Privacy Notice

What this is about

Mouritz is committed to protecting and respecting your privacy.

This Notice explains when and why we obtain personal information, how we use it, the conditions under which we may disclose it to others, how we keep it secure, and what rights you have regarding it.

We may change this Notice from time to time. Changes will be publicised via the website and our e-newsletter.

Personal data — what is it?

Personal data relates to a living individual who can be identified from that data. Identification may be possible using the data alone or by using it alongside any other information available or potentially available to whoever has it. Something as simple as a work email address can be personal data e.g. jane.smith@company.com.

Summary of our privacy policy

Mouritz is committed to complying with the statutory requirements for the processing of personal data, as expressed in the EU General Data Protection Regulations and the relevant Austrian  legislation.  This means, in particular, that Mouritz:

• processes your personal data lawfully
• does so transparently, so you are aware of what processing is involved
• make you aware of your legal rights
• keep your personal data secure

For fuller details of the statutory data protection framework, see the further information section at the end of this Notice.

Key points

• We collect and retain only the reasonable minimum of personal information needed to operate
• We never sell your personal data to third parties

• We never pass on your details to third parties without your consent unless legally required to do so or to prevent crime

Legal basis for processing personal data

The legal basis for Mouritz processing personal data is to support its legitimate business interests which include

• keeping customers and potential customers informed of products and services
• sales and distribution to customers
• interacting with suppliers including copyright holders and writers
• dealing with queries

Day-to-day processing of your data

1. When you contact us, e.g. with a query, we retain information such as name and means of contact (telephone no., email address, address) sufficient for the purposes of responding to you.
2. When you sign up to our email newsletter we retain access to the information held in the Mailchimp record system i.e. name, email address and IP address. The information is used to distribute the newsletter.
3. When you make a purchase by email or in person we record essential information such as name and address, email address, telephone number - if provided - for the purpose of a receipt and/or delivery of goods (transaction-based data). 
4. If you use our online shop to order goods, personal information such as name and address will be recorded to allow us to fulfil your order.  You may also choose to create an account in the shop in which case the details you provide will be recorded in the database of accounts for current and future ordering.
5. We hold minimal personal information such as contact details in the pursuance of our publishing business, for example to seek copyright permissions, to deal with suppliers, or discuss opportunities with writers. Such information is typically held in email files or electronic contact lists.
6. Our website uses cookies to record preferences or, in the case of the shop, to allow it work properly.  See the section on cookies for more about cookies. Not all cookies are personal data.

Note that when you engage with us on social media such as Facebook or Twitter we do not keep any information independently of those platforms, nor do we carry out any further processing of that information using tools that such platforms may offer. The responsibility for your data remains solely with you and the platforms concerned.

Similarly, please note that if you pay by paypal we do not obtain or have access to any credit card details.

Keeping personal data

All our email newsletters are sent with an ‘unsubscribe’ facility, and records will be held until you use this option. After you unsubscribe, the records are retained for a further short period in case  you want to resubscribe, after which Mouritz deletes them.

Personal information associated with orders is part of our bookkeeping records which have to be kept for 8 years to comply with the requirements of the tax authorities.  After 8 years the records are deleted/destroyed.

Personal information recorded in connection with contracts is retained for the life of the contract plus ten years.

Mouritz makes judgments on a case-by-case basis about keeping personal information associated with general correspondence, according to whether retaining the  correspondence has a continuing value that would be understood by the correspondent (i.e. "implied consent"). Where it is clear that the correspondence is no longer needed it is deleted sooner rather than later, either ad hoc or as part of regular house-keeping of  correspondence.

Personal data associated with content you may have posted on our social media accounts remains under your direct control to delete as and when you see fit.

If you have created an online account at the Mouritz shop but not placed an order, you may request that the account be deleted.

Please note your "right to be forgotten" (discussed further below) in respect of personal data we hold about you.

Sharing personal data

We do not share personal information with any third party except

• as required by any carrier in order to deliver mail-order purchases
• where required or invited to do so following a request by a statutory authority such as law enforcement agency that is authorised under the data protection legislation: Mouritz assesses the need to comply with any such  request on a case-by-case basis
• where essential to assist in the detection or prevention of crime.

Data security

Personal data is stored electronically in password protected storage; hardcopy material is stored in  lockable cabinets that only staff can access. Passwords are not written down and are only available to staff.

Your rights

Data protection legislation guarantees that you have certain rights in respect of your personal data.

You have the right to be informed about how Mouritz handles your personal data (which is the purpose of this Privacy Notice).

You have the right to request personal information that is held about you. This is called a ‘subject access request’. 

You have the right to have incorrect data corrected and incomplete data completed.

You may have a ‘right to be forgotten’ i.e. to have personal data about you erased. This is not an absolute right and can involve a balancing exercise.

You have a right to restrict the use of data (normally as a temporary measure).

You have the right of data portability, meaning you can request us to give you certain personal data in a structured way so it can be re-used. If the request seems excessive, we may charge a fee or refuse the request.

You have the right to object to us processing your data.

Exercising your rights

If you want to exercise any of your rights, please contact Mouritz using the details on the Impressum page of this website.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make in the exercise of your rights. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If you think we are not responding to your concerns or requests satisfactorily, you may wish to contact the Datenschutzbehörde, the Austrian body that oversees compliance with the privacy legislation, and seek their help. Their website is https://www.dsb.gv.at/.

Accountability

The Data Controller is the Jean Fischer. Full contact details can be found on the website Impressum page.
Mouritz and Jean Fischer conform with the requirements of the Datenschutzbehörde.

Cookies

Our website uses cookies.  These are small files of texts and numbers  that websites store on your computer for diverse purposes. Some, but not all cookies, count as personal data. For example, when you are asked whether you will accept cookies, the answer itself is stored in a cookie. This  is personal data as it stores your personal preference.

Separate legislation governs the use of cookies, whether personal data or not. For fuller information, including how cookies are used by the Mouritz website, please refer to our About Cookies page; for the avoidance of doubt, we consider it part of our Privacy Policy.

Further information about data protection

For full information about the European data protection rules visit https://commission.europa.eu/law/law-topic/data-protection/reform_en. Mouritz is bound by these rules regardless of where you reside.

Austrian legislation aligns with the European rules but there may be minor additional requirements. Details in the English language can be found at https://www.data-protection-authority.gv.at/. Note that this is "not a direct translation of the official German website".