Privacy Policy

Last updated: 25th May 2018

The Company: (Starlingson OG of Lacknergasse 29/27, 1170 Vienna Austria)

We use your information for the sole purpose of providing you with our services. That is, taking your payment, delivering your item and notifying you of order status. We wish for our customers to be satisfied, so please note that we may, on occasion, ‘follow-up’ on your order, to see if there were any issues or feedback.

We may inform you of new releases via an email newsletter, which you will be subscribed to only if you opted-in. You can opt-out of our newsletter at any time by clicking unsubscribe at the footer of any mail-out, or emailing simply ‘ please unsubscribe’ to mail@thecity.works if you’re unsure.

We never sell any of your personal information to third parties, and will never disclose your details unless requested to do so by the European Economic Area or Austrian law. Your personal information is never made public in any way.


Data Protection

If you’re a user or visitor in the European Economic Area these rights also apply to you: For the purposes of applicable EU data protection law (including the General Data Protection Regulation* 2016/679 (the “GDPR / DSGVO”), we are a ‘data controller’ of your personal information.

Additionally, we are a ‘data processor’, when using information stored via the MailChimp automated email newsletter service.

We store personal data from our private online customers and from the businesses that we work with. For ease, they can be categorised as: ‘Customer data’ and ‘Business data’.

Customer Data

Personal customer data includes the following: first and last name, billing address, shipping address, email address and telephone number. As explained later in this policy, non-identifying information such as your cart contents and browsing habits may be collected in the form of ‘cookies’ and Google Analytics data.

We require the above personal data, to provide to our trusted couriers (Austria Post, DHL, DPD, myHermes) so they can deliver a customer order. We also use the email address to provide a receipt, and to contact the customer if there is an issue with the order.

Data is stored on our website’s server and on a spreadsheet. Both of these are password protected with additional layers of security like two-step verification and ‘captcha’ requests, to prevent robots logging in. If we ever notice a breach of our data storage, we will notify everyone affected within 24 hours.

Business Data

We work with many different forms of businesses, from suppliers for our company, to our clients, and potential clients. If a business customer has provided us with a business card, information from that business card (first and last name, address, email address and telephone number) will be stored in a spreadsheet. Again, these are password-protected with two-step verification.

You can contact us directly at mail@thecity.works if you would like to ask if we store any data about you and if you’d like this data to be altered or removed.


Rights to Information, Revocation and Objection

In accordance with the provisions of the 2000 Data Protection Act (Austria), as well as the General Data Protection Regulation (GDPR / DSGVO)*, you have the following rights regarding your information:

The right to be informed about what information we may store about you, your right to access and amend that information, your right to restrict the processing or transporting of the information, your right to object and to revoke your consent to the use of your personal data at any time. In this case we will not use your data and delete it in compliance with any statutory retention periods.

Where the use of your personal information is not provided for by law, you further have the right to object to the use of your data due to infringement of your overriding and legitimate confidentiality interests.

In the event of this circumstance, we will delete your data in compliance with any statutory retention periods within a period of 30 days.

When handling subject-access requests, we will not charge you, when complying with your request. We will comply within 30 days, but may refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we will inform you why. You have the right to complain to the supervisory authority and to a judicial remedy.

For information on issues of data protection and in order to enforce this and other rights of persons affected (rectification, cancellation, revocation, objection), please send an email to dataprotection@austria.info.


Age requirements

You must be over the age of 16 years old in order to use our services. It is prohibited to register for an account unless you are over the age of 16 or you get consent from a parent, guardian, or person holding ‘parental responsibility’.


Cookies

Like many websites, thecity.works website uses cookies. Cookies are small important files for website functioning mostly to provide a better user experience. They usually contain a string of characters stored on a user’s computer when he visits a certain website. When the user browses this same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity.

In your browser, you can choose whether to allow cookies in your computer, whether you want to be informed about the use of cookies, give permission on a case by case basis, or choose to disallow all cookies. The collection and storing of data as related to cookies can also be revoked in this manner at any time with future effect. Some functions of this website may not be available should you choose to not allow cookies.

Our cookies may track the contents of your shopping cart, recently viewed items, and may store delivery details if you use auto-fill settings. By using this website and all of its pages you agree to our use of cookies.


Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (“Google“). Google Analytics uses so-called cookies, which are text files stored on your computer to facilitate an analysis of your use of the website.

The information on your use of this website (including your IP address) which has been generated by the cookie is transferred to and stored on a Google server in the USA. Google will use this information to analyse your use of the website, compile reports on the website activities for the website operators and provide services associated with the use of the website and the internet.

Google may also transfer these data to third parties if this is required by law or if third parties process these data for Google. Under no circumstances will Google link your IP address with other Google data. You can prevent the installation of the cookies by a corresponding setting in your browser software; we would like to point out, however, that in this case you may not be able to fully use all functions of the website.

You can also prevent the sending of the data (including your IP address) generated by the cookie and referring to your use of the website to Google and the processing of these data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

Further information is provided at  http://tools.google.com/dlpage/gaoptout?hl=en and at http://www.google.com/intl/en/analytics/privacyoverview.html (general information on Google Analytics and data protection). We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();“ in order to guarantee an anonymized collection of IP addresses (so-called IP masking).“

This website uses Google Analytics reports on demographic features in which data are used from interest-related advertising of Google and hit data of third providers (e.g. age, gender and interests). These data cannot be traced to a specific person and may be deactivated at any time using the ads settings.

Google Analytics retains data for a period of 26 months, before automatically deleting it. When data reaches the end of the retention period, it is deleted automatically on a monthly basis.


Social Media Buttons

When visiting a journal article, product or a commission page on our website, you may notice the option to ‘share’ the page or product on your social media networks.

By clicking on any of these buttons, or “activated recommendation buttons”, operators of those social media network platforms will, naturally, receive information that you have visited our site with your IP address, unless you have adjusted your settings on the social network account in question, to not track this information.

For example, if you click on the Facebook “Like” button, while you are logged into your Facebook account, you can display the content of our pages onto your Facebook profile. This allows Facebook to assign your visit of our website to your user account.

Please note that we are not able to certify which content the social network or platform in question may be requesting once a button is clicked, this is because you are, at that moment, sharing information with the network, not us.

For more information, please see the privacy statements of the corresponding social media platforms:
Facebook: http://www.facebook.com/policy.php
Google+: http://www.google.com/intl/en/policies/privacy/
Twitter: http://twitter.com/privacy?lang=en
Pinterest: http://about.pinterest.com/en/privacy-policy


*In our native Austria, GDPR is the English translation of the German equivalent, the DSGVO (Datenschutzgrundverordnung). They are different names for the same regulations.