Data protection

Sportalm GmbH Privacy Policy

1. Introduction and Scope

Sportalm operates this shop and website, including all related information, content, features, tools, products, and services, to provide you, the customer, with an individual shopping experience (the "Services"). Sportalm is based on Shopify, which enables us to provide you with the Services.

This Privacy Policy describes how we collect, use, or disclose personal data when you visit or use the website, make a purchase or other transaction using the Services, or otherwise communicate with us. The protection of your personal data is very important to us. We process your data exclusively on the basis of legal provisions, in particular the General Data Protection Regulation (GDPR). If there is a conflict between our general terms and conditions and this Privacy Policy, this Privacy Policy shall take precedence with regard to the collection, processing, and disclosure of your personal data.

2. Controller for Data Processing

The controller for data processing on this website is:

Sportalm GmbH Wilhelm Ehrlich Weg 1 A-6370 Kitzbühel (“Sportalm” or “we” or “us”), Tel: +43 5356/64361-0 Fax: +43 5356/64361-200 Email: sportalm@sportalm.at Web: https://www.sportalm.at/

3. What personal data do we collect or process?

According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier  . Depending on your interaction with us, we collect the following categories of personal data:

  • Contact data: Name, postal address, billing address, shipping address, telephone number, and email address.
  • Financial data: Credit, debit card, and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation, and other payment details.
  • Account information: Username, password, security questions, configurations, and settings.
  • Transaction information: Items you view, add to cart, add to wishlist, or purchase, return, exchange, or cancel, as well as your past transactions.
  • Communication: Information you provide when communicating with us (e.g., customer support inquiries).
  • Device information: Information about device, browser, or network connection, IP address, and other unique identifiers.
  • Usage information: Information about your interaction with the Services (how and when you browse the website).

Sources of data

We collect this data directly from you (account creation, purchase), automatically (via cookies and log files when visiting the website), and from service providers and partners who enable technologies on our behalf.

4. Cookies and similar technologies

Our website uses cookies. These are small text files that are stored on your device. We differentiate between technically necessary cookies, analysis cookies, and third-party cookies (e.g., for Amazon Pay).

  • Session cookies: Are automatically deleted after your visit.
  • Persistent cookies: Remain stored until you delete them or their storage period expires.

Legal bases:

  1. Strictly necessary cookies: The storage of such cookies is absolutely necessary to provide the Services. Processing is carried out on the basis of Section 25 (2) No. 2 TDDDG (for Germany) and Section 165 (3) TKG 2021 (for Austria )
  2. Optional cookies: If you have given your consent  (e.g., for marketing), processing is carried out exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time.

Management: You can set your browser to inform you about the setting of cookies, allow them only in individual cases, or generally exclude them. Please note: If deactivated, the functionality of our website may be limited.

“The following cookies are set / Why / Storage period (Table, cannot be created yet)“

5. Hosting and the relationship with Shopify

Our shop is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify collects and processes personal data about your access to enable us to provide the shop. Data is also transferred to Shopify Inc. in Canada and to US entities (e.g., Shopify Data Processing (USA) Inc.).

  • Canada: There is an adequacy decision by the EU Commission guaranteeing a comparable level of data protection.   
  • USA: Shopify uses recognized transfer mechanisms such as standard contractual clauses or the EU-US Data Privacy Framework to ensure an adequate level of protection.   

Further information can be found in Shopify's privacy policy at https://www.shopify.com/legal/privacy.

6. Purpose and Legal Basis of Data Processing

We use your data for the following purposes:

  • Provision of Services: Fulfillment of the purchase contract, payment processing, shipping, returns management (Legal basis: Art. 6 (1) lit. b GDPR).   
  • Security and Fraud Prevention: Authenticating your account and protecting against unauthorized transactions (Legal basis: Art. 6 (1) lit. f GDPR - legitimate interest).   
  • Marketing and Advertising: Sending communications and displaying online advertising (Legal basis: Art. 6 (1) lit. a GDPR in case of your consent or for existing customers according to § 7 (3) UWG (for Germany) or  § 174 (4) TKG 2021 (for Austria ) (opt-out).
  • Communication: Customer support and answering inquiries (Legal basis: Art. 6 (1) lit. b GDPR).
  • Legal Reasons: Compliance with applicable laws and responding to lawful governmental requests (Legal basis: Art. 6 (1) lit. c GDPR).

7. Payment Processing

a) Shopify Payments

We use "Shopify Payments" for payment processing. The provider is Shopify International Limited (Ireland).

Disclosure to Stripe: If you choose a payment method offered via Shopify Payments (e.g., credit card), the technical processing is carried out by the service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We transmit your information provided during the ordering process (name, address, account number, credit card details, amount, currency, transaction number) to Stripe in accordance with Art. 6 (1) lit. b GDPR.

Data processing by Stripe may also take place outside the EEA (in particular in the USA). Stripe is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. More information can be found at: (https://stripe.com/de/privacy).

b) PayPal

We offer payment processing via the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg (“PayPal”). If you decide to use PayPal for your payment, you will be redirected to the PayPal website. There you can log in with your account details and initiate the payment. After being redirected to the PayPal website, we have no access to the data collected by PayPal. Further information on data protection in connection with PayPal can be found here.

c) Amazon Pay 

We offer payment processing via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (“Amazon Pay”). If you decide to use Amazon Pay for your payment, you will be redirected to the Amazon Pay website. There you can log in with your account details and initiate the payment. After being redirected to the Amazon Pay website, we have no access to the data collected by Amazon Pay. Further information on data protection in connection with Amazon Pay can be found here.

d) Klarna 

When selecting Klarna's payment options ("purchase on account," "instant transfer," and "direct debit"), personal data, such as contact data and order data, is transmitted to Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). Klarna can thus assess whether you can use the payment options offered via Klarna and adapt the payment options to your needs. The integration of Klarna instant transfer and direct debit via Klarna takes place via Adyen (see above). Information on data protection at Klarna can be found in their privacy policy and here.

 

8. Newsletter and Marketing (Klaviyo)

a) Subscription and Double Opt-In

If you have given us your consent (Art. 6 (1) lit. a GDPR), we will send you our newsletter regularly. We use the double opt-in procedure to verify your registration.

b) Direct marketing for existing customers

If you have placed an order, we reserve the right to send you information about similar products via email (existing customer privilege). Legal basis: § 174 (4) TKG 2021 / § 7 (3) UWG). You can object to this at any time (opt-out).

c) Use of Klaviyo

For the design and analysis of our newsletter, we use Klaviyo (Klaviyo Inc., 125 Summer Street, Boston, MA 02110, USA). Klaviyo evaluates information such as purchase history and shopping cart contents on our behalf to personalize content. Klaviyo is certified under the EU-U.S. Data Privacy Framework. We have concluded a data processing agreement (Art. 28 GDPR).

9. Web analytics and advertising tools

a) Google Analytics 4 (GA4)

We use GA4 from Google Ireland Limited (Dublin, Ireland). Google Analytics uses cookies to analyze your user behavior (page views, clicks, dwell time). Data transfer to the USA is secured by Google's certification under the EU-US Data Privacy Framework. Legal basis: Your consent in accordance with Art. 6 (1) lit. a GDPR.

b) Google Tag Manager

We use Google Tag Manager to manage website tags. The tool itself does not collect personal data, but it triggers other tags that may collect data.   

c) Facebook Pixel

We use the Facebook Pixel (Meta Platforms Ireland Ltd.) to analyze and optimize our online offering, provided you have given your consent. In this case, Facebook receives information that you have visited our site with your IP address.   

10. Further Integrations (SWYM)

To display dynamic product content (e.g., wish lists), we use the SWYM app (HeroSoftware GmbH). Pseudonymous usage data is processed to optimize interaction in the shop. The legal basis is our legitimate interest in user-friendliness according to Art. 6 (1) lit. f GDPR. You can object at any time (opt-in).

11. Security and Storage

We use SSL or TLS encryption to protect the transmission of your data. Please note that no transmission over the internet is 100% secure. We only store your data for as long as necessary for the stated purposes (e.g., contract fulfillment, statutory retention periods).

12. Your Rights

You have the following rights vis-à-vis us:

  • Information: What data do we store about you? (Art. 15 GDPR)
  • Rectification: Correction of incorrect data. (Art. 16 GDPR)
  • Erasure: Removal of your data (“right to be forgotten”). (Art. 17 GDPR)
  • Restriction: Limitation of processing. (Art. 18 GDPR)
  • Data portability: Receipt of your data in a common format. (Art. 20 GDPR)
  • Objection: Stop of processing in case of legitimate interest or direct marketing. (Art. 21 GDPR)
  • Withdrawal: Withdrawal of a once given consent. (Art. 7 (3) GDPR)

To exercise these rights, please contact service@sportalm.at. You also have the right to lodge a complaint with the competent data protection authority.

13. Changes to this statement

We update this statement from time to time to reflect technical or legal changes. The current version can always be found on this website.

Status: April  2026

Submit Withdrawal Request

Please fill out the following form to submit your withdrawal request.

EU Widerrufsbutton logo Learn more about EU Withdrawal Button