

Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://marketingplatform.google.com/intl/en_uk/about/ or for Google products in general at https://policies.google.com/privacy?hl=en.

In order to protect input forms on our Website, we use Google's "reCAPTCHA" service. This software detects bots (robots), allowing us to determine whether the input of forms is done by a natural person or by an automated machine (robot). This software is intended to ensure the secure transmission of forms. In this context, we process your data on the basis of our overriding legitimate interest in ensuring the security of our Website and avoiding automated access in the form of bots and spam (Art 6 para 1 lit f GDPR).

The use of this service makes it possible to differentiate between whether the relevant input is of human origin or whether it is misused by automated machine processing. For this purpose, referrer URLs, the IP address, the behaviour of website visitors, information on the operating system, browser and length of visit, cookies, display instructions and scripts, the user's input behaviour and mouse movements in the area of the reCAPTCHA checkbox are transferred to Google. Google uses such information, among other things, to digitize books and other printed products and to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).

The IP address provided by reCAPTCHA will not be merged with any other data held by Google unless you are logged into your Google account at the time you use the reCAPTCHA plug-in. In order to prevent Google from transmitting and storing information about you and your conduct on our Website, you must log out from Google before visiting our Website or before using the reCAPTCHA plug-in.

The information obtained through the reCAPTCHA service is used in accordance with the Google Terms of Use. Further information can be found at: https://www.google.com/recaptcha/intro/v3.html#the-recaptcha-advantage as well as https://policies.google.com/privacy?hl=en&gl=de.

Google is also a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that corresponds to European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.

Within our offer we use the "Visitor Action Pixel" of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). Facebook's representative within the meaning of Art 27 GDPR and general contact within the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Visitor Action Pixel can be used to track users' behavior after they have clicked on a Facebook ad to redirect them to that offer's website. This process is used to assess the effectiveness of Facebook ads for statistics and market research purposes. It may help optimize future advertising efforts. In this context, we process your data on the basis of our overriding legitimate interests to conduct targeted advertising, to pursue an efficient marketing strategy and to compile easy-to-use website access statistics in a cost-efficient manner (Art 6 para 1 lit f GDPR). Facebook will also link the information collected about your visit to our Website with your member account and use it for the targeted placement of Facebook ads, if you are a Facebook member and if you have not disabled such linkage in the privacy settings of your account. Cookies may also be stored on your computer for these purposes. The collected data remains anonymous for Silhouette and does not give us any information about the identity of the user. However, the data is stored and processed by Facebook so that it can be linked to the respective user profile and Facebook can use the data for its own advertising purposes in accordance with its Data Policy (www.facebook.com/about/privacy). If you do not wish your Visitor Action Pixel data to be collected, you can disable this process using the following cross platform: www.facebook.com/settings?tab=ads (you must be logged into your Facebook account). If you are not a member of Facebook, you can prevent Facebook from processing your data by clicking the deactivation button for the provider "Facebook" on the YourOnlineChoices website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.
In addition, you can object to the collection of you data by the Pixel (so-called opt-out) here: Face­book-Opt-Out.

Facebook is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at [https://www.privacyshield.gov/list](Facebook is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and maintain a level of data protection that complies with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.).

On our Website we use links to the pages of third parties. These are on the one hand reference links leading to our permanent partners and on the other hand links to social networks (e.g. Facebook, Instagram, YouTube). If you click on one of these links, you will be directed to the corresponding page. For the website operators it is only apparent that you accessed their website through our own Website. Accordingly, please refer to the separate privacy policies of these websites.

You can read about the purpose and scope of the data collection and the further processing and use by Facebook as well as your rights and possible configuration options in the Facebook Privacy Policy under the following link: https://www.facebook.com/policy.php. You can find Instagram and YouTube's privacy policies under https://help.instagram.com/519522125107875 as well as under https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=en&visit_id=636927545803058837-989013203&rd=1.

You can subscribe to the Silhouette newsletter on our Website. To do so, you must provide your name and e-mail address. You may also voluntarily choose to disclose your country of residence in order to receive tailor-made information. This data is required in order to send the newsletter and to contact you in the correct manner (Art 6 para 1 lit b GDPR). A newsletter or other electronic advertisement will never be sent without your prior consent. The Silhouette newsletter informs you about the latest Silhouette products and the latest trends and is only sent to e-mail addresses that have been provided by interested parties themselves. If you no longer wish to receive the newsletter, you can of course unsubscribe at any time by clicking on the "unsubscribe newsletter" button. The data collected for the delivery of the newsletter will be deleted after any cancellation, unless otherwise provided by law and unless the data is processed on another legal basis. We also use the newsletter for statistics in connection with your personal data. We also assess the performance of the newsletter by analyzing the openings of the newsletter, click behaviour and information on the technical deliverability of the newsletter. This treatment is carried out on the legal basis of our overriding legitimate interests in producing newsletter statistics that are easy to handle and effective in marketing terms in a cost-efficient manner (Art 6 para 1 lit f GDPR).

We use the newsletter service "Eyepin", which is operated by eyepin GmbH, Billrothstraße 52, 1190 Vienna, Austria. To this end, the personal data that you voluntarily provide will be stored on Eyepin servers in Austria and Germany. Your data will be used exclusively to send you the newsletter that you have ordered.

You can also subscribe to the Silhouette Print Journal ("Journal") on our Website. To do so, you must provide your name, e-mail address and postal address. This data is required to send the journal and to contact you in the correct manner (Art 6 para 1 lit b GDPR). The Journal will never be sent without your prior consent. The Journal informs you about the latest Silhouette products and the latest trends and will only be sent to postal addresses that have been provided by interested parties themselves. If you no longer wish to receive the Journal, you can unsubscribe at any time by filling out the contact form on our Website at [https://www.silhouette.com/contact](You can subscribe to the Silhouette newsletter on our Website. To do so, you must provide your name and e-mail address. You may also voluntarily choose to disclose your country of residence in order to receive tailor-made information. This data is required in order to send the newsletter and to contact you in the correct manner (Art 6 para 1 lit b GDPR). A newsletter or other electronic advertisement will never be sent without your prior consent. The Silhouette newsletter informs you about the latest Silhouette products and the latest trends and is only sent to e-mail addresses that have been provided by interested parties themselves. If you no longer wish to receive the newsletter, you can of course unsubscribe at any time by clicking on the "unsubscribe newsletter" button. The data collected for the delivery of the newsletter will be deleted after any cancellation, unless otherwise provided by law and unless the data is processed on another legal basis. We also use the newsletter for statistics in connection with your personal data. We also assess the performance of the newsletter by analyzing the openings of the newsletter, click behaviour and information on the technical deliverability of the newsletter. This treatment is carried out on the legal basis of our overriding legitimate interests in producing newsletter statistics that are easy to handle and effective in marketing terms in a cost-efficient manner (Art 6 para 1 lit f GDPR). We use the newsletter service "Eyepin", which is operated by eyepin GmbH, Billrothstraße 52, 1190 Vienna, Austria. To this end, the personal data that you voluntarily provide will be stored on Eyepin servers in Austria and Germany. Your data will be used exclusively to send you the newsletter that you have ordered. You can also subscribe to the Silhouette Print Journal ("Journal") on our Website. To do so, you must provide your name, e-mail address and postal address. This data is required to send the journal and to contact you in the correct manner (Art 6 para 1 lit b GDPR). The Journal will never be sent without your prior consent. The Journal informs you about the latest Silhouette products and the latest trends and will only be sent to postal addresses that have been provided by interested parties themselves. If you no longer wish to receive the Journal, you can unsubscribe at any time by filling out the contact form on our Website at https://www.silhouette.com/contact. The data collected for the delivery of the Journal will be deleted after any cancellation, unless otherwise provided by law and unless the data are processed on another legal basis.). The data collected for the delivery of the Journal will be deleted after any cancellation, unless otherwise provided by law and unless the data are processed on another legal basis.

You have the possibility to fill out a contact form on our Website in order to send us individual inquiries or to get in contact with us. All you need to do is to provide your name, your country of residence, a contact option (e-mail address) and your message; any additional information you provide is given voluntarily; processing in this respect is based on our overriding legitimate interests in being able to process enquiries individually and as quickly as possible (Art 6 para 1 lit f GDPR). The information provided in this context will only be used to answer your enquiry and will not be stored.

If you take the view that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the relevant national Data Protection Authority. The requirements for such a complaint are based on Section 24ff DSG. However, we would ask you to contact us in advance in order to clarify any questions or problems. The contact details of the Data Protection Authority are as follows:

Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

Furthermore, you have the possibility, pursuant to Art 79 GDPR, to lodge a complaint directly with the regional court in the district of which you have your habitual residence or, alternatively, with the regional court in the district of which we have our seat. This is, however, limited to the assertion of violations of your rights according to point 3 of this privacy policy.

For data protection questions, messages or requests please use the following contact address:

Silhouette International Schmied AG
Ellbognerstraße 24
4021 Linz
Austria

E-mail: dataprotection@silhouette-international.com