Skip to Content

Privacy Policy - Only the German version is legally valid

1. General

The protection of your personal data is very important to us. We process your data in accordance with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

2. Responsible Party

Xplore Commerce GmbH
Höllgrund 3
8083 Sankt Stefan im Rosental
E-Mail: [email protected]

If you have questions about data protection, you can contact us at the above-mentioned email address.

3. Collection and Processing of Personal Data

We collect and process the following personal data:

  • Name, address, email address, phone number (e.g., for bookings and communication).
  • Payment information (e.g., for processing payments).
  • IP address and usage data (e.g., when visiting our website).

Purposes of data processing:

  • Processing of rental agreements and bookings.
  • Communication with customers (e.g., inquiries, feedback, promotions).
  • Compliance with legal requirements (e.g., accounting).

3a. Customer Account

When registering a customer account and when placing orders through our online shop, we process personal data that is necessary for the establishment, execution, and processing of the contractual relationship.

The following data is collected when creating a customer account:

  • Name, address, email address, phone number.
  • Optional: Company name, VAT number (for business customers).
  • Login data (Email and password — the password is stored exclusively in encrypted form).
  • The customer account can be deleted at any time by the customer by sending a request to [email protected]. Upon deletion, all stored data will be removed, unless there are legal retention obligations.
  • Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment), Art. 6 para. 1 lit. f GDPR (legitimate interests — convenient ordering process and customer relationship management).
  • 4. Retention periods

We are required by Austrian tax law (BAO) to retain invoices, accounting documents, and business documents for at least 7 years.

Legal basis for retention: Art. 6 para. 1 lit. c GDPR (legal obligation).

Specific retention periods:

We only store personal data as long as it is necessary for the respective purposes or legal retention obligations exist. In detail:

  • Contract and order data: 7 years (legal retention obligations)
  • Customer account data: until the customer account is deleted by the user
  • Communication and support requests: up to 3 years after the request is completed
  • Payment-related data: according to the legal retention periods

After the purpose of processing ceases or the legal periods expire, the data will be deleted or anonymized.

5. Security

We implement technical and organizational measures to protect your data from unauthorized access, loss, or manipulation. These include:

  • Encrypted data transmission via SSL (e.g., on our website).
  • Password-protected systems for data processing.

6. Rights of the data subjects

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • Access: You have the right to know what data we have stored about you.
  • Rectification: You can request the correction of inaccurate data.
  • Erasure: You can request the deletion of your data, provided that there are no legal retention obligations.

Exercise of your rights: Please send your request by email to [email protected]. We will process your request promptly, at the latest within one month.

7. Use of cookies and tracking tools

Our website uses cookies and similar technologies to ensure basic website functions and improve the user experience.

We distinguish between:

  • technically necessary cookies that are required for the operation of the website
  • optional cookies (e.g., analytics or statistics cookies) that are only set with your explicit consent

On your first visit to our website, you have the option to specify which cookies you would like to accept via a cookie consent tool. You can revoke or change your consent at any time through the cookie settings.

The legal basis for technically necessary cookies is Art. 6 para. 1 lit. f GDPR. For optional cookies, the processing is based on your consent according to Art. 6 para. 1 lit. a GDPR.

7a. Analysis and advertising

We use Google Analytics 4 (Measurement ID: G-PFNC5LS92D) and Google Ads Conversion Tracking (Account ID: AW-18104791809) via the Google Tag Manager (Container GTM-W99HVN8M).

These services are only activated after your explicit consent via our consent banner (CookieYes). Without your consent, no tracking cookies are set and no data is transmitted to Google.

Google Consent Mode v2 ensures that before consent, all relevant storage types (ad_storage, analytics_storage, ad_user_data, ad_personalization) are set to "denied".

Legal basis: Art. 6 para. 1 lit. a GDPR (consent).

Further information: https://policies.google.com/privacy

8. Third-party providers

To fulfill our services, we use external service providers:

  • Website hosting: External providers / Cloud solutions
  • Payment service providers: (e.g., PayPal, Stripe, and others, if applicable).

Payment processing (Stripe)

For the processing of online payments, we use the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

As part of the payment processing, personal data such as name, billing address, payment amount, transaction data, and IP address are transmitted to Stripe. The processing is carried out in accordance with Stripe's privacy policy and the applicable EU standard contractual clauses for data transfers to third countries.

We do not store complete credit card or payment data. Processing is carried out exclusively by Stripe in PCI-DSS certified environments. Stripe may process data outside the EU/EEA based on the EU Standard Contractual Clauses. For more information on data processing by Stripe, please visit: https://stripe.com/privacy.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

Shipping service provider (Sendcloud)

For the handling of goods shipping, we use the shipping service provider Sendcloud GmbH or Sendcloud B.V. As part of the shipping process, personal data such as name, delivery address, email address, and shipping information are transmitted to Sendcloud.

Data processing is carried out exclusively for the purpose of delivering goods and creating shipping labels. The legal basis is Art. 6 para. 1 lit. b GDPR (contract fulfillment).

The legal basis for processing is Art. 6 para. 1 lit. b GDPR (contract fulfillment). There is a data processing agreement with Sendcloud in accordance with Art. 28 GDPR.

Print-on-Demand and Fulfillment (Gelato)

For the sale of individually produced merchandise items (Print-on-Demand), we use the service provider Gelato AS, Dronning Eufemias gate 8, 0191 Oslo, Norway.

For order processing, personal data such as name, delivery address, and order-related information are transmitted to Gelato. Processing is carried out exclusively for the purpose of producing and delivering the ordered goods.

Depending on the production and delivery location, personal data may be transferred to third countries outside the European Union. In such cases, the data transfer is based on appropriate safeguards in accordance with Art. 46 GDPR (e.g., EU standard contractual clauses).

Legal basis for retention: Art. 6 para. 1 lit. c GDPR (legal obligation).

9. International Data Transfers

As far as personal data is transferred to non-EU countries, we ensure that an adequate level of data protection is guaranteed (e.g., through EU standard contractual clauses).

10. Direct Marketing to Existing Customers

If you are already a customer with us, we use your email address in accordance with § 107 para. 3 of the Austrian Telecommunications Act (TKG) and Art. 6 para. 1 lit. f GDPR to send you information about similar products, promotions, or services from our range. This is done exclusively within the framework of an existing customer relationship and only for our own similar offers.

You have the right to object to this use of your data at any time. A corresponding notice of your right to object is included in every email. Alternatively, you can also send your objection at any time by email to the contact address mentioned in the imprint.

11. Changes to the Privacy Policy

This privacy policy may be adjusted as needed to account for legal or operational changes. The current version is available on our website.

Status: 1.1.2026