privacy policy

Valid from: 04.04.2025
Company: Irene Semerciyan
Address: Menzelstraße 10/3/12, 1210 Vienna
Email: info@thatmagicalmind.com
VAT number: ATU82127789
Member of: Austrian Chamber of Commerce, Department LG Shipping, Internet
and general trade, FG Personal Service Providers, LI Arts and Crafts

This Privacy Policy describes how your personal information is collected, used, and shared when you use or purchase something from thatmagicalmind.com (the "Website").


Personal information we collect
Your data is collected, on the one hand, when you provide it to us. This may, for example, be data you enter into a contact form or via our online shop. When you visit the website, we automatically collect certain information about your device, including information about the web browser and operating system, the IP address, the host name of the accessing computer, the time zone, the time of the server request, geolocation, and some of the cookies installed on your device. As you navigate the website, we also collect information about the individual web pages or products you visit, the websites or search terms that brought you to the website, and information about how you interact with the website. We refer to this automatically collected information as "Device Information." We collect Device Information using the following technologies:

- "Cookies" are data files stored on a device or computer and often contain an anonymous unique identifier.
For more information about cookies and how to disable them, please visit http://www.allaboutcookies.org.

- "Log files" log actions on the website and collect data such as IP address, browser type, Internet service provider, referring/exit pages, and date/time stamp.

- "Web beacons," "tags," and "pixels" are electronic files used to collect information about how you navigate the Site. When you purchase or attempt to purchase something on the Site, we also collect certain information about you. This includes your name, date of birth, billing address, shipping address, payment information (including credit card numbers, account numbers, PayPal customer information, Klarna customer information), email address, and phone number. We refer to this information as "Order Information."
By "personal data" in this privacy policy we mean both device information and order information.


GDPR Legal Cookie by Shopify
Our website uses GDPR Legal Cookie by Shopify to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this consent in compliance with data protection regulations. This technology is provided by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify"). When you visit our website, a connection is established to Shopify's servers in order to obtain your consent and other declarations regarding the use of cookies. Shopify then stores a cookie in your browser in order to be able to assign the consent granted or its revocation to you. The data collected in this way is stored until you request us to delete it, delete the Shopify cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. You can find details at: https://apps.shopify.com/gdpr-legal-cookie. GDPR Legal Cookie by Shopify is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR. Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services). If we also process personal data and the cookies are not absolutely necessary for technical reasons within the meaning of Section 165 (3) TKG, we ask you for your consent beforehand by clicking the "Accept Cookies" button. When you visit the website for the first time, you will be asked which of these cookie types you wish to accept. If you wish to prevent the use of cookies, you can do so by making local changes to the settings in the internet browser used on your computer. If you deactivate or reject cookies completely, you may not be able to use certain functions of our website. If you prevent the use of cookies in your browser settings, we only collect anonymous data, for example to determine the total number of visits to our website.

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser's address bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Registration on this website
You can register on this website to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. We will use the email address you provided during registration to inform you of important changes, such as changes to the scope of our offer or technically necessary changes. The data entered during registration will be processed for the purpose of implementing the user relationship established by the registration and, if necessary, to initiate further contracts (Art. 6 (1) (b) GDPR). The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.


HOW DO WE USE YOUR PERSONAL DATA?
We use the order information we collect to fulfill orders we receive through the website (including, but not limited to, processing your payment information, arranging shipment and sending you invoices and/or order confirmations, arranging transportation, and delivering digital content). We also use this order information to: communicate with you; screen our orders for potential risk or fraud; and provide you with information or advertising related to our products or services, in accordance with your privacy settings and the necessary consent. We use the device information we collect to screen for potential risk and fraud (in particular, your IP address) and generally improve and optimize our website (e.g., by analyzing how our customers navigate and interact with the website, and to assess the success of our marketing and advertising campaigns).


SHARING YOUR PERSONAL DATA
We share your personal information with third parties who help us use your personal information as described above. For example, we use Shopify, operated by Shopify International Limited, Victoria Buildings, Haddington Road, Dublin 4, to operate our online store. For more information about how Shopify uses your personal information, see:
https://www.shopify.com/legal/privacy.

We also use Google Analytics to understand how our customers use the website. For more information about how Google uses your personal data, please visit: https://policies.google.com/privacy?hl=de. You can deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout. We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. This service is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time. You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Further information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. This website uses the "demographic characteristics" function of Google Analytics to be able to display suitable advertisements within the Google advertising network to website visitors. This makes it possible to create reports that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or prevent the collection of your data by Google Analytics as described in the section "Objection to
We generally prohibit the collection of data as described in the "Data Collection" section. We have concluded a contract processing agreement with Google and fully implement the strict requirements of the data protection authority when using Google Analytics.

This website uses the "E-Commerce Measurement" feature of Google Analytics. E-Commerce Measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed,
Average order values, shipping costs, and the time from viewing to purchasing a product are recorded. Google can aggregate this data under a transaction ID that is assigned to the respective user or their device.

We use Google Ads. Google Ads is an online advertising program from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g. location data and interests) (target group targeting). We as website operators can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks. The use of this service is based on your consent in accordance with Art. 6 (1) (f) GDPR.
a GDPR. Consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Our website uses Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently
to display interest-based advertising in the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device features. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC). If you have a Google Account, you can opt out of personalized advertising.
You can object to this at the following link: https://www.google.com/settings/ads/onweb/. Use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time. Further information and the data protection regulations can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

To build target groups, we use, among other things, customer matching from Google Ads Remarketing. This involves transferring certain customer data (e.g., email addresses) from our customer lists to Google. If the relevant customers are Google users and logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Our website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased most frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that could be used to personally identify the user. Google itself uses cookies or similar recognition technologies for identification. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time. Further information on Google Conversion Tracking can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Our website uses Facebook's visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries. This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This allows
Facebook allows the placement of advertisements on Facebook pages as well as outside of
Facebook. This use of data can be made by us as site operators
cannot be influenced. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. To the extent that personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and
their forwarding to Facebook. The processing carried out after the forwarding by
Facebook is not part of the joint controllership. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement,
we are responsible for providing data protection information when using the Facebook tool and
for the data protection-compliant implementation of the tool on our website
Facebook is responsible for the data security of Facebook products.
Rights of data subjects (e.g. requests for information) regarding the data processed by Facebook
You can assert your data directly with Facebook. If you assert your data subject rights with us, we are obligated to forward these to Facebook. You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you must be logged in to Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.
deactivate: http://www.youronlinechoices.com/de/praferenzmanagement/.

We use Facebook Custom Audiences. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us, or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences). Facebook processes this data as our processor. Details can be found in Facebook's user agreement: https://www.facebook.com/legal/terms/customaudience. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

To communicate with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Communication is carried out using end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp receives access to metadata generated during the communication process (e.g., sender, recipient, and time). We would also like to point out that WhatsApp, according to its own statements, shares its users' personal data with its US-based parent company, Meta. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used based on our legitimate interest in communicating with customers, prospects, and other business and contractual partners as quickly and effectively as possible (Art. 6 (1) (f) GDPR). If consent has been requested, data processing will be carried out exclusively on the basis of this consent; this consent can be revoked at any time with future effect. The communication content exchanged between you and us on WhatsApp will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected. The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/7735.

Our website incorporates elements of the social network Facebook. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries. An overview of Facebook's social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thus receives the information that you have visited this website using your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate the visit to this website with your user account. We would like to point out that we, as
The page providers have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at: https://dede.facebook.com/privacy/explanation.

If consent has been obtained, the use of the aforementioned service is based on Art. 6 (1) (a) GDPR. Consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive possible visibility on social media.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. Any processing by Facebook that occurs after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement,
We are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in compliance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-
de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

This website includes functions of the Instagram service. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or how it is used by Instagram. If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) (a) GDPR. Consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility possible on social media in accordance with Art. 6 (1) (f) GDPR. To the extent that personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert the rights of those affected (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://dede.facebook.com/help/566994660333381. Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

On this website we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. When you visit a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies. If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) (a) GDPR. Consent can be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the most comprehensive visibility possible in social media in accordance with Art. 6 (1) (f) GDPR. Further information on the purpose, scope and further processing and use of data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

We have integrated Pinterest Tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Pinterest Tag is used to record certain actions you perform on our website. The data can then be used to show you interest-based advertising on our website or on another page of the Pinterest Tag advertising network. For this purpose, the Pinterest Tag records, among other things, a Tag ID, your location and the referrer.
URL. Furthermore, campaign-specific data such as order value, order quantity, order number, category of purchased items, and video views may be recorded. Pinterest Tag uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g., cookies or device fingerprinting). If consent has been obtained, the Pinterest Tag will be used
The above-mentioned service is provided exclusively on the basis of Art. 6 (1) (a) GDPR. Consent can be revoked at any time. If no consent has been obtained, the use of this service is based on
Based on Art. 6 (1) (f) GDPR; the website operator has a legitimate interest in the most effective marketing measures possible pursuant to Art. 6 (1) (f) GDPR. Pinterest is a global company, so data may also be transferred to the USA. According to Pinterest, this data transfer is based on the EU Commission's standard contractual clauses. Details can be found here: https://policy.pinterest.com/de/privacy-policy. Further information on Pinterest Tag can be found here:
https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag.

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 (1) (b) GDPR (contract processing) and in the interest of ensuring the payment process is as smooth, convenient, and secure as possible (Art. 6 (1) (f) GDPR). If your consent is requested for certain actions, Art. 6 (1) (a) GDPR forms the legal basis for data processing; consent can be revoked at any time for the future.
We use the following payment services/payment service providers on this website: Mollie. The provider of this payment service is Mollie BV, Keizersgracht 126, 1015CW Amsterdam, Netherlands (hereinafter "Mollie"). Mollie allows us to integrate various payment methods on our website. Details can be found in Mollie's privacy policy: https://www.mollie.com/de/privacy.

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

For communication with our customers, we use online conference tools, among others. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool. The conference tools collect all data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start
and end (time) of participation in the conference, number of participants, and other "context information" related to the communication process (metadata). Furthermore, the provider of the tool processes all technical data required to process online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client
Version, camera type, microphone or speaker, and the type of connection. If content is exchanged, uploaded, or otherwise made available within the tool, this content is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/
Instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service. Please note that we do not have full control over the data processing practices of the tools used. Our options depend largely on the company policies of the respective provider. Further information on data processing
For information about the use of the conference tools, please refer to the privacy policies of the tools used, which we have listed below this text. Data processing by us is based on Art. 6 (1) (b) GDPR.

We use Zoom. The provider of this service is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: https://explore.zoom.us/de/privacy/. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://explore.zoom.us/de/rivacy/. The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is committed to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://ww.dataprivacyframework.gov/participant/5728.

Finally, we may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Note on data transfer to the USA and other third countries.
We use tools from companies based in the USA or other third countries that do not have secure data protection regulations. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obligated to disclose personal data to security authorities without you, as the data subject, being able to take legal action. It cannot therefore be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data stored on US servers for surveillance purposes. We have no influence over these processing activities.

DO NOT TRACK
Please note that we will not alter our website's data collection and use practices when we receive a "Do Not Track" signal from your browser. If you are a European resident, you have the right to access the personal information we have about you and to request that it be corrected, updated, or deleted. If you wish to exercise this right, please contact us using the contact details below. If you are a European resident, please also note that we are processing your information to fulfill contracts with you (for example, if you make an order through the website) or to pursue our legitimate business interests as identified above.
Please also note that your data will be transferred outside of Europe, including to Canada and the United States.

Newsletter data
If you would like to subscribe to the newsletter offered on the website, we need an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data solely to send the requested information and do not pass it on to third parties. The data entered into the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or when the purpose no longer applies. If you have ordered goods or services from us and have provided your email address, this email address may subsequently be used by us for the
Sending newsletters may be used, provided we inform you in advance. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. You can cancel the newsletter subscription at any time. For this purpose, a corresponding link is included in every newsletter. The legal basis for sending the newsletter in this case is
Art. 6 (1) (f) GDPR in conjunction with Section 174 (4) TKG. After you unsubscribe from the newsletter distribution list, your email address may be stored on a blacklist to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage on the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.

eCommerce and payment providers
When you order goods from us, we pass your personal data on to the transport company entrusted with delivery and to the payment service provider commissioned with payment processing. Only the data required by the respective service provider to fulfill their task will be released. The legal basis for this is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or to take pre-contractual measures. If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will pass on your email address to the transport company entrusted with delivery so that they can inform you by email about the shipping status of your order; you can revoke your consent at any time. When purchasing on account or using another payment method for which we make an advance payment, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of a payment default is determined on the basis of this data. If the risk of payment default is excessive, we may refuse the payment method in question. The credit check is carried out on the basis of contract fulfillment (Art. 6 (1) (b) GDPR) and to avoid payment defaults (legitimate interest according to Art. 6 (1) (f) GDPR). We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, bank details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 (1) (b) GDPR (contract processing) and in the interest of ensuring the payment process is as smooth, convenient, and secure as possible (Art. 6 (1) (f) GDPR). If your consent is requested for certain actions, Art. 6 (1) (a) GDPR is the legal basis for data processing; consent can be revoked at any time for the future.

We use the following payment services/payment service providers on this website:
Mollie
The provider of this payment service is Mollie BV, Keizersgracht 126, 1015CW
Amsterdam, Netherlands (hereinafter "Mollie"). With the help of Mollie we can
integrate various payment methods on our website. For details, see
Mollie's privacy policy: https://www.mollie.com/de/privacy.

PayPal
The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard
Royal, L-2449 Luxembourg (hereinafter “PayPal”).
Data transfer to the USA is based on the standard contractual clauses of the EU
Commission. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
For details, see PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter
“Klarna”). Klarna offers various payment options (e.g. installment purchase). If you
choose to pay with Klarna (Klarna Checkout Solution), Klarna will
collect various personal data from you. Klarna uses cookies to
to optimize the use of the Klarna checkout solution. Details on the use of
Klarna cookies can be found at the following link:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
Details can be found in Klarna’s privacy policy at the following link
read: https://www.klarna.com/de/datenschutz/.

Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339
Munich (hereinafter "Sofort GmbH"). Using the "Sofortüberweisung" (instant transfer) procedure
We receive a payment confirmation from Sofort GmbH in real time and can
immediately begin to fulfil our obligations. If you choose to
If you have chosen the payment method “Instant Transfer”, you send the PIN and a
valid TAN to Sofort GmbH, with which they can log into your online banking account
Sofort GmbH automatically checks your account balance after logging in and
carries out the transfer to us using the TAN you provided.
It will then immediately send us a transaction confirmation.
Also logged in are your sales, the credit limit of the overdraft facility and the
The existence of other accounts and their balances are automatically checked. In addition to the
PIN and TAN, the payment details you have entered and data
about you to Sofort GmbH. The data about you is
first and last name, address, telephone number(s), email address, IP address
and, if applicable, other data required for payment processing. The transmission of this
Data is necessary to clearly establish your identity and to prevent fraud attempts
Details on payment with Sofortüberweisung can be found at the following links:
https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Shopify Payment
The provider of this payment service in the EU is Shopify International Limited, 2nd Floor
Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter
“Shopify Payment”).
For details, see Shopify Payment’s privacy policy:
https://www.shopify.de/legal/datenschutz.

American Express
The provider of this payment service is American Express Europe SA, Theodor-Heuss-
Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).
American Express may transfer data to its parent company in the USA.
Data transfer to the USA is based on the Binding Corporate Rules. Details can be found
You can find it here: https://www.americanexpress.com/en-pl/company/legal/privacy-
centre/european-implementing-principles/.
For further information, please see the American Express privacy policy:
https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren
198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the USA.
Data transfer to the USA is subject to Mastercard’s Binding Corporate Rules
Details can be found here: https://www.mastercard.de/de-de/datenschutz.html
and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-
bcrs.pdf.

VISA
The provider of this payment service is Visa Europe Services Inc., branch
London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).
The UK is considered a secure third country in terms of data protection. This means that
Great Britain has a level of data protection that is equivalent to the level of data protection in the
European Union. VISA may transfer data to its parent company in the USA.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission
supported. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-
global-data-protection-notice/notice-on-competence-issues-for-the-eea.html.
For further information, please see VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

DATA RETENTION
When you place an order through the website, we will retain your order information for our records unless you request us to delete this data. Unless a more specific retention period is specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur once these reasons no longer apply.

CHANGES
We may change this privacy policy from time to time to reflect changes to our practices or for other operational, legal or regulatory reasons.

CONTACT
If you require more information about our privacy practices, have questions, or would like to make a complaint, please contact us by email at info@thatmagicalmind.com or by mail at the address below: Menzelstraße 10/3/12, 1210, Vienna, Austria.

REVOCATION OF YOUR CONSENT TO DATA PROCESSING
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation. If we process your data in our own interest or that of a third party, you also have the right to object at any time if there are reasons related to your particular situation.

RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND TO DIRECT MARKETING (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data is processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).

RIGHT TO LODGE APPEAL TO THE COMPETENT SUPERVISORY AUTHORITY
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or place of the alleged violation. This right of complaint is without prejudice to other administrative or judicial remedies. The competent supervisory authority for Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna; dsb@dsb.gv.at.

RIGHT TO DATA PORTABILITY
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

INFORMATION, CORRECTION AND DELETION
Within the scope of applicable law, you have the right at any time to obtain free information about your stored personal data, its origin and recipient, and the purpose of data processing, as well as the right to have this data corrected or deleted. You can contact us at any time with any questions about this or other issues relating to personal data.

RIGHT TO RESTRICTION OF PROCESSING
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, your interests must be weighed against ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted. If you have restricted the processing of your personal data, this data may – with the exception of its storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state. If you believe that we have violated Austrian or European data protection law in processing your data and have thereby infringed your rights, if you have any questions or comments regarding our handling or use of your personal data, or if you would like to exercise your rights as a data subject, please contact us (by email to: info@thatmagicalmind.com or by post to: Irene Semerciyan, Menzelstraße 10/3/12, 1210 Vienna) so that we can clarify any questions. Of course, you also have the right to lodge a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at) or a European supervisory authority.

Update to our privacy policy
We may review and revise our Privacy Policy and our practices regarding the processing of personal data from time to time. We will post the updated Privacy Policy on our website, and you should check back regularly for updates to our terms and conditions. Any revised terms and conditions will take effect from the date of posting.