Privacy Policy

1. Introduction and Overview

We have drafted this Privacy Policy (version: [15.09.2025]) to inform you, in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national laws, about the personal data (hereinafter referred to simply as “data”) that we, as the data controller – and the processors commissioned by us (e.g., hosting providers, logistics companies) – process, will process in the future, and what lawful options you have.

In short: We transparently explain what data we process about you, why we process it, and what rights you have under GDPR.

2. Scope of Application

This Privacy Policy applies to all personal data processed within our company and by third parties (processors) on our behalf. This includes:

  • All online presences (websites, online shops) operated by us.

  • Social media profiles and e-mail communication.

  • Mobile access via smartphones and other devices.

3. Legal Basis for Processing

We process personal data only if at least one of the following conditions applies (Art. 6 GDPR):

  • Consent (Art. 6 para. 1 lit. a GDPR): e.g., when you subscribe to our newsletter.

  • Contract (Art. 6 para. 1 lit. b GDPR): e.g., when we enter into a purchase agreement.

  • Legal obligation (Art. 6 para. 1 lit. c GDPR): e.g., retention of invoices under accounting laws.

  • Legitimate interest (Art. 6 para. 1 lit. f GDPR): e.g., secure and efficient operation of our website.

In Austria, the Data Protection Act (DSG) applies; in Germany, the Federal Data Protection Act (BDSG).

4. Contact Details of the Controller

ParTrade Handels OG
Nikola Antić & Miloš Marković
Gartengasse 13, 3721 Limberg, Maissau, Austria
E-Mail: info@cotto-rustic.at
Phone: +43 681 81111005
Imprint: https://cotto-rustic.at/impressum/

5. Data Retention

We store personal data only as long as is strictly necessary for providing our services or fulfilling contractual/legal obligations. Data will be deleted once the purpose no longer applies, unless legal retention obligations (e.g., accounting) require longer storage.

6. Rights of Data Subjects (GDPR)

You have the following rights under GDPR:

  • Right to access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (“Right to be forgotten”, Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to object (Art. 21 GDPR)

  • Right not to be subject to automated decision-making, including profiling (Art. 22 GDPR)

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

7. Data Transfers to Third Countries

If personal data is transferred outside the EU/EEA, this is done only on the basis of:

  • Consent, or

  • Standard Contractual Clauses (SCCs), or

  • EU-US Data Privacy Framework (for U.S. companies that participate).

8. Data Security

We implement technical and organizational measures to protect your personal data (Art. 25 GDPR). This includes:

  • TLS encryption (HTTPS)

  • Secure server infrastructure

  • Access controls and data minimization

9. Communication

If you contact us by telephone, e-mail, or online form, personal data (such as your name, contact details, and content of the inquiry) will be processed exclusively for handling your request.

Legal bases: Consent (Art. 6(1)(a) GDPR), Contract (Art. 6(1)(b) GDPR), Legitimate Interest (Art. 6(1)(f) GDPR).

10. Processors (Data Processing Agreements – DPA)

We work with external service providers (processors), such as hosting providers, newsletter tools, logistics companies (e.g., Gebrüder Weiss), who process data exclusively on our instructions and in compliance with GDPR.

11. Cookies

Our website uses cookies to provide basic functionality, improve user experience, analyze usage, and for marketing purposes.

Types of cookies used:

  • Necessary cookies (functional use)

  • Analytical cookies (e.g., Google Analytics)

  • Marketing cookies (e.g., Meta/Facebook Pixel)

You can withdraw consent at any time via your browser or cookie settings.

12. Web Hosting

Our website is hosted by:
Hostinger International Ltd.
61 Lordou Vironos str., 6023 Larnaca, Cyprus

Hosting provider processes data such as IP address, browser type, and time of access.

13. Web Analytics

We use tools such as Google Analytics 4 to analyze visitor behavior. Google Ireland Ltd., Dublin, is responsible in the EU.

Legal basis: Consent (Art. 6(1)(a) GDPR) and Legitimate Interest (Art. 6(1)(f) GDPR).

Google may process data in the USA. Safeguards: EU-US Data Privacy Framework, SCCs.

14. E-Mail Marketing

If you subscribe to our newsletter, we will process your e-mail address and, if provided, your name. Subscriptions are handled via the double opt-in method.

You may unsubscribe at any time.

15. Social Media Plugins and Content

Our website may include content from:

  • Facebook & Instagram (Meta Platforms)

  • YouTube (Google)

These providers may collect and process user data independently.

16. Data Recipients

We may share data with:

  • Logistics companies (e.g., Gebrüder Weiss for delivery)

  • Tax consultants and accountants (for legal obligations)

  • IT service providers (for maintenance and security)

17. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal or technical changes. The most recent version will always be available on our website.