On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland («Google»). Google uses cookies for this purpose. The information generated by the cookie about the use of the website, such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. For this purpose, we have concluded an order processing agreement with Google pursuant to Art. 28 GDPR.

On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google.

We only use Google Analytics with IP anonymization enabled by adding the code «anonymizeIP» to this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases, the full IP address is transferred to a Google server and shortened there.

The data about the use of our website will be deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can ask us at any time for the retention period currently set by us or assert a deletion.

The processing of your data using cookies as part of this service is based on your express consent pursuant to Art 6 (1) (a) GDPR. You may revoke your consent at any time with effect for the future pursuant to Art 7 (3) GDPR. In the event that consent is not given or in the event of revocation, only those cookies will be set that are absolutely necessary for the operation and use of our website. In this and all other cases, your data will only be processed due to technical necessities on the basis of our legitimate interest pursuant to Art 6 (1) (f) GDPR.

If you do not agree to the processing of your data, you can also prevent the storage of cookies at any time by making a setting in your browser. You can find more information on this under the item «Cookies» in this privacy policy.

In addition, you can prevent the collection of data by cookies by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en  .

For more information on data usage by Google, setting and objection options, please refer to Google’s privacy policy at https://policies.google.com/privacy?hl=en.

Insofar as data should be processed by Google in the USA, we point out that Google is certified under the Privacy Shield Agreement and thereby assures that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The Privacy Shield Agreement is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards in the USA. The transfer of data to the USA would therefore be permissible under Art. 45 GDPR.

Our website uses so-called web fonts provided by Google for the uniform display of fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland («Google»). For this purpose, the browser you use must connect to Google’s servers. Through this, Google obtains knowledge that our website was accessed via your IP address. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google. If your browser does not support web fonts, a standard font is used by your computer. In addition to the IP address, information such as language settings, screen resolution, version and browser name are automatically transmitted to Google servers by each Google Font request. It is not clear whether this data is also stored. In any case, the collected usage data allows Google to determine the popularity of fonts. Google publishes the results on internal analysis pages (e.g. Google Analytics).

Insofar as data is processed by Google in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby assures that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The transfer of data to the USA is therefore permitted under Art. 45 GDPR.

With Google Fonts, we can use fonts on our own website and do not have to upload them to our server. Google Fonts is an important component to keep the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for mobile devices. When you visit us, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts and support all major browsers. The processing of your data is therefore in our legitimate interest in a uniform and appealing presentation of our online offer. In any case, this constitutes a legitimate interest within the meaning of Art 6(1)(f) GDPR.

Google stores requests for CSS assets on their servers for one day. This allows us to use the fonts with the help of a Google stylesheet. The font files are stored by Google for one year. To delete data early, you must contact Google support (https://support.google.com/?hl=de&tid=231563100246).

For more information about Google Fonts, see https://developers.google.com/fonts/faq  and Google’s privacy policy: https://policies.google.com/privacy?hl=en.

As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest pursuant to Art 6 (1) (f) GDPR in optimizing our website offering. To provide our online presence, we use services of web hosting providers to whom we provide the above-mentioned data as part of order processing pursuant to Art 28 GDPR.

When contacting us, your data will be used to process the contact request and its settlement in the context of the fulfillment of pre-contractual rights and obligations pursuant to Art. 6 (1) (b) GDPR. The processing of your data is necessary to process and respond to your request, otherwise we will not be able to respond to your request or at most in a limited manner. The information may be stored in a customer and prospect database on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR in direct marketing.

We will delete your inquiry and your contact data if your inquiry has been conclusively answered and the deletion does not conflict with any legal retention periods, e.g. in the context of subsequent contract processing. This is usually the case if there has been no further contact with you for three years.

For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.

The following data is logged:

• visited website
• type of browser/browser version used
• operating system used
• the previously visited page
• host name of the accessing computer
• time of the server request
• amount of data sent
• host name of the accessing computer (IP address used)

This data is not assigned to any natural person and is only used for evaluations to improve our website. This data is only transmitted to our website provider. This data is not linked or merged with other data sources. In the event of illegal use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR in the technically error-free presentation and optimization of our website.

The data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data is retained until final clarification of an incident.

For your visit to our website, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser, based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the use of suitable encryption techniques. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved according to the technological development and kept at the state of the art.

If you send us inquiries by email, your details, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We expressly point out that data transmission over the Internet (eg communication by email) security gaps and can not be completely protected against access by third parties.

The use of the contact data of our imprint or our website for commercial advertising is expressly not desired, unless we give written consent for this. All persons named on this website hereby object to any commercial use and disclosure of this data.

Fanzoj Jagdwaffen GmbH, Griesgasse 3, 9170 Ferlach, Austria.

The protection of your personal data is an important concern for us.

Personal data is information that can be individually assigned to you. Examples include your address, name, postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data, because it is not assigned to a person.

We treat personal data in accordance with the statutory data protection regulations, in particular the EU General Data Protection Regulation and in accordance with this data protection declaration and the respective nationally applicable data protection laws.

Processing of personal data by us:

Your rights

You have the right to:

• In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
• pursuant to Art. 16 GDPR, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
• pursuant to Art 21 GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
• In accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
• complain to a supervisory authority in accordance with Art. 77 GDPR regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

The competent authority for Fanzoj Jagdwaffen GmbH is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

You yourself decide on the use of your personal data. Therefore, should you wish to exercise any of your above-mentioned rights against us, please feel free to contact us by email at office@fanzoj.com. Please submit a copy of an official photo ID together with your request for clear identification and assist us in specifying your request by answering questions from our responsible staff regarding the processing of your personal data. Please indicate in your request in which role (employee, applicant, supplier, customer, etc.) and in which period of time you have had a relationship with us. This will enable us to process your request in a timely manner.

According to Art 5 (1) (e) GDPR, we are obliged to delete personal data immediately as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that statutory retention obligations and periods constitute a legitimate purpose for the processing of personal data.

In any case, data will be stored and retained by us in personal form until the termination of the business relationship or until the expiry of applicable guarantee, warranty or limitation periods; furthermore, until the termination of any legal disputes in which the data are required as evidence; or in any case until the expiry of the third year after the last contact with a business partner.

Transfer of data

We do not transfer your personal data to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

You have given your express consent to do so in accordance with Art. 6 (1) (a) GDPR, the disclosure is necessary in accordance with Art. 6 (1) (f) GDPR to protect the interests of the company, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, for the case that the disclosure is necessary in accordance with Art. 6 (1) (c) GDPR a legal obligation exists, as well as this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 (1) (b) GDPR.

If we commission third parties with the processing of data on the basis of an order processing agreement, this is done on the basis of Art 28 GDPR.

Insofar as we process data in a third country or do so in the context of using third-party services or disclosing, or transferring data to other persons or companies, this will only be done for the reasons outlined above for the transfer of data. Subject to explicit consent or contractual necessity, we only process or allow data to be processed in third countries with a recognized level of data protection, which includes US processors certified under the «Privacy Shield» or on the basis of special guarantees, such as contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art 44 — 49 GDPR).

In accordance with Art 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration on our website at any time.