Data privacy statement


The Basic Data Protection Regulation (DSGVO) is a European Union regulation which harmonises the rules on the processing of personal data by private companies and public bodies throughout the EU. It represents a central building block in the protection of personal data within the European Union and has been in force since 2016. You can find the complete DSGVO in numerous languages and formats on the website of the European Parliament under this link; an overview with explanatory texts (the so-called “recitals”) can be found here.

This privacy statement is intended to provide information in a generally understandable form about which data is processed for which purpose, which services are used by third parties (e.g. statistical programmes, providers or newsletter providers) and which rights users of this website have.

2. Person responsible

Responsible and the person responsible for data protection:


Liliengasse 1

A-1010 Vienna


If you have any questions, please do not hesitate to contact us.

3. General information on data processing

3.1. personal data

Personal data (hereinafter referred to as “data”) is information with the help of which a person can be identified, i.e. information that can be traced back to a person. This includes, for example, the name, e-mail address or telephone number. Also data about preferences, “surfing behaviour” (which websites are visited) or the IP address.

3.2 Terms according to DSGVO

This privacy statement is based on the terms used when the Basic Data Protection Regulation (DS-GVO) was adopted. With regard to the terms used, such as “processing”, “controller” or “profiling”, we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).

3.3 Scope of processing

The use of this website is generally possible without providing personal data. In principle, we always process personal data in accordance with the Data Protection Basic Regulation (DSGVO) and in accordance with the country-specific data protection regulations applicable to our company. The collection and use of personal data of our users only takes place with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory regulations.

Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis.

3.4 Technical measure

We have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, which is why absolute protection cannot be guaranteed.

3.5 Encryption

Our website is delivered using the Secure htttp protocol (https). This SSL encryption ensures that third parties cannot read or change any transferred data according to the current state of technology. This applies both to the content of the page and to data that you send to us using forms. This website uses the certificate AlphaSSL CA – SHA256. Further technical information on the implementation of the SSL certificate can be found here.

4 Statistical Evaluations

4.1 Server logs

This website is hosted by Domainfactory GmbH, Oskar-Messter-Str. 33, DE-85737 Ismaning, in accordance with the DSGVO. According to the information provided by the provider, the usual access and connection data – such as the name of the requested file, date and time of access, transferred data volume and the requesting provider – are stored in so-called server log files. This data is evaluated exclusively to ensure trouble-free operation of the site and to improve the service and does not allow the provider or us to draw any conclusions about your person.

A contract for order data processing with the provider, as well as information on the technical/organizational measures are available. Further information on data protection can also be obtained directly from the provider.

4.2 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

We would like to point out that our website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to guarantee an anonymous recording of IP addresses (so-called IP masking). At our request, Google will therefore only record your IP address in abbreviated form, which guarantees anonymisation and does not allow any conclusions to be drawn about your identity. If IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area.

The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website and Google from processing this data by downloading and installing the browser plug-in available at the following link (

Further information on Google Analytics and data protection can be found at

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

5. Special functionalities of the website

5.1 External content, processing of data outside the EU

It may happen that contents of third parties, such as maps from Google Maps, YouTube videos or information from other websites are integrated within this online offer. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) use the IP address of the user, because without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. However, we have no influence on whether the third party providers store the IP address for statistical purposes, for example. As far as this is known to us, we will inform you about it within the scope of this data protection declaration.

JavaScript content from external providers may also be used on our website. By calling up our website, these external providers may receive personal information about your visit. Processing of data outside the EU is possible. You can prevent this by installing a JavaScript blocker such as the browser plug-in ‘NoScript’ ( or by deactivating JavaScript in your browser. This may result in functional limitations.

Basis of processing

The use of the components listed here (unless otherwise stated) is based on our legitimate interests pursuant to Article 6 (1) (f) of the DSGVO. Our interest is directed towards the economic operation of our offer as well as the use of a user-friendly and secure website that meets the usual user expectations and offers a consistent user experience on all common devices.

 5.2 Cookies

Cookies are files that make it possible to store specific information related to the device on the user’s access device (PC, smartphone, etc.). They serve, on the one hand, the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they serve to collect statistical data on the use of the website and to be able to analyse them in order to improve the offer (see “Google Analytics” section). Users can influence the use of these cookies. Most browsers have an option that restricts or completely prevents the storage of cookies; it is possible that functions of the website are not available or only available to a limited extent. You can view many online ad cookies from companies via the U.S. site or the EU site

5.3 YouTube

On this website components of the service “YouTube” ( of the operator YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, are integrated via iFrames.

YouTube is an advertising-financed video portal that allows people to post video clips free of charge and allows other users to view, rate and comment on these videos for free.

Each time a YouTube video is integrated into a single page of this website, the YouTube component automatically prompts the web browser to download a view of that component from YouTube. As part of this technical process, YouTube or Google Inc. obtains information about which specific subpage of our website is visited by the person concerned (transmission of the IP address).

If the person concerned is logged on to YouTube at the same time, the data thus determined can be assigned to the respective YouTube account or to an assigned Google account of the person concerned.

Further information on YouTube’s and Google’s data protection provisions can be found here.

5.4 Instagram

On this website components of the service “Instagram” ( of the provider Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA, are integrated via iFrames. This ad-sponsored service allows users to upload, comment on, and share photos and videos free of charge on the company’s own platform.

Each time one of the individual pages of this Web site that includes an Instagram component is accessed, the Internet browser is automatically prompted by the Instagram component to download a representation of the corresponding Instagram component. As part of this technical process, Instagram is notified of which specific subpage of our website is visited by the person concerned (IP address transmission).

If the person concerned is logged in to Instagram at the same time, the data thus determined can be assigned to the respective Instagram account of the person concerned.

More information about Instagram’s privacy policy can be found here.

5.5 Twitter

This website may include components of the “Twitter” ( service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the individual pages of this website on which a Twitter component has been integrated is called up, the Internet browser is automatically prompted by the respective component to download a display of the corresponding Twitter component. As part of this technical process, Twitter obtains information about which specific subpage of our website is visited by the person concerned (transmission of the IP address).

If the person concerned is logged on to Twitter at the same time, the data thus determined can be assigned to the respective Twitter account of the person concerned. This data is used to display personalised advertising.

Further information on Twitter’s data protection regulations can be found here; an opt-out option can be found here.

5.6 StumbleUpon

Components of the “StumbleUpon” service of StumbleUpon Inc., 660 4th Street, #558, San Francisco, CA 94107, USA are integrated on this website.

The service offered is a search engine that recommends web content to users. The evaluation of websites creates a profile of the respective user, which serves as a basis for further recommendations.

More information about StumbleUpon’s privacy policy can be found here.

5.7 Cloudflare

To secure our website and optimize loading times, a so-called “Content Delivery Network” is used, which is operated by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107.

This means that all queries are routed via the company’s servers and consolidated into statistics that cannot be deactivated. These collected raw data will be deleted within 4 hours, at the latest however after 3 days, according to the company in general.

Further information on Cloudlfare’s data protection regulations can be found here.

5.8 Webshop

We would like to point out that the IP data of the connection owner, as well as the name and address of the buyer, are stored in cookies for the purpose of simplifying the purchasing process and for later contract processing.

In addition, the following data will also be stored by us for the purpose of contract processing: Your selected products and the delivery address.

The data provided by you are necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without these data we cannot conclude the contract with you.

Various service providers or partner companies who support us in order processing and in the provision of services, such as the processing bank institutes / payment service providers for the purpose of debiting the purchase price, our production partner for the manufacture of the desired products, the transport company / shipping company commissioned by us to deliver the goods and our tax consultant to fulfill our tax obligations (order data processing pursuant to § 11 BDSG) receive the necessary data. These companies are, of course, obliged to comply with data protection regulations. Particularly strict data protection regulations apply to order data processing; in particular, these companies may use the data exclusively for the fulfilment of their tasks on our behalf. Any further data transmission to third parties will not take place.

After the purchase process has been interrupted, the data stored by us will be deleted. If a contract is concluded, all data from the contractual relationship will be stored until the end of the tax retention period (7 years).

The data name, address, purchased goods and date of purchase are stored beyond that going up to the expiration of the product liability (10 years). Data processing is carried out on the basis of the statutory provisions of § 96 Para. 3 TKG and Art. 6 Para. 1 lit a (consent) and/or lit b (necessary for contract fulfilment) of the DSGVO.

6. Marketing activities

Within our online offering, various third-party marketing tools are used due to our legitimate interests in the analysis, optimisation and economic operation of our offering.

6.1 Newsletter

On our website you have the possibility to order a free newsletter.

Content of the newsletter

We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with the consent of the recipient or a legal permission. Our newsletters contain information about events, offered services and other activities of Goodshares.

Use of the MailChimp dispatch service provider

The newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The company that operates MailChimp is certified according to the requirements of the Privacy Shield. In this respect, the prerequisites for handling data in compliance with data protection regulations are met. We have concluded a data processing agreement with the company. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass it on to third parties. You can view the privacy policy of MailChimp here.

The use of the MailChimp dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Article 6, Paragraph 1 lit. f of the DSGVO. Our interest is directed towards the use of a user-friendly and secure newsletter system that meets user expectations and serves our business interests.

Double opt-in and logging

The registration to our newsletter takes place in a so-called Double-Opt-In procedure. After sending your registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with a foreign e-mail address.

The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise the changes of your data stored with MailChimp are logged.

Processed data

To subscribe to our newsletter, it is sufficient to enter your e-mail address and confirm it in the double opt-in procedure. Optionally we ask you to enter your first and last name. This information is only used to personalize the newsletter.

The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used to technically improve the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times.

Statistical surveys include analysis of whether sent newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual recipients. However, it is not our intention to observe individual users. The analyses serve only to identify the usual reading habits of our newsletter recipients and to adapt our content accordingly. We use simple segmentation for our subscribers in order to be able to send out newsletters specific to their interests.

MailChimp also stores the following data:

Date of last profile update

Geolocalization / Time zone:

MailChimp performs a geolocalization based on the e-mail address and determines information about the IP address (geolocation data and possibly available location information) with the help of a “Geolocation Service Provider”. Geolocation is also used to determine time zones. This in turn is used for the simultaneous sending of newsletters at certain times.

Geolocalisation is carried out both when subscribing to the newsletter and when opening newsletter e-mails. This function cannot currently be deactivated with MailChimp.

Voice information:

If MailChimp can determine the language set by the user from the browser when subscribing to the newsletter or calling up links, this is also stored within the profile. This function can be used in particular to form segments of subscribers by language. This enables me, for example, to send newsletter e-mails in English to subscribers who have set English as their default language in their browser. This function cannot be deactivated by us.

Storage period, correction, cancellation, deletion

In order to be able to send the newsletter, we store and process the above data until you unsubscribe from the newsletter by clicking on the unsubscribe link at the end of each newsletter. Alternatively, you can also unsubscribe by sending an e-mail to .

By unsubscribing, the data will be deleted.

The data can be corrected at any time by logging out and logging in again with the corrected data, as well as by correcting the data using the registration form on our website. Each newsletter contains the name and the e-mail address, so that a separate information possibility is not necessary and not intended.

7. Rights concerned

In principle, you are entitled to the rights to free information, correction, deletion, restriction, data transferability, revocation and objection regarding your stored personal data, as long as no other legal regulations – such as a legal obligation to store – oppose.

7.1 Right to information

The Basic Data Protection Regulation gives data subjects far-reaching rights of access. Information on the processed data (purpose of processing, categories used, origin of data, duration of storage, profiling) will be provided – as far as technically and legally possible – within the framework of the DSGVO. Send us your request for information informally via e-mail to or contact us using the contact details provided here. Please note that, depending on the type and scope of the enquiry, we reserve the right to verify your identity.

7.2 Right to Correction, Correction, Deletion; Right of Objection

We are happy to correct, correct or delete your personal data within the scope of the legal requirements. A detailed explanation of your rights can be found in the DSGVO in “Chapter III: Rights of the data subject (§ 16-20)”.