This website is operated by Smarter Ecommerce GmbH (FN 298859 z), hereinafter referred to as "we," "us," and "smec," with its registered office at 4020 Linz, Peter-Behrens-Platz 9. In this Privacy Policy, we, as the controller pursuant to Art. 4 para. 7 GDPR, describe which data we collect when you visit our website and for what purpose we process it. Furthermore, we inform you about how we generally process data of our customers, suppliers, and prospective customers, and finally, we explain which rights and safeguards we offer in the course of data processing. Please refer to point 11. of this Privacy Policy for all relevant contact details.
Since the protection of your personal data is of particular concern to us, we strictly adhere to the legal requirements of the DSG (Austrian Data Protection Act) and the GDPR when collecting and processing your personal data.
In the following, we inform you in detail about the scope and purpose of our data processing as well as your rights as a data subject. Therefore, please read our Privacy Policy carefully before continuing to use our website and, if applicable, giving your consent to data processing.
The use of our website is generally possible without providing personal data. However, deviating regulations may apply to the use of individual services, which we will point out to you separately.
Therefore, apart from the cookies that may be described in detail below, we essentially only collect and store the data that you voluntarily provide to us by entering it in our input masks or by actively interacting with our website in any other way.
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number, or date of birth, but also your IP address or geolocation data that allows a conclusion to be drawn about you.
a. If you only use our website for informational purposes, i.e., if you do not register for a service or otherwise transmit information to us (e.g., via a contact form), we only collect the (personal) data that your browser transmits to our server. If you wish to visit our website, we collect the data listed below, which is technically necessary for us to display the website to you and to ensure its stability and security in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR:
However, these data are not processed beyond the purpose of displaying our website.
b. In addition to the data mentioned above, first and third-party cookies are stored on your computer when you use our website; these are small text files that are stored on your hard drive, assigned to the browser you are using. The party that sets a cookie (this is done either by us or an explicitly named third party) thereby receives certain information.
We require these cookies, on the one hand, to recognize you as a user of the website and, on the other hand, to be able to make the use of our services comprehensible. Finally, we may use cookies for marketing purposes to analyze your user behavior and to provide you with targeted advertising in the event of an occasion.
c. A fundamental distinction can be made between first-party cookies, third-party cookies, and third-party requests.
First Party Cookies
First-party cookies are stored by us or our website itself in your browser to offer you the best possible user experience. These are primarily functional cookies, such as shopping cart cookies. We may also use cookies to identify you for subsequent visits if you have an account with us - otherwise, you would have to log in again with every visit.
Third Party Cookies
Third-party cookies are stored by a third-party provider in your browser. These are mostly tracking or marketing tools that, on the one hand, evaluate your user behavior and, on the other hand, offer the third-party provider the opportunity to recognize you on other websites you visit. Fundamentally, retargeting marketing, for example, is based on the function of such cookies.
Third Party Requests
Third-party requests are all requests that you, as a page user, make to third parties via our page - for example, when you interact with social network plugins or use the offer of a payment provider. In this case, no cookies are stored in your browser, but it cannot be ruled out that personal data is sent to this third-party provider through the interaction. For this reason, we also inform you in detail about the tools & applications we use in our Privacy Policy.
d. To inform you comprehensively about the cookies we use, we have designed a cookie banner in accordance with the jurisdiction of the ECJ of October 1, 2019, C-673/17 (Planet 49) and other relevant decisions, which is displayed to you when you first access our website. This cookie banner displays all used cookies, including their function, storage duration, and origin. Only if you agree to the use of some or all cookies will they be stored by us; an exception to this may be technically absolutely necessary cookies, without the use of which our website could not be displayed correctly.
e. You can change your browser settings at any time so that you reject the acceptance of, for example, third-party cookies or all cookies. In this case, however, we must point out that you may no longer be able to use all functions of our website.
Personal data that goes beyond the information stored by cookies is processed by us exclusively in the context of operating our website if you voluntarily communicate it to us, for example, if you register with us, enter into a contractual relationship with us, or otherwise contact us. This is exclusively contact data and information about the concerns with which you approach us.
We use the personal data provided by you exclusively to the extent that this is necessary within the scope of fulfilling the respective purpose of the processing (e.g., registration, newsletter dispatch, processing of an order, sending information material and advertising, carrying out a competition, answering a question, enabling access to certain information) and is legally permissible (in particular pursuant to Art. 6 or Art. 9 GDPR) (e.g., sending advertising and informational material to existing customers pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR).
The purpose of processing your data is the operation of our website and the targeted provision of company-specific information, including the presentation of our goods and services offered (Marketing).
Any further use of your data will only take place insofar as you have previously given explicit consent, we require your data to fulfill a contract concluded with you, or are obliged to store it due to a legal provision. Any granted consent can be revoked at any time for the future, as explained in detail below.
b. Contract Processing, Marketing, and MoreGenerally, we use personal data of our customers, suppliers, and other contractual and cooperation partners, e.g., contact persons, their contact details, and marketing-relevant information, for the purpose of contract execution and within the scope of legal retention obligations (e.g., accounting), and beyond that also on the basis of legitimate interest, for example, for marketing and customer care purposes.
In addition, we collect personal data from prospective customers (e.g., contact persons, their contact details, and marketing-relevant information) in the course of our acquisition and sales activities. We are always looking for potential contract partners on the internet, at trade fairs, and other events and maintain a marketing database for this purpose to enable targeted advertising for our products and services. All measures listed here are carried out in the legitimate interest for marketing purposes pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Recital 47 for a period of three years from the end of a contractual relationship (customers & suppliers) or our initial (unsuccessful) contact (prospective customers), provided that no further explicit consent from the data subject exists.
If we do not collect personal data for marketing purposes from the data subject themselves, we will also inform the data subject pursuant to Art. 14 GDPR upon initial contact where we obtained their data.
Due to tax and administrative considerations, we have founded various companies in Austria and abroad, with which we jointly process personal data, partly as joint controllers within the meaning of Art. 26 GDPR, and partly within the framework of processor relationships within the meaning of Art. 28 GDPR. An example of this is the joint marketing database.
This includes in particular smec GmbH in Austria (FN 477776m) and smec Ltd. in Great Britain. If we are to provide products and services offered by other companies affiliated with us in the context of an ongoing business relationship or as a result of an explicit request from a prospective customer, we pass on personal data of the prospective customer to the affiliated companies that offer the products and services of interest to the specific data subject, based on legitimate interest for marketing purposes.
c. Application ManagementWe collect data from applicants for open job offers with us for the purpose of initiating a possible employment relationship, Art. 6 para. 1 sentence 1 lit. b GDPR, or possibly based on explicit consent for evidence purposes.
Data that you have provided to us exclusively for customer care or for marketing and information purposes are generally stored by us until three years after our last contact. If you wish, however, we will delete your data even before the expiry of this period, provided that no legal obstacle prevents this.
In the case of contract initiation or conclusion, we process your personal data after complete contract execution until the expiry of the warranty, guarantee, limitation, and statutory retention periods applicable to us, and furthermore until the termination of any legal disputes in which the data is required as evidence.
Data that you may transmit to us in the context of an application process will be stored by us without separate consent for a period of 6 months from the conclusion of the application process (or from the issuance of the rejection).
If storage is legally required, we comply with the prescribed period. If we process your personal data – for example, based on legitimate interest – beyond the purposes presented in this Privacy Policy, we will inform you separately before commencing the processing.
Your data will generally not be transmitted to third parties, unless we are legally obliged to do so, the data transfer is necessary for the performance of a contractual relationship concluded between us, or you have previously explicitly consented to the disclosure of your data.
External processors or other cooperation partners receive your data only insofar as this is necessary for contract execution, we have a legitimate interest in it, which we will always announce separately in the respective case, or if this is necessary due to special norms, with your consent.
Your personal data will not be sold or otherwise marketed by us to third parties. If our contract partners or processors have their registered office in a third country, i.e., a state outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
Insofar as one of our processors comes into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way as we do.
b. Data Transfer to the USA?We occasionally offer some services in the course of which data transfer to the USA takes place or can take place. The transfer of data to the USA has always led to legal challenges in recent years. There are several legal bases for a lawful data transfer to the USA, whereby we essentially rely on two different legal bases:
On July 10, 2023, the European Commission adopted a new adequacy decision pursuant to Art. 45 GDPR for the USA – namely the EU-U.S. Data Privacy Framework.
However, this adequacy decision only applies to those data importers in the USA who are registered in the Data Privacy Framework List (https://www.dataprivacyframework.gov/s/participant-search).
We check for each of our service providers who is intended to receive personal data in the USA as a data importer whether they are registered in the Data Privacy Framework List. If this is the case, it is stated in our Privacy Policy for the respective service provider.
The press release of the EU Commission on the EU-U.S. Data Privacy Framework can be found at: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.
If a data importer is not registered in the Data Privacy Framework List, it is nevertheless required - provided there is no other justification such as the fulfillment of contractual obligations - that you consent to the use of your data collected via these services, possibly also in the USA (Art 49 para. 1 lit. a GDPR).
This is because we cannot yet assess how the case law will develop as a result of the EU-U.S. Data Privacy Framework. We record this consent - depending on the service - via our cookie banner or separately through a corresponding declaration of consent directly before using an offered service.
Your consent is necessary because, according to the latest official and court decisions and the jurisdiction of the ECJ, the USA is not attested an adequate level of data protection when processing personal data (C-311/18, Schrems II). In these official and court decisions, it is particularly critically pointed out that access by US authorities (FISA 0702) is not comprehensively restricted by law, does not require approval by an independent body, and no relevant legal remedies are available to the data subjects in the event of corresponding interventions.
Apart from the contracts concluded with US service providers, we have no direct influence on the access of US authorities to personal data transferred to service providers in the USA when using these services. Even if we assume that our service providers take the necessary steps to ensure the promised level of protection in accordance with the contractual agreements made with us, access by US authorities to data processed in the USA is nevertheless conceivable.
We therefore ask for your consent to the processing of data in the USA before using such services. We will separately point out for each service or application that there is a possibility of data transfer to the USA.
You have the option to subscribe to our free newsletter. With this newsletter, you regularly receive all current news and information about our company as well as tailor-made advertising. To receive our newsletter, you need a valid email address.
We check the email address you entered in our registration mask to ensure that the receipt of newsletters is actually desired. This is done by sending you an email to the email address you provided, the receipt of which you can confirm by clicking on a provided link. After confirming the email, you are subscribed to our newsletter. (Double Opt-In)
Upon initial registration for the newsletter, we store your IP address, the date, and the time of your registration. This is done for security reasons in case a third party misuses your email address and subscribes to our newsletter without your knowledge. No further data is collected and processed by us for the newsletter subscription; the data is used exclusively for the purpose of receiving the newsletter.
Unless you object, we may transmit your data to companies affiliated with us for the purpose of analysis and for the transmission of information for advertising purposes. Within the corporate group, your data that you have provided to us for receiving the newsletter will be compared with data that may be collected by us elsewhere (e.g., when purchasing goods or booking a service).
Your data for newsletter registration will not be passed on to third parties who do not belong to the corporate group. You can terminate the receipt of our newsletters at any time; details on how to unsubscribe can be found in the confirmation email and in every individual newsletter.
a. We use Google Analytics, which is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses cookies, the functionality of which has already been extensively explained. The information generated by these cookies about your use of this website is usually transmitted to a Google server and stored there.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity, and to provide other services related to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of the cookies required by Google Analytics by adjusting your browser software settings accordingly, which may, however, mean that you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and its transmission and processing by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en
Should you wish to receive further information on the nature, scope, and purpose of the data collected by Google, we recommend that you read their privacy policy.
https://support.google.com/analytics/answer/6004245?hl=en
Google also processes your data in the USA. Before you consent to the storage of cookies through the use of Google Analytics, please read the relevant information in our Privacy Policy.
Google LLC is registered in the Data Privacy Framework List.
A detailed list of all third-party partner services we implemented on our website is available below:
Opt-out: As an alternative to the default browser settings, you can opt out of non-essential cookies, such as those used for traffic analysis, by clicking on this link.
b. We also include links to other websites on our website; this is done purely for informational purposes. These websites are not under our control and are therefore not covered by the provisions of this Privacy Policy. However, if you activate a link, it is possible that the operator of this website collects data about you and processes it in accordance with its privacy policy, which may differ from ours. Please always inform yourself about the current privacy policies on the websites we link to.
c. Our website also offers the possibility to interact with various social networks via plugins. These are:
Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc., Menlo Park, California, is registered in the Data Privacy Framework List. X (formerly Twitter), operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA Linked In, operated by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA Youtube, operated by Youtube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company, Meta Platforms Inc., Menlo Park, California, is registered in the Data Privacy Framework List.
When you click on a plugin of one of these social networks, it is activated and a connection to the respective server of that network is established as previously described.
If you activate these plugins, you consent to the use of your data collected via these plugins, possibly also in the USA.
We have no influence on the scope and content of the data transmitted to the respective operator of this social network by clicking on the plugin or which may subsequently be subject to access by US authorities.
If you wish to inform yourself about the nature, scope, and purpose of the data collected by the operators of these social networks, we recommend that you read the privacy policies of the respective social network.
d. Use of Artificial Intelligence (AI) Technologies
In the context of our business activities and the provision of our services, we use software solutions that utilize artificial intelligence functions - exclusively within the legally permissible scope. These systems support us, in particular, in the analysis of inquiries, the optimization of internal processes, and the efficient provision of our services to customers.
Insofar as personal data is processed in this context, this is done exclusively on the basis of the relevant data protection provisions (in particular Art. 6 and Art. 9 GDPR) and in compliance with the transparency and due diligence obligations of the EU Artificial Intelligence Act (EU AI Regulation). The AI-supported systems used by us are carefully selected, continuously reviewed, and used exclusively in a manner that ensures an adequate level of protection for your personal data.
Processing by AI tools takes place either (i) for the fulfillment of contractual obligations, (ii) on the basis of our legitimate interests – such as improving our service quality, error detection, or system security – or (iii) based on your explicit consent, if such use goes beyond the scope necessary for contract fulfillment.
We ensure through suitable technical and organizational measures that AI-supported data processing is traceable, secure, and non-discriminatory. Automated decision-making with legal or similarly significant effects on you does not take place without your prior explicit consent.
a. Facebook – Fan Page
We operate a Facebook fan page at https://www.facebook.com/SmarterEcommerce/. The purpose of this fan page is to share information about our company's activities, implement marketing measures, and offer another communication channel with us.
In this context, we are "joint controllers" with Facebook, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides this service to us. Fundamentally, Facebook allows you to select in your settings which personal data is shared with us. If you do not wish this, we receive all information regarding the use of our fan page and personal data about the visitors in anonymous form.
For this purpose, we have concluded an Art. 26 GDPR agreement with Facebook, which regulates the mutual rights and obligations of us and Facebook. You can find this at https://www.facebook.com/legal/EU_data_transfer_addendum. In this context, we also ask you to read Facebook's privacy policy, which you can find at https://www.facebook.com/policy.php.
In the Art. 26 GDPR agreement concluded by us, Facebook undertakes to be the primary point of contact for data subjects regarding the processing of Insights data and to fulfill the associated duties and tasks.
You can therefore assert your data subject rights both against us pursuant to point 10. of this Privacy Policy and against Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
b. Instagram – Profile
We operate an Instagram profile at https://www.instagram.com/smarterecommerce/. With this profile, we want to implement marketing measures, draw attention to our products and services, and create another communication channel with our customers.
In this context, too, we are "joint controllers" with Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, which provides this service to us. Fundamentally, Instagram allows you to select in your settings which personal data is shared with us. If you do not wish this, we receive all information regarding the use of our fan page and personal data about the visitors in anonymous form.
For this purpose, we have concluded an Art. 26 GDPR agreement with Instagram, which regulates the mutual rights and obligations of us and Instagram. You can find this at https://www.facebook.com/legal/EU_data_transfer_addendum. In this context, we also ask you to read Instagram's privacy policy, which you can find at https://help.instagram.com/519522125107875.
In the Art. 26 GDPR agreement concluded by us, Instagram undertakes to be the primary point of contact for data subjects regarding the processing of Insights data and to fulfill the associated duties and tasks.
You can therefore assert your data subject rights both against us pursuant to point 10. of this Privacy Policy and against Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We implement numerous technical and organizational security measures to protect your data against manipulation, loss, destruction, and against access by third parties. Our security measures are continuously improved in line with technological developments on the internet. Should you require more detailed information on the nature and scope of the technical and organizational measures taken by us, please feel free to send us a written inquiry at any time.
In accordance with the General Data Protection Regulation and the Data Protection Act, you, as the data subject of our data processing, are entitled to the following rights and legal remedies:
As a data subject of the data processing described above and other processing, you have the right to request information on whether, and if so, which personal data about you is being processed. For your own protection - so that no unauthorized person receives information about your data - we will verify your identity in a suitable form before providing information.
You have the right to immediately request the rectification of inaccurate personal data concerning you and - taking into account the purposes of the processing - the completion of incomplete personal data, as well as the erasure of your data, provided that the criteria of Art. 17 GDPR are met.
Under the legal prerequisites, you have the right to request the restriction of the processing of all collected personal data. From the date of the restriction request, this data will only be processed with your individual consent or for the assertion and enforcement of legal claims.
You can request the unhindered and unrestricted transmission of personal data that you have provided to us, either to you or to a third party.
You can object to the processing of personal data concerning you at any time on grounds relating to your particular situation, which is carried out to safeguard our legitimate interests or those of a third party. Your data will no longer be processed after an objection, unless there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims. You can object to data processing for the purpose of direct marketing at any time with effect for the future.
If you have separately given consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have expressed it to us.
If you take action to enforce your rights listed above from the GDPR, smec must respond to the requested measure or comply with the request immediately, but no later than within one month of receiving your request.
We will respond to all reasonable inquiries within the legal framework free of charge and as promptly as possible.
The Data Protection Authority is responsible for applications concerning violation of the right to access, violation of the rights to secrecy, to rectification, or to erasure. Their contact details are:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
[email protected]
Smarter Ecommerce GmbH
Peter-Behrens-Platz 9
4020 Linz
Austria
Email: [email protected]
Tel: +43 (0) 732 997002
Fax: +43 (0) 732 997002-10
UID: ATU63760825
Firmenbuchnummer/-gericht:
FN 298859 z, Landesgericht Linz
Smarter Ecommerce GmbH
Peter-Behrens-Platz 9
4020 Linz
Austria
Email: [email protected]
Tel: +43 (0) 732 997002
Fax: +43 (0) 732 997002-10
Status: 8 January 2026