Privacy Policy.
Privacy Policy
Table of Contents
- Introduction and Overview
- Scope
- Legal Basis
- Contact Details of the Controller
- Contact Details of the Data Protection Officer
- Storage Period
- Rights According to the GDPR
- Data Transfer to Third Countries
- Security of Data Processing
- Communication
- Cookies
- Web Hosting Introduction
- Website Builder Systems
- Web Analytics
- Google Analytics
Introduction and Overview
We have written this Privacy Policy (version 17.05.2026-113216545) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (“data”) we process as the controller and which data is processed by service providers commissioned by us.
In short: We comprehensively inform you about the data we process about you.
This Privacy Policy is intended to explain the most important information as simply and transparently as possible.
Scope
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us.
- all online presences (websites, online shops)
- social media presences and email communication
- mobile apps for smartphones and other devices
In short: The Privacy Policy applies to all areas where personal data is processed.
Legal Basis
We only process your data if at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): You have given us consent to process your data for a specific purpose.
- Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations.
- Legal Obligation (Article 6(1)(c) GDPR): We process your data if legally required.
- Legitimate Interests (Article 6(1)(f) GDPR): We reserve the right to process personal data where legitimate interests apply.
Contact Details of the Controller
PHOENIX LEGACY PRODUCTIONS e.U.
Lisa Marie Schoklitsch
Färbergasse 6
8010 Graz
Austria
Email:
office@liamchoclit.love
Phone:
+43 670 655 05 08
Imprint:
https://www.iamchoko.com/imprint/
Contact Details of the Data Protection Officer
PHOENIX LEGACY PRODUCTIONS e.U.
Lisa Marie Schoklitsch
Färbergasse 6
8010 Graz
Austria
Email:
office@liamchoclit.love
Phone:
+43 670 655 05 08
Storage Period
We only store personal data for as long as absolutely necessary to provide our services and products.
If you request deletion of your data or revoke consent, your data will be deleted unless legal obligations require storage.
Rights According to the GDPR
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to lodge a complaint
In short: You have rights — feel free to contact us.
Data Transfer to Third Countries
We only transfer or process data outside the GDPR area if:
- you consent to it
- it is legally required
- it is necessary for contractual obligations
Security of Data Processing
To protect personal data, we have implemented technical and organizational measures. Where possible, data is encrypted or pseudonymized.
TLS Encryption with HTTPS
We use HTTPS to securely transmit data over the internet. This means all data transfers between your browser and our server are encrypted.
Communication
If you contact us via telephone, email, or online form, personal data may be processed.
Purpose of processing:
- handling communication
- processing inquiries
- managing business transactions
Cookies
Our website uses HTTP cookies to store user-specific data.
Cookies are small text files stored by your browser. They help websites recognize users and improve usability.
Types of Cookies
Essential Cookies
Required for basic website functionality.
Functional Cookies
Improve website performance and user experience.
Targeted Cookies
Store personalized preferences.
Advertising Cookies
Used for personalized advertising.
Web Hosting Introduction
When visiting websites, certain information is automatically stored. This may include:
- IP address
- browser version
- operating system
- date and time
- device information
Purpose:
- website hosting
- website security
- maintaining IT operations
- optimization and troubleshooting
External Web Hosting Provider
Framer B.V.
Rozengracht 207
1016 LZ Amsterdam
Netherlands
Further information: https://www.framer.com/legal/data-processing-addendum/
Framer Privacy Policy
We use Framer B.V. as our website CMS.
Provider:
Framer B.V.
Rozengracht 207, 1016 LZ Amsterdam
Netherlands
Privacy Policy:
https://www.framer.com/legal/data-processing-addendum/
Web Analytics
We use web analytics tools to analyze visitor behavior.
Possible collected data:
- page views
- clicks
- navigation behavior
- IP addresses
- device data
- session duration
Google Analytics
We use Google Analytics 4 (GA4), provided by:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Google Analytics helps us analyze website usage and optimize our services.
Possible processed data:
- clicks
- page views
- session duration
- device information
- location data
- pseudonymized user IDs
Google Analytics may use cookies such as:
- _ga
- _gid
- _gat
Purpose:
- website optimization
- marketing improvement
- understanding user behavior
Social Media
Social Media Privacy Policy Summary Data subjects: Website visitors Purpose: Presentation and optimization of our services, contact with visitors, prospective customers, etc., advertising Data processed: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address. More details can be found in the respective social media tool's privacy policy. Storage period: Depends on the social media platforms used Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
Facebook Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as customer data, user behavior data, information about your device, and your IP address. More details can be found below in the privacy policy. Storage Period: Until the data is no longer useful for Facebook's purposes Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
Instagram Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as user behavior, device information, and your IP address. More details can be found below in the privacy policy. Storage Period: Until Instagram no longer needs the data for its purposes Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
TikTok
TikTok Privacy Policy Summary Data subjects: Website visitors Purpose: Optimizing our service Data processed: Your IP address, browser data, and the date and time of your visit may be stored. More details can be found below in the privacy policy. Storage period: Varies depending on settings Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
Blogs and Publication Media
Blogs and Publication Media Privacy Policy Summary Data Subjects: Website visitors Purpose: Presentation and optimization of our services, communication between website visitors, security measures, and administration Data Processed: Data such as contact details, IP address, and published content. More details can be found under the tools used. Storage Period: Depends on the tools used Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 sentence 1 lit. b GDPR (Contract)
Cookie Consent Management
Cookie Consent Management Platform Summary Affected parties: Website visitors Purpose: Obtaining and managing consent for specific cookies and thus the use of certain tools Data processed: Data for managing cookie settings, such as IP address, time of consent, type of consent, and individual consents. Further details can be found with the respective tool used. Storage period: Depends on the tool used; expect retention periods of several years. Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
AdSimple Consent Manager
AdSimple Consent Manager Privacy Policy Summary Data Subjects: Website Visitors Purpose: Obtaining consent for certain cookies and thus the use of certain tools Data Processed: Data for managing the configured cookie settings, such as IP address, time of consent, type of consent, and individual consents. More details can be found further down in this privacy policy. Storage Period: The cookie used expires after one year. Legal Basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
Payment Provider Privacy
Payment Provider Privacy Policy Summary Data Subjects: Website visitors Purpose: Enabling and optimizing the payment process on our website Data Processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data More details can be found with the respective payment provider tool. Storage Period: Dependent on the payment provider used Legal Basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)
eps-Überweisung Privacy Policy We use eps-Überweisung, an online payment service, on our website. The service provider is the Austrian company Stuzza GmbH, Frankgasse 10/8, 1090 Vienna, Austria. You can find more information about the data processed through the use of eps-Überweisung in the privacy policy at https://www.psa.at/en/data-protection-compliance.
Google Pay Privacy Policy We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. For the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google processes your data, among other places, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. In addition, Google uses so-called standard contractual clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de The Google Ads Controller Data Protection Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/adscontrollerterms/. You can find out more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy.
Klarna Checkout Privacy
Klarna Checkout Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing the payment process on our website Data Processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data More details can be found below in this privacy policy. Storage Period: Data is stored as long as Klarna needs it for the processing purpose. Legal Basis: Art. 6 para. 1 lit. c GDPR (Legal obligation), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
PayPal Privacy
PayPal Privacy Statement Summary Data Subjects: Website visitors Purpose: Optimizing the payment process on our website Data Processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data may be processed. More details can be found further down in this privacy statement. Storage Period: Data is generally stored until the cooperation with PayPal is terminated. Legal Basis: Art. 6 para. 1 lit. b GDPR (contract performance), Art. 6 para. 1 lit. a GDPR (consent)
Visa Privacy Policy We use Visa, a global payment provider, on our website. The service provider is the American company Visa Inc. For the European region, Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom) is responsible. Visa processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing. As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or data transfers to such countries, Visa uses so-called standard contractual clauses (= Art. 46, paras. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses obligate Visa to maintain European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de More information about Visa's Standard Contractual Clauses can be found at https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. For more information about the data processed through the use of Visa, please see the Privacy Policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
External Online Platforms
External Online Platforms Privacy Policy Summary Data subjects: Visitors to the website and/or visitors to external online platforms Purpose: Presentation and optimization of our services, contact with visitors and prospective customers Data processed: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address. More details can be found on the respective platform. Storage period: Depends on the platforms used Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)
Amazon (Europe) Privacy Policy We also use the online marketplace Amazon (Europe). The service provider is the American company Amazon Inc. For the European region, the company responsible is Amazon Europe Core S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg. Amazon processes your data, among other places, in the USA. Amazon is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Amazon also uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Amazon commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de The Amazon Data Processing Terms (AWS GDPR DATA PROCESSING), which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf. You can find more information about the data processed through the use of Amazon in the privacy policy at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010&ref_=footer_privacy.
Shopify Privacy Policy We use the online marketplace Shopify. The service provider is the American company Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Shopify processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing. As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or data transfers to such countries, Shopify uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses commit Shopify to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de For more information about the standard contractual clauses and the data processed through the use of Shopify, please see the Privacy Policy at https://www.shopify.de/legal/datenschutz or https://help.shopify.com/en/manual/your-account/privacy/GDPR/gdpr-faq#will-shopify-sign-standard-contractual-clauses.
Audio & Video Privacy
Audio & Video Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as contact information, user behavior data, information about your device, and your IP address may be stored. More details can be found below in the corresponding privacy policy texts. Storage Period: Data is generally stored as long as it is necessary for the service purpose. Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
Spotify Privacy Policy We use Spotify, a music and podcast streaming service, on our website. The service provider is Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. You can find more information about the data processed through the use of Spotify in their Privacy Policy at https://www.spotify.com/de/legal/privacy-policy/.
VIMEO
Vimeo Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as contact information, user behavior data, information about your device, and your IP address may be stored. More details can be found below in this privacy policy. Storage Period: Data is generally stored as long as it is necessary for the service purpose. Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
YouTube
YouTube Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as contact information, user behavior data, information about your device, and your IP address may be stored. More details can be found below in this privacy policy. Storage Period: Data is generally stored as long as it is necessary for the service purpose. Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
Web Design
Web Design Privacy Policy Summary Data Subjects: Website visitors Purpose: Improving user experience Data Processed: The specific data processed depends heavily on the services used. This typically includes IP address, technical data, language settings, browser version, screen resolution, and browser name. Further details can be found with the respective web design tools. Storage Period: Depends on the tools used Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
Adobe Fonts Privacy Policy We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. For the European Economic Area, the Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible. Adobe processes your data, among other places, in the USA. Adobe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. In addition, Adobe uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Adobe commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de More information about Adobe's Standard Contractual Clauses can be found at https://www.adobe.com/at/privacy/eudatatransfers.html. For more information about the data processed through the use of Adobe Fonts, please see the Privacy Policy at https://www.adobe.com/at/privacy.html.
Getty Images Privacy Policy We use the Getty Images image portal on our website. The service provider is the American company Getty Images Inc., 605 5th Avenue South Suite 400 Seattle, WA 98104, USA. Getty Images processes your data, among other places, in the USA. Getty Images is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Getty Images also uses so-called standard contractual clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Getty Images commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. For more information about the data and Standard Contractual Clauses processed through the use of Getty Images, please see the privacy policy at https://www.gettyimages.at/company/privacy-policy.
Google Fonts
Google Fonts Privacy Policy Summary Data Subjects: Website visitors Purpose: Optimizing our service Data Processed: Data such as IP address and CSS and font requests More details can be found below in this privacy policy. Storage Period: Font files are stored by Google for one year Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)
Closing Remarks
Congratulations! If you're reading this, you've really made it through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously. It's important to us to inform you about the processing of personal data to the best of our knowledge and belief. We don't just want to tell you which data is processed, but also explain the reasons for using various software programs. Privacy policies usually sound very technical and legal. Since most of you aren't web developers or lawyers, we wanted to take a different approach and explain things in simple and clear language. Of course, this isn't always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy. If you have any questions about data protection on our website, please don't hesitate to contact us or the responsible party. We wish you all the best and hope to welcome you back to our website soon. All texts are protected by copyright. Source: Privacy policy created with the privacy policy generator for Austria by AdSimple