top of page

Privacy Policy

1. Introduction
Welcome to WOW. We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share personal information when you visit our website, make a purchase, subscribe to our newsletter or otherwise interact with us. By using our services or providing us with your data, you consent to the practices described in this policy.

2. Controller
The data controller for the purposes of data protection law is:
WOW
Gumpendorfer Strasse 76
1060

Vienna

Austria
hello@wow-shop.at
3. What data we collect
We may collect and process the following types of personal data:

  • Identity & contact information: name, billing and shipping address, email address, phone number;

  • Account information: login credentials, password (securely stored);

  • Transaction data: details of purchases you make, products ordered, invoices and order history;

  • Payment details: where applicable for payment processing (note: full credit-card numbers are not retained unless necessary under applicable law or agreement);

  • Technical & usage data: IP address, browser and device information, page visits, session duration, click behaviour, referrer URL, length of visit, interaction with pages;

  • Communications: feedback, product reviews, enquiries, messages you send to us;

  • Cookies and similar tracking technologies (see section 7).

4. How and why we use your data / purposes of processing
We process your data for various purposes, including but not limited to:

  • To fulfil your orders and manage delivery, returns, and refunds;

  • To communicate with you about your orders, account, customer service;

  • To comply with legal and regulatory obligations (e.g., accounting, tax, consumer law);

  • To protect our legitimate interests e.g., fraud prevention, security, website optimisation, analytics;

  • To send you marketing communications (newsletter or personalised offers) where you have consented or where permitted by law;

  • To improve our website, products and services, by analysing how you use our site and making enhancements.

5. Legal basis for processing
Under the EU General Data Protection Regulation (GDPR) and relevant Austrian/German data protection laws, we rely on the following legal bases:

  • Contract performance (processing is necessary to carry out steps at your request prior to entering into a contract, or to perform a contract to which you are a party);

  • Compliance with legal obligations (e.g., tax, accounting);

  • Legitimate interests (when our interests are not overridden by your rights and freedoms, for example for fraud prevention or improving our services);

  • Consent (for processing such as marketing communications, non-essential cookies or personalisation analysis) — you may withdraw consent at any time.

6. Disclosure of your data / third-party recipients
We may share your personal data with third-party service providers strictly as needed to deliver the services, subject to appropriate contracts and safeguards. These may include:

  • E-commerce platform provider;

  • Payment service providers (e.g., credit card processors, PayPal, Klarna);

  • Delivery and fulfilment partners (e.g., courier companies);

  • Email/marketing software providers;

  • Analytics and advertising platforms (e.g., Google Analytics, Meta/Facebook ads);

  • IT and cloud infrastructure providers;

  • Legal, audit or tax advisors when required.
    If we transfer your data to countries outside the European Economic Area (EEA), we ensure adequate safeguards are in place (Standard Contractual Clauses or other mechanisms) in compliance with GDPR.

7. Cookies and tracking technologies
We use cookies and similar technologies on our website to enhance functionality, understand how you use the site, and deliver marketing/advertising.
Cookies categories include:

  • Strictly necessary cookies (required for basic site operations);

  • Functional cookies (to remember your preferences);

  • Performance/analytics cookies (to analyse site usage);

  • Marketing/advertising cookies (to serve targeted ads).
    You will be prompted by a cookie banner on your first visit, where you can consent to non-essential cookies. You can manage or withdraw your cookie preferences at any time via settings in your browser or via our website’s cookie settings link.

8. Newsletter / Direct marketing
If you opt-in to receive our newsletter or promotional communications, we use your email address and preferences for that purpose. You may unsubscribe at any time via the link in every email or by contacting us. We may still send non-marketing communications (e.g., order confirmations) without your consent as necessary for the contract.

9. Retention of data
We retain personal data only as long as necessary to fulfil the purposes for which it was collected, including for legal, accounting or administrative purposes. Typical retention periods may include up to 7–10 years for tax or accounting records (depending on national law). After the retention period, data will either be deleted or anonymised.

10. Your rights
Under GDPR and national laws you have the following data protection rights:

  • Right of access: to request a copy of your personal data we hold;

  • Right to rectification: to request correction of inaccurate or incomplete data;

  • Right to erasure: to request deletion of your personal data where certain conditions are met;

  • Right to restriction of processing: to request that processing of your data is restricted;

  • Right to object: to object to processing based on legitimate interests or direct marketing;

  • Right to data portability: to receive your data in a structured, commonly used format and transmit it to another controller;

  • Right to withdraw consent at any time (where processing is based on consent) without affecting the lawfulness of prior processing;

  • Right to lodge a complaint with a supervisory authority (see section 11).
    To exercise your rights, please contact us at [insert email].

11. Supervisory authority
If you believe we have processed your data unlawfully, you may lodge a complaint with your local data protection authority:

  • Austria: Datenschutzbehörde (DSB) – https://www.dsb.gv.at

  • Germany: The competent Landesdatenschutzbeauftragte for your federal state.

12. Security
We implement appropriate technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss or alteration and from unauthorised access, disclosure or use. However, no system is completely secure—please also protect your account credentials and notify us immediately if you suspect any unauthorised use.

13. Children’s privacy
Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children without parental consent. If you believe we have collected data about a child, please contact us and we will delete such data.

14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The “Last updated” date will indicate the latest revision. We encourage you to check this page periodically. Significant changes will be notified via conspicuous notice on our website.

15. Contact us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights.

bottom of page