Privacy Policy

This privacy notice informs you in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act about the processing of personal data when you visit our online store westgem.store and place an order with us.

1. data controller

The controller within the meaning of the GDPR is:

SAND GREEN OÜ Narva maantee 5, 10117 Tallinn, Estonia Company registry number: 16188626 VAT ID: EE102353341 Email: central@westgem.com Phone: +43 (0) 664 88 59 41 43

2. what data we process

When you simply browse our website, technically necessary server logs are recorded (truncated IP address, date and time, requested page, user agent, referrer). This data is needed to deliver the website and to defend against attacks.

When you place an order, we process the master and contact data you provide (first and last name, billing and delivery address, email, optionally phone number), contract data (ordered products, prices, order date, shipping status) and payment data (depending on the payment method chosen - see section 5).

If you create a customer account, we additionally store your username, a hashed password and your order history.

If you contact us by email or via a contact form, we process the content and sender details you transmit in order to respond to your enquiry.

3. legal bases

Processing takes place on the following legal bases: Art. 6(1)(b) GDPR (contract performance and initiation) for handling your order and customer account; Art. 6(1)(c) GDPR (legal obligations) in particular for the retention of invoices under commercial and tax law; Art. 6(1)(f) GDPR (legitimate interests) for the secure operation of the website, fraud prevention and improvement of our services; Art. 6(1)(a) GDPR (consent) wherever you have expressly agreed (e.g. newsletter, non-essential cookies).

4. cookies and similar technologies

We use technically necessary cookies so that the shopping cart, login and language selection work. These cookies cannot be disabled without rendering the store unusable.

Any analytics, reach measurement or marketing cookies beyond that are only used after your explicit consent via our cookie banner. You can withdraw your consent at any time using the "Cookie settings" link in the footer.

5 Recipients and processors

We only share your data with service providers that are required to fulfill your order and that are bound to confidentiality:

  • Payment service providers (e.g. Stripe, PayPal) - for processing the payment. The exact data transmitted depends on the payment method chosen.
  • Shipping providers (e.g. Austrian Post, DHL, GLS) - name and delivery address to deliver the goods.
  • Hosting and infrastructure providers within the EU.
  • Tax advisors and bookkeeping within the framework of statutory retention obligations.

Transfers to recipients in third countries (outside the EU/EEA) only occur if you have consented or if it is necessary to perform the contract (e.g. international shipping). In such cases we ensure an adequate level of data protection by means of EU Standard Contractual Clauses.

6. retention periods

Order data and invoices are retained for 7 years in accordance with statutory retention obligations (Estonian Accounting Act, comparable to § 132 BAO Austria / § 147 AO Germany). We delete customer account data as soon as you close your account, unless retention obligations require otherwise. Contact enquiries without order reference are deleted at the latest 12 months after they have been conclusively answered. Server logs are anonymized or deleted after 14 days.

7. your rights

You have, at any time, the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21), as well as the right to withdraw any consent you have given at any time (Art. 7(3) GDPR). Withdrawal of consent only affects future processing.

To exercise your rights, an informal message to central@westgem.com is sufficient.

Irrespective of the above, you have the right to lodge a complaint with a data protection supervisory authority - in Estonia with the Andmekaitse Inspektsioon (aki.ee), in Austria with the Datenschutzbehörde (dsb.gv.at), in Germany with the competent state authority.

8. embedded third-party content

Product pages and editorial content may contain embedded media (e.g. images, videos, maps). Such content behaves as though you had visited the respective third-party site - those providers may set cookies and record your interaction. We only load third-party content automatically where it is technically required; otherwise we ask for your consent first.

9. data security

Your data is transmitted in encrypted form via TLS (https). Personal data is only accessible to employees and processors who need it to perform their tasks. We regularly review the effectiveness of our technical and organizational measures (TOMs).

10. changes to this privacy notice

We reserve the right to adapt this privacy notice in order to reflect changes in the legal situation or changes to our services. The current version is always available at westgem.shop/datenschutz.