Privacy Policy

1. Introduction and Data Controller

This Privacy Policy describes how Shiningregen ("we," "us," or "our") collects, uses, stores, and protects your personal data when you visit our website at shiningregen.world or use our services. We are committed to protecting your privacy and ensuring transparency in our data processing activities in accordance with the General Data Protection Regulation (GDPR) and Austrian data protection laws.

Data Controller:

Shiningregen
Lazarettgasse 14
1090 Vienna, Austria
Phone: +43 1 40400 0
Email: reply@shiningregen.world

If you have any questions about this Privacy Policy or our data processing practices, please contact us using the information provided above.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Consent (Article 6(1)(a)): When you provide explicit consent for specific processing activities, such as marketing communications or cookie usage.
• Contract Performance (Article 6(1)(b)): When processing is necessary to fulfill our contractual obligations to you, such as processing your order and delivering products.
• Legal Obligation (Article 6(1)(c)): When we must process your data to comply with legal requirements, such as tax and accounting obligations.
• Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate business interests, such as fraud prevention, website security, and improving our services, provided these interests do not override your fundamental rights and freedoms.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Full name, email address, phone number, and postal address when you place an order or contact us.
• Order Information: Details about products you purchase, order history, payment information (processed securely through third-party payment processors), and delivery preferences.
• Communication Data: Messages, inquiries, and feedback you send to us through contact forms, email, or phone.
• Account Information: If you create an account, we collect username, password (encrypted), and account preferences.

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device information, time zone setting, and browser plug-in types and versions.
• Usage Data: Information about how you use our website, including pages visited, time spent on pages, links clicked, referring website addresses, and navigation paths.
• Cookie Data: Information collected through cookies and similar tracking technologies as described in our Cookies Policy.

3.3 Information from Third Parties

• Payment Processors: Transaction confirmation and payment status information from our payment service providers.
• Delivery Services: Delivery status and tracking information from courier services.
• Analytics Providers: Aggregated statistical data about website usage and visitor behavior.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Order Processing and Fulfillment

• Processing and fulfilling your orders
• Communicating with you about your orders
• Arranging delivery and tracking shipments
• Processing payments and preventing fraud
• Handling returns, refunds, and customer service inquiries

4.2 Website Operation and Improvement

• Providing and maintaining website functionality
• Ensuring website security and preventing unauthorized access
• Analyzing website usage to improve user experience
• Troubleshooting technical issues
• Conducting research and development

4.3 Marketing and Communications

• Sending promotional emails about new products, special offers, and updates (only with your consent)
• Personalizing your experience on our website
• Conducting customer satisfaction surveys
• Displaying relevant advertisements (only with your consent)

4.4 Legal and Compliance

• Complying with legal obligations, including tax and accounting requirements
• Establishing, exercising, or defending legal claims
• Preventing fraud and ensuring transaction security
• Responding to requests from law enforcement or regulatory authorities

5. Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your data with the following categories of recipients:

5.1 Service Providers

We engage trusted third-party service providers who process data on our behalf:

• Payment Processors: To securely process payments and prevent fraud
• Shipping and Logistics: To deliver products to your address
• Email Service Providers: To send transactional and marketing emails
• Web Hosting and IT Services: To host our website and maintain technical infrastructure
• Analytics Providers: To analyze website usage and improve our services
• Customer Support Tools: To manage customer inquiries and support tickets

All service providers are contractually bound to protect your data and use it only for the specified purposes in accordance with GDPR requirements.

5.2 Legal Requirements

We may disclose your personal data when required by law or in response to valid legal processes, such as:

• Court orders or subpoenas
• Requests from law enforcement or regulatory authorities
• Protection of our legal rights and property
• Prevention of fraud or illegal activities
• Protection of the safety of our customers or the public

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming the recipient country provides adequate data protection
• Binding Corporate Rules for transfers within multinational organizations
• Your explicit consent for specific transfers

We ensure that any international data transfers comply with GDPR requirements and provide equivalent protection to your personal data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations:

• Order and Transaction Data: Retained for 7 years to comply with Austrian tax and accounting laws
• Marketing Communications: Retained until you withdraw consent or unsubscribe, then deleted within 30 days
• Website Usage Data: Retained for 26 months for analytics purposes
• Customer Service Records: Retained for 3 years to maintain service quality and resolve disputes
• Account Information: Retained until you request account deletion, then deleted within 30 days
• Legal Claims: Retained for the duration of applicable limitation periods

After the retention period expires, we securely delete or anonymize your personal data in accordance with our data retention and deletion procedures.

8. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of your data along with information about the processing.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and to complete incomplete data.

8.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

8.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you oppose deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of legitimate grounds

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.

Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at reply@shiningregen.world or write to us at Lazarettgasse 14, 1090 Vienna, Austria. We will respond to your request within one month, which may be extended by two additional months for complex requests. We may require verification of your identity before processing your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: We use SSL/TLS encryption for data transmission and encrypt sensitive data at rest
• Access Controls: Strict access controls ensure only authorized personnel can access personal data
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Periodic security audits and assessments of our systems and processes
• Employee Training: Regular training for employees on data protection and security practices
• Incident Response: Established procedures for detecting, responding to, and reporting data breaches
• Secure Development: Security-by-design principles in our website and system development

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but continuously work to maintain the highest security standards.

10. Children's Privacy

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processing we conduct is limited to:

• Fraud detection and prevention systems that flag suspicious transactions for manual review
• Website analytics to understand aggregate user behavior and improve our services
• Email personalization based on your previous interactions with our communications

You have the right to request human intervention, express your point of view, and contest any automated decision that affects you.

12. Third-Party Links

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected through our website and services.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience, analyze website usage, and deliver personalized content. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookies Policy.

14. Marketing Communications

With your consent, we may send you marketing communications about our products, special offers, and updates. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at reply@shiningregen.world
• Adjusting your account preferences if you have an account

Please note that even if you opt out of marketing communications, we will still send you transactional emails related to your orders and account.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have provided your email address
• Display a prominent notice on our website
• Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our website and services after changes are posted constitutes your acceptance of the updated policy.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Shiningregen
Lazarettgasse 14
1090 Vienna, Austria
Phone: +43 1 40400 0
Email: reply@shiningregen.world

We are committed to resolving any privacy concerns you may have and will respond to your inquiries promptly and professionally.