1) Introduction and Controller Contact Information 1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data is any information that can be used to identify you personally.
1.2 The controller responsible for data processing within the meaning of the GDPR is: Balazs Janos Elo e.U. Hauptplatz 14, 7471 Rechnitz, Austria Phone: +43 Email: info@kratoshop.at
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data Collection When Visiting Our Website 2.1 If you use our website purely for informational purposes, i.e., you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server ("server log files"):
Visited page
Date and time of access
Amount of data transferred (in bytes)
Referring page/source
Browser used
Operating system
IP address (in some cases anonymized)
This data is processed based on Article 6(1)(f) GDPR, due to our legitimate interest in ensuring the stability and functionality of the website. The data will not be passed on to third parties unless there is evidence of unlawful use.
2.2 Our website uses SSL or TLS encryption. A secure connection is indicated by “https://” and the lock icon in your browser’s address bar.
3) Cookies Our website uses cookies to enhance the user experience and provide certain functions. Cookies are small text files stored on your device.
There are:
Session cookies (deleted when the browser is closed)
Persistent cookies (remain for a longer period)
Legal bases for cookie data processing may include:
GDPR Art. 6(1)(b): performance of a contract
GDPR Art. 6(1)(a): consent
GDPR Art. 6(1)(f): legitimate interest
You can change your cookie settings in your browser. Disabling cookies may affect some website functionality.
4) Contacting Us If you contact us (e.g., via email or contact form), we will use the information you provide solely to respond to your inquiry.
Legal basis:
Legitimate interest: GDPR Art. 6(1)(f)
If related to a contract: GDPR Art. 6(1)(b)
Data will be deleted once your inquiry has been resolved and there are no legal retention requirements.
5) Creating a Customer Account When you register, we process the data you provide for the purpose of fulfilling the contract (GDPR Art. 6(1)(b)). You can delete your account at any time. Data will be deleted if no contractual relationship or legal obligations exist.
6) Order Processing 6.1 Image File Uploads: If you send us an image for product customization, it is used solely for fulfilling your order. The files are automatically deleted after the order is completed.
6.2 Data Transfer to Shipping and Financial Partners: During order processing, your data may be shared with necessary partners for shipping and payment purposes (GDPR Art. 6(1)(b)).
For digital product updates, your contact data may be used to fulfill legal obligations (GDPR Art. 6(1)(c)).
7) Data Subject Rights You have the following rights under the GDPR:
Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Notification obligation (Art. 19)
Right to data portability (Art. 20)
Right to withdraw consent (Art. 7(3))
Right to lodge a complaint (Art. 77)
Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests at any time. If the objection is justified, we will stop the processing. You may also object specifically to data processing for direct marketing purposes—in which case we will immediately cease such processing.
8) Data Retention Period The retention period of data depends on the legal basis, purpose of processing, and statutory retention obligations.
Consent-based: retained until consent is withdrawn
Contract-based: retained until contract completion and expiration of legal obligations
Legitimate interest: retained until you exercise your right to object
Once the purpose for processing has ceased, the data will be deleted unless otherwise required by law.
