Privacy Policy
Last updated:
1. Introduction
Forestvibrant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website forestvibrant.world and use our services. This policy complies with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Austrian Data Protection Act (Datenschutzgesetz – DSG 2018), and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
Forestvibrant
Address: Ennser Str. 23, 4400 Steyr, Austria
Email: online@forestvibrant.world
Country: Austria
3. Personal Data We Collect
We may collect the following categories of personal data:
- Identity Data: Name, title
- Contact Data: Email address, telephone number, delivery address
- Transaction Data: Details about orders and payments
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Information about how you use our website
- Marketing Data: Your preferences for receiving marketing communications
4. How We Collect Your Data
We collect personal data through:
- Direct interactions when you fill out forms, place orders, or contact us
- Automated technologies including cookies and similar tracking technologies
- Third parties such as analytics providers and payment processors
5. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Consent: When you have given clear consent for us to process your personal data for specific purposes
- Contract: When processing is necessary for the performance of a contract with you
- Legal Obligation: When processing is necessary for compliance with a legal obligation
- Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests
6. Purposes of Data Processing
We use your personal data for the following purposes:
- To process and fulfill your orders
- To communicate with you about your orders and inquiries
- To send marketing communications (with your consent)
- To improve our website and services
- To comply with legal and regulatory requirements
- To prevent fraud and protect our business
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Order and transaction data: 7 years for tax and legal compliance
- Marketing consent records: Until you withdraw consent
- Technical and usage data: Up to 2 years
- Customer service inquiries: 3 years after resolution
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise any of these rights, please contact us at online@forestvibrant.world. We will respond without undue delay and at the latest within one month (Article 12(3) GDPR). That period may be extended by two further months where necessary; we will inform you of any such extension.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for data in transit
- Secure servers and access controls
- Regular security assessments
- Staff training on data protection
- Limited access to personal data on a need-to-know basis
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours (Article 33 GDPR). Where the breach is likely to result in a high risk to you, we will also inform you without undue delay (Article 34 GDPR).
10. International Data Transfers
If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries with adequate data protection laws.
11. Third-Party Sharing
We may share your personal data with:
- Service providers who assist with order fulfillment, payment processing, and shipping
- Analytics providers to help us understand website usage
- Legal authorities when required by law
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
12. Cookies
We use cookies and similar technologies on our website. For detailed information, please see our Cookie Policy.
13. Children's Privacy
Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date.
15. Complaints
If you have concerns about how we handle your personal data, you may contact us to resolve the issue. You also have the right to lodge a complaint with a supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
Website: www.dsb.gv.at
Email: dsb@dsb.gv.at
Complaints must be lodged within one year of the date on which you became aware of the alleged violation, and at the latest within three years of the date of the violation (Section 24 DSG 2018). You may also lodge a complaint with the supervisory authority of your place of residence in the EU/EEA.
16. Contact Us
For any questions about this Privacy Policy or your personal data, please contact: