Privacy Policy

Protecting your personal data is of particular concern to us. Therefore, we process your data exclusively in accordance with the legal provisions of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), and the Telecommunications Act (TKG 2003). With this privacy policy, we inform you about the most important aspects of data processing when using our website and our services (online shop).

RESPONSIBLE PARTY / CONTACTING US: BUTTERMLK, Michaela Sima, Postfach 41, 1072 Vienna, Austria processes personal data as the data controller in accordance with the GDPR.

You can contact us via email (info@buttermlkswimwear.com). Your provided data will be stored by us for twelve months for the purpose of processing the inquiry and for follow-up questions. We do not disclose this data without your consent.

OUR PRODUCT: BUTTERMLK is an online shop .

PERSONAL DATA: In accordance with Article 4(1) GDPR, "personal data" refers to any information relating to an identified or identifiable natural person ("data subject").

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

CATEGORIES OF DATA SUBJECTS: Visitors to our website; as well as Customers and potential customers who use or wish to use our services.

LEGAL PROVISIONS / GDPR: The processing of your personal data is based on the following legal provisions:

Consent given in accordance with Article 6(1)(a) GDPR; For the performance of our contractual obligations within the scope of our services, the execution of pre-contractual measures based on your request. Furthermore, for the fulfillment of our contractual obligations for processing personalized advertising in accordance with Article 6(1)(b) GDPR; Based on our legal obligations pursuant to Article 6(1)(c) GDPR; and To safeguard our legitimate interests, such as the enforcement and defense of claims and the fulfillment of contracts with third parties, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override those interests, in accordance with Article 6(1)(f) GDPR.

DATA PROCESSED BY US: Website Visit When visiting our website, the following personal data about you are automatically processed:

Name and version of your web browser Date and time of your visit to a page on our website IP address and IP location Referrer URL Session ID Web server log files (using necessary cookies) Search engines and keywords you used to find us Data on your interaction with the website (number of visits and duration of stay as well as the selected language) Data concerning your device (screen resolution, ISP, and operating system)

During your visit to our website, the following personal data about you are automatically processed:

to communicate with you within the framework of the website and service and to provide our services to you; for the improvement and optimization of our offers/services and the website; to create statistics and graphics (solely in anonymous form); for security purposes (identity verification, for securing and operating this website and our software, fraud detection and prevention, detection of security vulnerabilities, traceability of security measures, technical support, traceability of accesses).

For the further development of the website

During the use of the website by you, errors may occur in the background that you may not notice. We automatically capture data about the error and the circumstances of its occurrence. This data may include technical details about your device, attempted actions, and other technical information related to the problem. You may not receive notifications about such errors, even if they occur. Please note that these pieces of information, taken on their own, are not personally identifiable and are used exclusively for the improvement of the website by BUTTERMLK. The data we collect may depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to find out what information you provide to us.

Legal Basis: To the extent that your personal data are processed when visiting our website, we rely on our legitimate interest pursuant to Art 6(1)(f) GDPR. Our interest is to offer our website in the best possible and secure manner and to protect you from attacks by third parties.

Engagement of BUTTERMLK

When purchasing on BUTTERMLK the following personal data about you are automatically processed:

First and last name Company / company registration number Email address Address Payment data (UID number) Phone number Name of the management / position

Why do we process your data:

to respond to your inquiry as a service provider; to carry out/execute the contractual relationship with you (conclusion of contract, activity as an advertising agency, invoicing etc.); to enforce any claims (reminder system, enforcement and defense of claims, evidence preservation); to fulfill legal obligations / retention obligations; and to improve and optimize our offer.

Legal Basis:

To the extent that we process your personal data in the context of engagement as an advertising agency, we do so to fulfill our (pre-)contractual obligations within the scope of our services, for the execution of pre-contractual measures based on your request. If your request results in an engagement, we also process your personal data from the request on the basis of our contractual obligations pursuant to Art 6(1)(b) GDPR.

Newsletter Subscription

When subscribing to our newsletter, the following personal data about you are automatically processed: Email address Company Gender Position

Why do we process your data:

We reserve the right to send you a newsletter with updates, greetings, and other information ("newsletter service") only upon receipt of your consent, in order to keep you informed about advertising (in particular for marketing and personalized advertising measures, including the sending of electronic advertising (email, push messages). When you consent to the newsletter, we process the data voluntarily provided by you within the scope of our newsletter service.

Legal Basis:

Your personal data are processed in connection with our newsletter service exclusively and explicitly based on your voluntary consent pursuant to Article 6(1)(a) GDPR in conjunction with § 174 TKG. If you do not wish to provide us with your data, we cannot offer you the newsletter service. The consent regarding the newsletter service can be revoked by you at any time via info@buttermlkswimwear.com

Social Media

You can communicate with us on our social media pages; for example, by commenting on our posts, reacting to them (e.g., clicking "Like"), sharing them, or sending them to other users. We process your interactions, your username, and, if applicable, the personal data of invited third parties. This data may also be processed by the platforms in this context. In this case, the respective platform and we are joint controllers within the meaning of Article 26 GDPR. For more information regarding the processing of your data, please refer to:

Facebook: https://www.facebook.com/privacy/explanation Instagram: https://help.instagram.com/519522125107875 LinkedIn: https://www.linkedin.com/legal/privacy-policy

We process your personal data to get in touch with you or to promote our offer.

Legal basis:

The data processing is carried out to respond to your inquiries, to address your posts, and to promote our offer. The processing is therefore based on mutual legitimate interests according to Art. 6(1) lit. f GDPR, and in the event of subsequent engagement, to fulfill our (pre-)contractual obligations according to Art. 6(1) lit. b GDPR.

DATA DELETION

Visit to the website Data regarding the visit to our website will be stored for a period of 14 months.

Commissioning as advertising agency/social media From the point at which there are no longer grounds that justify us processing your data, such as Processing that exceeds the scope of your consent, Expiration of statutory retention obligations, or our legitimate interest in data processing no longer exists, we will delete your personal data three years after commissioning, unless longer retention periods apply.

The collected data will not be stored longer than necessary to fulfill the purposes mentioned above.

PROTECTION MEASURES To continue to maintain our organizational quality, especially to comply with data protection requirements, we have established organizational and technical security measures (Article 32 GDPR). These are evaluated and adjusted as necessary to changing conditions.

We protect your data to the best of our knowledge and belief against loss, destruction, falsification, manipulation, unauthorized access, and unauthorized disclosure. We would like to point out that data transmission over the internet can have security vulnerabilities, and unfortunately, in certain cases, it is not possible to protect your data completely from access by third parties.

MARKETING / EMAIL ADVERTISING If you consent to receiving electronic advertising, your email address will be added to our distribution list. Until you revoke your consent, we are entitled to send newsletters or electronic advertising to this address. You can also unsubscribe from receiving electronic advertising or newsletters at any time by clicking on the unsubscribe link at the end of each advertising/newsletter email from us. Your personal data will be processed as long as you have not revoked the consent given for the respective purpose.

REDIRECTION TO OTHER SITES/HOMEPAGES In case our website contains links to third-party websites and services, please note that these websites and services have their own privacy policies. If you follow a link to third-party content, please read their privacy policies to understand how they collect and use personal data. This privacy policy applies exclusively to the use of the BUTTERMLK website. Please note that we have no control over the content and policies of external websites and cannot assume any responsibility or liability for their privacy practices.

DATA REDIRECTION Our website is regularly serviced by IT service providers. The same applies to our newsletter service. These IT service providers work on our behalf and under our instructions. IT service providers may have access to personal data in order to provide the contracted IT services. We try to keep such access as limited as possible.

Without consent, your data will not be disclosed to any further third parties.

DATA PROTECTION/CHILDREN We provide our services exclusively to individuals who have already reached the age of eighteen.

COOKIES Our website uses so-called cookies. These are small text files that are stored on your device via your browser. They do no harm. Data processing is necessary for the purpose of data security and abuse prevention and is therefore based on our legitimate interests (Art. 6 para. 1 lit. f GDPR in conjunction with § 165 para. 3 TKG).

We use cookies to make our offer user-friendly. Some cookies remain stored on your device until you delete them. You enable us to recognize your browser on your next visit.

If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and allows this only in individual cases.

Please note that if you deactivate cookies, the functionality of our website may be restricted.

WEB ANALYSIS Our website uses functions of the web analysis service Google Analytics. For this purpose, cookies are used, which enable an analysis of the use of the website by your users. The information generated by the cookie about the use of the website by your users is generally transferred to a Google server and stored there.

The following data is recorded during your visit to our website: Pages visited; Orders including revenue and ordered products; the achievement of "website goals" (e.g., contact requests and newsletter registrations); your behavior on the pages (e.g., dwell time, clicks, scrolling behavior); your approximate location (country and city); your IP address (in truncated form, so that no unique assignment is possible); technical information such as browser, internet provider, end device, and screen resolution; origin source of your visit (i.e., through which website or advertising medium you came to us).

However, personal data such as name, address, or contact details is never transmitted to Google Analytics.

You can prevent this by setting up your browser so that no cookies are stored. (See: https://tools.google.com/dlpage/gaoptout?hl=en).

We have concluded a corresponding contract for order data processing with the provider.

Your IP address is recorded, but immediately pseudonymized (e.g., by deleting the last 8 bits). This makes only rough localization possible.

The relationship with the web analytics provider is based on the EU "Privacy Shield". Google also processes the data in the USA but has submitted to the EU-US Privacy Shield. Accessible at:

https://www.privacyshield.gov/EU-US-Framework

Data processing is based on the legal provisions of § 96 para. 3 TKG as well as Article 6 para. 1 lit. a (consent) and/or f (legitimate interest) of the GDPR.

Our concern within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our website appearance. Since the privacy of our users is important to us, user data is pseudonymized.

User data is automatically deleted after 14 months.

YOUR RIGHTS With regard to your data stored with us, you generally have the right to information (according to Article 15 GDPR), correction, deletion (according to Article 17 GDPR), restriction (according to Article 18 GDPR), data portability (according to Article 20 GDPR), revocation, and objection (according to Article 21 GDPR).

If you believe that the processing of your data violates data protection regulations or your data protection rights have otherwise been violated, you can complain to us at info@buttermlkswimwear.com or the data protection authority (Barichgasse 40-42, 1030 Vienna, Email: dsb.@dsb.gv.at, Tel: +43 1 52 152-0). We are reachable at info@buttermlkswimwear.com at any time for questions or your revocation.

The revocation does not affect the lawfulness of any processing carried out based on the explicit consent until the revocation (Article 7 para. 3 GDPR). In the event of revocation, you cannot continue to use the services offered by us.

CHANGES TO THE DATA PROTECTION AGREEMENT We reserve the right to update this data protection agreement based on new legal developments or changes in corporate processes. The new version will apply upon provision on our website. Please therefore check our data protection agreement regularly.