Privacy Policy
Last updated: 30 June 2026
This Privacy Policy explains how MaximZockt Atelier Handels GmbH ("we", "us", "MaximZockt Atelier") processes personal data when you visit maximzocktatelier.pro or place an order. We comply with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and the Austrian Data Protection Act (Datenschutzgesetz, DSG).
- Data Controller
-
MaximZockt Atelier Handels GmbH
Annenstraße 47, 8020 Graz, Austria
Email: kontakt@maximzocktatelier.pro
1. Data We Collect
We may process the following categories of personal data:
- Contact data: email address, name (if provided) when you place an order or send a message.
- Order data: products ordered, quantities, and order timestamps.
- Technical data: IP address, browser type, device information, and pages visited (via essential technologies only, with your consent where required).
- Local storage: shopping cart contents and cookie consent preference stored in your browser.
2. Purposes and Legal Bases
- Order fulfilment (Art. 6(1)(b) GDPR) — processing your order and contacting you about delivery and payment.
- Customer enquiries (Art. 6(1)(b) GDPR) — responding to messages sent via our contact form.
- Legal obligations (Art. 6(1)(c) GDPR) — tax and accounting records under Austrian commercial law.
- Legitimate interests (Art. 6(1)(f) GDPR) — website security and fraud prevention.
- Consent (Art. 6(1)(a) GDPR) — non-essential cookies, where applicable.
3. Data Retention
Order-related data is retained for seven (7) years in accordance with Austrian tax and commercial record-keeping requirements (Bundesabgabenordnung, BAO). Contact form messages are deleted once the enquiry is resolved, unless legal obligations require longer retention. Cart data in local storage persists until you clear your browser data.
4. Data Sharing
We do not sell your personal data. We may share data with:
- Shipping and logistics partners (name, address, contact details).
- Payment processors, if applicable for your chosen payment method.
- IT service providers acting as data processors under written agreements (Art. 28 GDPR).
- Authorities where required by Austrian or EU law.
5. International Transfers
Your data is primarily processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards under Chapter V GDPR (e.g. Standard Contractual Clauses).
6. Your Rights
Under the GDPR and Austrian DSG, you have the right to:
- Access your personal data (Art. 15 GDPR).
- Rectify inaccurate data (Art. 16 GDPR).
- Erase data where applicable (Art. 17 GDPR).
- Restrict processing (Art. 18 GDPR).
- Data portability (Art. 20 GDPR).
- Object to processing based on legitimate interests (Art. 21 GDPR).
- Withdraw consent at any time, without affecting prior lawful processing (Art. 7(3) GDPR).
- Lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, DSB) at www.dsb.gv.at.
To exercise your rights, contact us at kontakt@maximzocktatelier.pro.
7. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or alteration, in line with Art. 32 GDPR.
8. Children
Our shop is not directed at persons under 16. We do not knowingly collect data from children.
9. Changes
We may update this policy from time to time. The current version is always available at this URL. Material changes will be communicated where required by law.