Privacy Policy
Last updated: 13 May 2026
1. Data Controller
Controller within the meaning of the General Data Protection Regulation (GDPR):
Martini & Radl OG
Garnisongasse 4/11, 1090 Vienna, Austria
Email: [email protected]
2. Data processing when visiting this website
When you visit euwiderruf.com, technically necessary data is processed:
- IP address (anonymized after 24 hours)
- Date and time of access
- URL accessed
- Browser type and version
- Operating system
Legal basis: Art. 6(1)(f) GDPR - legitimate interest in providing and securing the website. Retention: 30 days (server logs), then deletion.
3. Cloudflare
This website is delivered via Cloudflare Pages (Cloudflare, Inc., USA). Cloudflare processes IP addresses to deliver the website and to protect against attacks. A data processing agreement under Art. 28 GDPR is in place with Cloudflare. The EU Commission's Standard Contractual Clauses (SCCs) have been agreed.
4. Cloudflare Web Analytics (cookieless)
We use Cloudflare Web Analytics. Only aggregated, anonymous data is collected. No cookies are set, no cross-device tracking is performed, and no personal data is stored.
5. Contact form
If you contact us via the contact form or by email, the data you provide (name, email address, message content) is stored in order to process your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest). Retention: until your request has been handled, max. 24 months.
6. Newsletter (optional)
If you subscribe to our newsletter, we process your email address to send it on the basis of Art. 6(1)(a) GDPR. You can unsubscribe at any time via the unsubscribe link at the end of every email. Sending is handled by an email service provider with whom a data processing agreement (Art. 28 GDPR) is in place.
7. EU Withdrawal Button Pro Shopify app - separate notes
If you install the EU Withdrawal Button Pro Shopify app, additional data is processed in your Shopify store. This processing takes place in our role as a processor for the Shopify merchant (Art. 28 GDPR). A Data Processing Agreement (DPA) is concluded by default during the installation process.
The app processes the following data:
- Order data (order number, email address, first and last name, items, amounts)
- Withdrawal data (timestamp, reason [optional], IP hash for the audit trail)
- Aggregated statistics (anonymous)
Processing and storage take place on servers within the EU/EEA; transmission is TLS-encrypted. The retention period of withdrawal records depends on the booked plan (Free: 3 months, Basic: 12 months, Premium: 24 months). After the app is no longer used (uninstalled), the data processed on the merchant's behalf is deleted within 30 days, unless a statutory retention obligation of the merchant requires otherwise. Responsibility for the merchant's own retention obligations (e.g., § 132 BAO, § 257 HGB for tax-relevant data) lies with the merchant. Details on the service providers used and on the technical and organizational measures can be found in our Data Processing Agreement (DPA).
8. Your rights
You have the right to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR) - limited by statutory retention obligations
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent (Art. 7(3) GDPR)
- Lodging a complaint with a supervisory authority (Art. 77 GDPR)
9. Transfers to third countries
As a rule, your personal data is not transferred to third countries (outside the EU/EEA). Where our service providers have a third-country connection (e.g., Cloudflare's US parent company), the EU Commission's Standard Contractual Clauses (SCCs) have been agreed.
10. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy so that it always complies with current legal requirements. The current version is available on this page.
Last updated: 13 May 2026. Questions: [email protected]