Privacy Policy for Customers

General Points

We attach particular importance to data protection. This Privacy Policy is intended to explain to you the nature, scope and purpose of the personal data we collect and process. 

We process your personal data in accordance with data protection regulations (in particular the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) in their current versions). 

Controller

The controller within the meaning of the GDPR is Alpine Naturprodukte GmbH, Anichstraße 19/13, 6020 Innsbruck.

You can reach us using the following contact details: Phone: +43 5412 64128, email: datenschutz@kaufhausderberge.at. 

We do not process personal data of persons under the age of 17. If parents or guardians discover that children in their care have provided us with such data, we request that you contact us by email at datenschutz@kaufhausderberge.a to arrange its erasure. This will be carried out without undue delay.

Collection and Processing of Personal Data

Provision of the Website 

We process the personal data that your browser automatically transmits when you access our website or use it in any other way. The purpose of this process is to provide and ensure the functionality of our website and its subpages. Relevant data is temporarily stored in log files.

The following categories of personal data are processed: 

Technical usage data: IP address of the requesting computer, date and time of access, name and URL of the file accessed, referring website (referrer URL), browser and operating system used, and your access provider
The legal basis for the processing of this personal data is the protection of our legitimate interests in accordance with Article 6(1)(f) GDPR. These include, in particular, the provision of our website and the prevention of threats that may compromise the security and functionality of the website. Since processing is based on the protection of legitimate interests, you have the right to object in accordance with Article 21 GDPR (cf. Section 4.4).

We store your personal data for this purpose for a period of 90 days.

Provision of our Services

We process your personal data when you contact us, create a customer account, place orders and make payments, or use any of our other services. This processing takes place for the purpose of providing and fulfilling our services. These include the use of our online shop, order processing, shipping, payment processing and all associated customer service activities. Other purposes include the optimisation and personalisation of our services.

We transfer the necessary personal data to the shipping and logistics service providers commissioned by us in order to process your order and complete the delivery process.

We use external payment service providers for the fulfilment of payments. To this end, we transfer the personal data required to execute the respective payment transaction to the payment provider selected by you. 

The following categories of personal data are processed for this purpose:

Contact details: First name and surname, title, address, telephone number, email address, date of birth, signature
Order and contractual data: Order number, date and time, products purchased including quantities, prices, discounts, shipping and delivery options, order status (e.g. paid, shipped, returned)
Payment data: Payment method (e.g. credit card, PayPal, instant transfer, Klarna, invoice), payment information, transaction data, bank details for SEPA direct debit, data from payment service providers (e.g. PayPal account, Klarna identification data)
Shipping and logistics data: Delivery address, shipping service provider (e.g. DHL, DPD, UPS), parcel number/tracking number, handover and delivery information (e.g. storage location, confirmation of receipt)
Technical data: IP address, browser and device data, log file information relating to the order process
The legal basis for processing this personal data for the purposes mentioned is the performance of a contract or to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR, the protection of our legitimate interest in providing our services to you in accordance with Art. 6(1)(f) GDPR and, where applicable, your consent in accordance with Art. 6(1)(a) GDPR. Consent can be withdrawn at any time. Where processing is based on the protection of legitimate interests, you have the right to object in accordance with Article 21 (cf. Section 4.4).

We process your personal data for these purposes for as long as is necessary to provide our services. Furthermore, your personal data will be processed in accordance with the statutory retention and documentation obligations. Personal data subject to corporate retention obligations pursuant to Sections 190 and 212 Austrian Commercial Code (UGB) or tax retention obligations pursuant to Section 132 Austrian Federal Tax Code (BAO) is stored for a period of seven years from the end of the respective calendar year. 

Invoicing and the exercise of rights

We process your personal data for the purposes of our internal and external accounting and in the course of exercising our rights.

Your personal data may be forwarded to accountants, auditors and solicitors for the purposes of internal and external accounting and the exercise of our rights. 

We process personal data in connection with requests for information from enforcement, supervisory or control authorities and other competent public bodies.

The following personal data may be processed for this purpose: 

Contact details: First name and surname, title, address, telephone number, email address, date of birth 
Financial details: Bank details, current account information
Documentation data: Logs, expert reports and decisions
The legal basis for processing is compliance with a legal obligation pursuant to Art. 6(1)(c) GDPR (in conjunction with Sections 189 et seq. UGB) or the safeguarding of our legitimate interest in establishing, exercising or defending legal claims pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 9(2)(f) GDPR. Where processing is based on the protection of legitimate interests, you have the right to object in accordance with Article 21 GDPR (cf. Section 4.4).

We process your personal data for this purpose for as long as is reasonably necessary for internal and external accounting purposes or for establishing, exercising or defending legal claims. Furthermore, we process your personal data in accordance with the statutory retention and documentation obligations. The personal data required for this purpose will be stored until the expiry of the tax retention period of seven years in accordance with Section 132(1) Federal Tax Code (BAO) and for three years (up to a maximum of 30 years) for the establishment, exercise or defence of legal claims.

Direct advertising and marketing

Your personal data will be processed for advertising purposes. You will then receive interesting information about products and offers by post, email, WhatsApp or text message.

Your personal data is also processed for analysis purposes. This includes user segmentation, the identification of demographic characteristics, interests, the effectiveness of customer communication, and purchasing and usage habits. It is used additionally to send advertising to current customers, direct advertising, and for the planning, implementation, and performance review of targeted, interest-based advertising.

In this context, the relevant personal data may be transferred to our email delivery service providers as processors or to other delivery service providers, for example for postal mailings.

The following personal data may be processed for this purpose: 

Identity and contact details: Name, salutation, title, address (for postal advertising), email address, telephone number, customer number.
Profile, usage and transaction data: Visiting and click behaviour, search queries, device and browser data used, products purchased, shopping baskets, returns, interests, purchase frequency, age, gender, place of residence.
The legal basis for this processing is the protection of the legitimate interest in the performance of direct marketing in accordance with Art. 6(1)(f) GDPR and, where applicable, your consent in accordance with Art. 6(1)(a) GDPR. Consent can be withdrawn at any time. Where processing is based on the protection of legitimate interests, you have the right to object in accordance with Article 21 GDPR (cf. Section 4.4).

We process your personal data for these purposes as long as this is necessary for the performance of our direct advertising and marketing campaigns.

Your Rights

Right to information

You have the right, within the scope of the applicable legal provisions, to obtain confirmation at any time as to whether personal data relating to you is being processed by us. Where this is the case, you have the right to obtain information about this personal data free of charge (e.g. processing purposes, categories of personal data and recipients).

Right to withdraw consent

You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of data processing prior to the withdrawal.

Right to rectification, erasure and restriction

You have the right to obtain from us without undue delay the rectification of your inaccurate personal data. Where certain conditions are met, you also have the right to obtain erasure and restriction of the processing of your personal data without undue delay.

Right to object to data processing

Where data is processed to safeguard our legitimate interests, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If we process your personal data for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes.

Right to data portability

You have the right to have personal data concerning you, which we process on the basis of your consent or for the performance of a contract, transferred to you or to a third party in a commonly used and machine-readable format. Where you request the direct transfer of the data to another controller, this shall only be done if it is technically feasible. 

Right to lodge a complaint with the competent supervisory authority

If you believe that the processing of your personal data violates data protection law or that your legal data protection rights have been violated in any other way, you may make a complaint to the supervisory authority. The Austrian Data Protection Authority (DSB) is responsible in Austria.

You can reach the DSB using the following contact details: Barichgasse 40-42, 1030 Vienna, phone: +43 1 52 152-0, email: dsb@dsb.gv.at.

Cookies 

General Points

This website uses cookies. Put simply, cookies are data repositories consisting of a name (also called a key) and a value. These can be stored on your device for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit to the website. Persistent cookies remain stored on your device until you delete them or they are automatically deleted by your web browser.

When storing data on the user's computer or mobile device, a basic distinction is made between different methods. If the web server that provides the website stores cookies directly on the user's computer or mobile device, these are referred to as "HTTP header cookies". Furthermore, JavaScript code may be used to store cookies in the user's browser. For reasons of simplicity, the term "cookies" is used in the following for all these and similar technologies.

Cookies have a variety of functions. Numerous cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or to show advertising. 

Consent Management

Where cookies or similar technologies are used that do not ensure the basic functionality of this website or optimisation of the internet presence, cookies will only be set and data processing based on your consent. 

You may decide for yourself whether cookies are set on this website as part of a consent management system ("cookie banner"). You may withdraw or change your consent at any time by clicking on the "Deactivate cookies" button at the end of the Privacy Policy to access the cookie banner.

You can also manage cookies directly in your browser settings. You will then have the option to block cookies completely, allow only certain types, or automatically delete all cookies when you close your browser. You can also view individual cookies, delete them selectively or set exceptions for specific websites. Kindly bear in mind that blocking or deleting cookies may limit the functionality of websites.

Necessary Cookies

These cookies are necessary for the website to function properly. They enable basic functions such as page navigation, session management, shopping cart management and access to protected areas. 

Detailed information about the individual functional cookies, such as the Magento shop system used on this website, is available in the cookie banner.

Analytics & Statistics Cookies

We use the following analytics cookies with your consent. Analytics cookies can collect information on how visitors use the website. This enables us to improve user navigation and our internet presence.

Google Analytics

Subject to your consent, we use the functions of Google Analytics, a web analytics service provided by Google LLC, based in the United States. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) ("Google") is responsible for all Google services for European user companies. 

Google uses the collected data and information, among other things, to analyse use of our website, to create online reports on our behalf about the activities on our website, and to provide other services related to the use of our web pages.

The information generated by the cookie about your use of this website is usually transferred to a Google server, which acts as the direct processor. As a rule, IP addresses are already anonymised on servers within the EU. Where this information is transferred directly to Google servers in the United States without prior anonymisation and stored there, the data transfer is based on the EU-US Data Privacy Framework, to which Google LLC is subject. 

The cookier banner contains information about the individual cookies used by Google on this website.

Google Tag Manager

Subject to your consent, we use the functions of Google Tag Manager, which simplifies the integration of tracking codes on the website, making it easier for us to use web analysis tools such as Google Analytics. This service is provided by Google. According to Google, Google Tag Manager does not set any cookies itself, but personal data such as IP address, browser information and language may be collected and transferred to the Google server in connection with its use. Where information is transferred directly to Google servers in the United States without prior anonymisation and stored there, the data transfer is based on the EU-US Data Privacy Framework, to which Google is subject.

Google Ads Conversion-Tracking

Subject to your consent, we use the functions of Google Ads Conversion Tracking, an analytics service provided by Google, to measure the performance of our Google advertisements and evaluate them statistically.

If you are redirected to our website by a Google advertisement, Google Ads will set a cookie (known as a conversion cookie) on your device. This cookie is active for 30 days and is not used to identify you personally. If you visit certain pages on our website within 30 days and the cookie is still active, Google and we can recognise that you clicked on the advertisement and were redirected to our website. 

The conversion cookie expires automatically after 30 days. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".

For more information on how Google processes your personal data, visit: https://business.safety.google/intl/de/privacy/ and https://policies.google.com/privacy.

You can adjust your personalised advertising settings in your Google Account at https://adssettings.google.com. Google provides additional details about conversion tracking at https://support.google.com/google-ads/answer/7521212.

The cookier banner contains information about the individual cookies used by Google Ads on this website.

Meta-Pixel

Subject to your consent, we use the functions of the Meta Pixel. The provider is Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Irland (“Meta”).

The Meta Pixel enables us to identify visitors to our websites as a target audience to which advertising can be shown ("Meta Ads"). Meta Ads is Meta's advertising system that enables businesses to place personalised advertisements on platforms such as Facebook, Instagram, or the Meta Audience Network. By integrating the pixel, we can measure the performance of our advertisements and deliver targeted advertising, e.g. to users who have already visited our website.

We process your personal data with Meta as joint controllers. We have entered into a corresponding agreement with Meta regarding status as joint controllers, which can be accessed here.: https://www.facebook.com/legal/controller_addendum. This assigns to the respective controller the respective obligations regarding the processing of personal data as joint controllers within the meaning of Article 26 GDPR.

The contact details for Meta and Facebook's data protection officer are available here: https://www.facebook.com/about/privacy.

Meta is the central point of contact for exercising your rights as a data subject. Notwithstanding, you may still exercise your rights as a data subject with us.

For more information on how Meta processes personal data, including the legal basis and options for exercising data subject rights vis-à-vis Meta, visit: https://www.facebook.com/about/privacy.

You can deactivate the Meta Pixel settings at any time via the cookie settings or, which logged in as a user, by visiting https://www.facebook.com/settings/?tab=ads#. The storage period for Meta pixels set on this website is no more than two years.

Should you wish to prevent the transfer of information to Meta when visiting our websites, you can do so in addition to the options described above by logging out of your Meta account before visiting our website.

Matomo

Subject to your consent, we use the functions of the web analysis service Matomo Analytics ("Matomo") for statistical analysis of website usage. The service provider is the New Zealand company InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.

Matomo places cookies on the devices of website visitors, which are used to retrieve information such as the IP address, browser information, the previously visited website, and the date and time of the server request. For a complete list of the data collected by Matomo, visit: https://matomo.org/faq/general/faq_18254/. 

Matomo stores data exclusively in the EU and is used with the extension "anonymizeIp ()", which processes IP addresses in a truncated form. For a complete list of the cookies used by Matomo, visit: https://matomo.org/faq/general/faq_146/

Data transfer is based on the adequacy decision of the EU Commission in accordance with Article 45 of the GDPR.

The cookier banner contains information about the individual cookies used by Matomo on this website.

OptinMonster

Subject to your consent, we use the functions of the web optimisation and conversion tool OptinMonster to display pop-ups, forms and other pop-ups depending on visitors’ behaviour and to distinguish between returning and new users. The service provider is OptinMonster (Retyp, LLC, or Awesome Motive, Inc.), based in West Palm Beach, Florida, USA.

OptinMonster processes certain usage data when you visit our website in order to show personalised pop-ups, forms and marketing elements and to measure their performance. In particular, information is collected about the device used, the browser type, the IP address (abbreviated/anonymised), the pages accessed, the date and time of access, and whether the visitor is new or returning. 

The transfer of personal data is based on standard contractual clauses in accordance with Article 46(2)(c) GDPR. We will be happy to provide you with a copy of the applicable standard contractual clauses upon request.

The cookier banner contains information about the individual cookies used by OptinMonster on this website.

Active Campaign

Subject to your consent, we use cookies from ActiveCampaign to store and evaluate interactions on our website. The service provider is ActiveCampaign, LLC, 1 N Dearborn St, 5th Floor, Chicago, IL 60602, USA (“ActiveCampaign”).

We use ActiveCampaign to perform marketing and communication processes (e.g. newsletter circulation, user navigation, automation) and to better understand our website interactions. ActiveCampaign processes the following data in particular: Visitor behaviour (e.g. pages viewed, length of stay, interactions), repeat visits, technical information about the device and browser.

Data transfer is based on the adequacy decision of the EU Commission in accordance with Article 45 of the GDPR.

The cookier banner contains information about the individual cookies used by ActiveCampaign on this website.

Links

The website contains thumbnails with the Facebook, Instagram and YouTube logos, which link visitors to Meta and Google's external sources when selected.

Clicking on the respective thumbnail will open a new tab, which redirects you away from our website. We therefore have no influence on any subsequent data processing and transfers carried out by Meta or Google. For more information on the processing of your personal data by Meta or Google, visit: https://www.facebook.com/about/privacy and https://safety.google/safety/. 

Trusted Shops

We will, with your consent, use Trusted Shops widgets to display Trusted Shops services (e.g. quality seals, collected reviews) and to offer Trusted Shops products to buyers after they have placed an order.

The Trustbadge and the services advertised therein are offered by Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne ("Trusted Shops"), with whom we are joint controllers in accordance with Article 26 GDPR. This Privacy Policy provides information on the material contractual content in accordance with Article 26(2) GDPR.

Within the framework of our status with Trusted Shops as joint controllers, kindly contact Trusted Shops first of all with any data protection queries and to exercise your rights. To do so, use contact details provided in the Privacy Policy. Notwithstanding, you may always contact the controller of your choice. If necessary, your enquiry will then be forwarded to the relevant controller to obtain a response.

Data processing when integrating the Trustbadge/other widgets

The Trustbadge is made available by a US-based CDN (content delivery network) provider.

A sufficient level of data protection is ensured in each case by an adequacy decision of the EU Commission. Standard contractual clauses have been agreed as an appropriate safeguard where service providers are not certified under the EU-US Data Privacy Framework. We will be happy to provide you with a copy of the applicable standard contractual clauses upon request.

When the Trustbadge is accessed, the web server automatically saves a server log file that also contains your IP address, date and time of retrieval, volume of data transferred and the requesting provider (access data) and documents the retrieval. The IP address is anonymised directly after collection so that the stored data cannot be traced back to you. The anonymised data is used in particular for statistical purposes and error analysis.

Data Processing after Order Completion

Where you have provided consent, the Trustbadge will access the order information stored on your device (order total, order number, product purchased, if applicable) and your email address after the order has been completed, and your email address will be hashed using a cryptographic one-way function. The hash value will then be transferred to Trusted Shops with the order information in accordance with Art. 6(1)(a) GDPR. The purpose here is to check whether you are already registered for Trusted Shops services. If so, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. Where you have not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will then have the option of registering manually to use the services or concluding the security agreement as part of your existing user agreement, if applicable.

For this purpose, the Trustbadge accesses the following information stored on the device you are using once you have completed your order: Order amount, order number and email address. This is necessary so that we can offer you buyer protection. The data will only be transferred to Trusted Shops once you have actively opted to take out buyer protection by clicking on the matching button in the Trustcard. If you decide to use the services, further processing will be based on the contractual agreement with Trusted Shops in accordance with Art. 6 (1) (b) GDPR in order to complete your registration for buyer protection and secure your order, as well as to send you evaluation invitations by email if necessary.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Article 6(1)(f) GDPR for the purpose of ensuring smooth operation. Processing in this context may take place in third countries (the United States and Israel).

A sufficient level of data protection is ensured in each case by an adequacy decision of the EU Commission. Standard contractual clauses have been agreed as an appropriate safeguard where service providers are not certified under the EU-US Data Privacy Framework. We will be happy to provide you with a copy of the applicable standard contractual clauses upon request.

Version February 2026