Privacy

Privacy Policy (buddycare.eu)

 

Last updated: 21 January 2026

 

We process personal data (“data”) only to the extent necessary to provide our online shop, to process orders, and to communicate with you. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

 

1) Controller / Contact

Controller (Art. 4(7) GDPR):

BUGSLOCK GmbH

St. Stefan 106 – Gewerbe-Zone West

A-9142 Globasnitz

Phone: +43 1 2361919

Fax: +43 1 2361919-9

Email: info(@)bugslock.at

 

Data protection contact / Data Protection Officer:

Thomas Thonhofer

BUGSLOCK GmbH

St. Stefan 106 – Gewerbe-Zone West

A-9142 Globasnitz

Phone: +43 1 2361919

Email: info(@)bugslock.at

 

2) Your rights

Subject to the applicable legal requirements, you have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object to processing based on legitimate interests (Art. 21 GDPR)

• Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

 

Competent supervisory authority in Austria:

Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna, Austria.

 

3) Overview of processing

a) Categories of data

Depending on how you use our website, we may process in particular:

• Identification data (name)

• Contact data (address, email, phone number)

• Order data (items, quantities, prices, shipping/billing details)

• Payment/transaction data (payment status, reference numbers; depending on payment method)

• Account/login data (email address, password hash)

• Communication data (enquiries, message content)

• Usage/device data (IP address, log data, browser/system information, cookie/local storage IDs)

 

b) Purposes and legal bases

We process data in particular:

• to take steps prior to entering into a contract and to perform a contract (Art. 6(1)(b) GDPR),

• to comply with legal obligations (Art. 6(1)(c) GDPR),

• to safeguard legitimate interests (Art. 6(1)(f) GDPR), e.g. IT security, prevention of misuse,

• on the basis of your consent (Art. 6(1)(a) GDPR), e.g. for optional services and reCAPTCHA (see below).

 

c) Recipients / categories of recipients

We use service providers that process data on our behalf (processors, Art. 28 GDPR), e.g. hosting/IT service providers. We also disclose data to recipients where this is necessary for contract performance (e.g. payment service providers, shipping service providers) or where we are legally required to do so.

 

d) Transfers to third countries

For certain services (in particular Google reCAPTCHA), transfers to third countries (e.g. the USA) cannot be ruled out. Where required, such transfers are based on appropriate safeguards (in particular EU Standard Contractual Clauses) and/or applicable adequacy decisions.

 

e) Storage periods

We store data only for as long as necessary for the stated purposes. In addition, we store data where statutory retention obligations apply (especially under tax and commercial law). After that, data will be deleted or anonymised.

 

4) Hosting (Hetzner)

Our online shop is hosted by:

Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

Hetzner processes data as a processor in the context of hosting (e.g. server operation, database, technical provision).

 

5) Server log files (operation of the website)

When you access our website, technical information transmitted by your browser is processed (e.g. IP address, time of access, page accessed, referrer, browser/OS). This processing serves stability, security and error analysis.

Legal basis: Art. 6(1)(f) GDPR.

Storage period: generally up to 7 days; longer storage only in the event of security/incidents or misuse.

 

6) Cookies, local storage & consent management

a) Technically necessary cookies / storage

We use technically necessary cookies or similar technologies (e.g. local storage) to provide core shop functions (shopping cart, login, language settings, security functions).

Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.

 

b) Consent for optional services (consent tool)

Non-essential services (e.g. Google reCAPTCHA) are loaded only after your consent. Your selection is usually stored in the “local storage” on your device and can be changed at any time via the privacy/cookie settings (fingerprint icon).

Legal basis: Art. 6(1)(a) GDPR.

 

c) Browser settings

You can delete or block cookies at any time via your browser settings. If you restrict technically necessary cookies, the shop may not function fully.

 

7) Customer account / registration

A customer account is intended for placing orders. In this context, we process the data you provide (e.g. name, address, email) to create and manage your account and to maintain your order history.

Legal basis: Art. 6(1)(b) GDPR.

Storage period: until deletion of the customer account; beyond that only insofar as statutory retention obligations apply.

 

8) Order processing, shipping and accounting

We process your data to handle orders, delivery, invoicing, warranty and customer service. Where necessary for delivery, data may be passed on to shipping/logistics service providers (typically name, address, and possibly email/phone number for delivery notifications).

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

 

9) Payment processing (payment service providers)

Depending on the payment method chosen, the payment-related data necessary for processing is transmitted to the relevant payment service provider. We typically receive confirmations/status information about the payment.

 

a) Mollie (e.g. credit/debit card, EPS etc., depending on your selection)

If a payment method is processed via “Mollie”, payment processing is provided by:

Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, The Netherlands.

Legal basis: Art. 6(1)(b) GDPR.

Note: Mollie may process data in its own responsibility. Mollie’s privacy information also applies.

 

b) PayPal

If you pay via PayPal, payment processing is provided by:

PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.

Legal basis: Art. 6(1)(b) GDPR.

Note: PayPal may process data in its own responsibility. PayPal’s privacy information also applies.

 

10) Contact (email / forms)

If you contact us, we process the data you submit to handle your enquiry and respond to follow-up questions.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures/contract) or Art. 6(1)(f) GDPR (general enquiries).

 

11) Google reCAPTCHA (spam/misuse protection for forms)

We use Google reCAPTCHA to protect certain forms. In doing so, information such as IP address, device/browser data and interaction data may be processed and transmitted to Google. reCAPTCHA is loaded only after your consent via the privacy/cookie settings. If you do not consent, you can alternatively contact us by email.

Legal basis: Art. 6(1)(a) GDPR (consent).

 

12) Product reviews

If you submit product reviews, we process the content you provide and technical metadata (e.g. timestamp). Abusive content may be reviewed for moderation and legal enforcement.

Legal basis: Art. 6(1)(f) GDPR (prevention of misuse, legal enforcement) and—if linked to account/order—Art. 6(1)(b) GDPR.

 

13) Data security

We implement technical and organisational measures to protect data against loss, manipulation and unauthorised access (e.g. access controls, encryption, security updates).

 

14) No YouTube/Vimeo embedding

buddycare.eu currently does not embed YouTube or Vimeo videos. If external content is embedded in the future, it will—where required—only be loaded after your consent via the privacy/cookie settings.

 

15) Changes to this privacy policy

We may update this privacy policy if the legal situation, services or processing activities change. The version published on buddycare.eu at the relevant time shall apply.