KZY Mobility

Privacy Policy

Last updated: 12/24/2025

Privacy Policy

Effective date: [Current Date]

Controller (in the sense of the GDPR)

[Your Company Name]
[Your Address]
[Your E‑mail Address]
[Your Telephone Number]

1. Overview and Purpose

This privacy policy explains how we collect, use, and protect your personal data when you visit our website [Your Web Address] and use our services. Protecting your personal data is of special importance to us.

2. Legal Basis for Data Processing

  • When we obtain your consent for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.
  • When the processing of personal data is necessary for the performance of a contract of which you are a party, Article 6(1)(b) GDPR is the legal basis. This also applies to processing that is necessary for pre‑contractual measures.
  • When processing personal data is required to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR is the legal basis.
  • When processing is necessary for the legitimate interests of our company or a third party, and your interests or fundamental rights and freedoms do not override those interests, Article 6(1)(f) GDPR is the legal basis.

3. Data Collection on Our Website (Cookies)

Our website uses cookies to analyse usage, make our offering more user‑friendly, and enable certain functions. Cookies are small text files stored on your device. You can disable cookie storage in your browser settings; however, this may limit the functionality of our website.

4. Collection and Processing of Data in the Order Process

When you place an order we collect the data necessary to fulfil the contract, including:

  • Name, address, billing address, delivery address
  • E‑mail address
  • Telephone number
  • Payment information (e.g., credit‑card number, which is securely forwarded to the payment provider)
  • Order history

Purpose of processing: contract execution, delivery, payment handling, customer support.

Recipients of the data: Your data are passed on to service providers that we need to fulfil the contract (e.g., shipping carriers such as Österreichische Post, payment providers such as PayPal or Stripe, hosting providers). All service providers are carefully selected and contractually bound to the GDPR (data‑processing agreements).

Transfer to third countries: If we use service providers located outside the European Economic Area (EEA) (e.g., PayPal in the USA), we ensure an adequate level of data protection through the EU’s standard contractual clauses.

5. Retention Period

We store your data only as long as it is necessary for the respective purpose. Statutory retention periods (especially under the Austrian Commercial Code – UGB – 7 years) remain unaffected. After these periods expire, your data are deleted unless they are still required for contract fulfilment or legal obligations.

6. Your Data Subject Rights

As a data subject under the GDPR you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request completion or correction of inaccurate data.
  • Right to erasure (“right to be forgotten”, Art. 17 GDPR): Under certain conditions you may request deletion of your data.
  • Right to restriction of processing (Art. 18 GDPR): Under certain conditions you may request that we limit the processing of your data.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a machine‑readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on Art. 6(1)(f) GDPR (legitimate interests).

To exercise any of these rights, please contact the address listed above.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with the Data Protection Authority (Barichgasse 40‑42, 1030 Vienna, www.dsb.gv.at) regarding the processing of your personal data by us.