§ Plancha

Privacy policy for Plancha blog and newsletter

Introduction

At Mainspring GmbH, we are committed to protecting your personal data and upholding your rights under European and Austrian data protection laws.

This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit the blog, engage with our services, or interact with us in other ways. It applies to all processing of personal data where Mainspring GmbH acts as the data controller. That is, when we determine the purposes and means of processing your data.

In this policy, “we”, “us”, and “our” refer to Mainspring GmbH, a for-profit association based in Vienna, Austria.

We process your personal data responsibly, transparently and in compliance with the General Data Protection Regulation (GDPR) and the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz or DSG). Our aim is to ensure you understand what data we collect, why we collect it, and how you can exercise your rights.

General information

In accordance with the DSG 1. § (1) subsection and the EU General Data Protection Regulation (Regulation (EU) 2016/679), every individual has the right to the protection of their personal data. We handle your data in compliance with that legal framework and take appropriate technical and organisational measures to protect it against unauthorised access, loss, or misuse.

Please note that data transmission over the internet (e.g., via email) may be subject to vulnerabilities. While we work with secure hosting providers to safeguard our systems, full protection cannot be guaranteed.

By accessing the blog, you consent to the collection and processing of data as outlined below. The blog may be used without registration. We may store anonymised usage data (e.g., accessed pages, timestamps) for analytical purposes. Any personal data (e.g., name, email) is collected voluntarily and not shared with third parties without your consent.

Processing of personal data

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, deletion, storage, modification, destruction and use of personal data.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Federal Act concerning the Protection of Personal Data of 1 January 2000.

The legal bases for processing are set out in Article 6(1) GDPR, including:

  • Consent (a): when you have given clear permission for a specific purpose;
  • Contract (b): when processing is necessary for a contract or steps prior to a contract;
  • Legal obligation (c): when required to meet a legal duty;
  • Vital interests (d): to protect someone's life or safety;
  • Legitimate interest (f): for our justified interests unless overridden by your fundamental rights.

We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Transfer of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transfer required by contract or law, we only process the data in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

In accordance with Article 13 GDPR, we inform you of the legal bases for our processing of personal data. Where no specific legal basis is stated elsewhere in this policy, the following applies:

  • Consent: Article 6(1)(a) and Article 7 GDPR – where you have given consent for one or more specific purposes.
  • Contractual necessity: Article 6(1)(b) GDPR – where processing is necessary for the performance of a contract or to take steps prior to entering into a contract.
  • Legal obligation: Article 6(1)(c) GDPR – where processing is necessary for compliance with a legal obligation.
  • Vital interests: Article 6(1)(d) GDPR – where processing is necessary to protect the vital interests of the data subject or another natural person.
  • Legitimate interests: Article 6(1)(f) GDPR – where processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Security measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in line with legal requirements. These include safeguards for the confidentiality, integrity and availability of personal data, as well as controls on access, input, disclosure and storage. We also have procedures to support data subject rights, data deletion, and incident response. Data protection is considered from the outset in our choice of systems and processes, following privacy-by-design and default principles.

Blog privacy policy

Privacy policy for cookies

The Plancha blog is run by Ghost Foundation Ltd., 160 Robinson Road, #14-04 SBF Center, Singapore (068914). Ghost Foundation Ltd. uses personal data and cookies. Cookies are text files stored by your browser to retain data about your visit, such as language settings, login status, or viewed content. The term also covers similar technologies that serve the same purpose, including pseudonymous user identifiers.

You can find more information on this in Ghost Foundation Ltd's privacy policy: the Privacy and Cookie Policy.

Privacy policy for contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

Newsletter - Ghost Foundation Ltd.

We use the mailing service provider Ghost Foundation Ltd. to manage and send our newsletters. That platform allows us to maintain subscriber lists, design campaigns, and analyse engagement metrics. The provider processes personal data in accordance with the General Data Protection Regulation (GDPR) and acts as data processors on our behalf under Article 28(3) of the GDPR.

Ghost Foundation Ltd. may process subscriber data in a pseudonymised format, meaning the data cannot be directly linked to an individual, for the purpose of improving service reliability and generating usage statistics. They do not use personal data to contact subscribers directly or to share it with third parties.

The legal basis for this data processing is our legitimate interest in communicating effectively and securely with our subscribers, as set out in Article 6(1)(f) GDPR. 

Privacy policy for newsletter data

If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the ‘unsubscribe link’ in the newsletter. 

Social media privacy policies

Privacy policy for Instagram

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. 

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. 

You can find more information on this in Instagram's privacy policy.

Rights of data subjects

Under the General Data Protection Regulation (GDPR), any person whose personal data is processed (a "data subject") is entitled to exercise the following rights. To do so, the data subject may contact us at hello@plancha.food

Right to confirmation

A data subject has the right to request confirmation as to whether their personal data is being processed.

Right to access

A data subject has the right to access their personal data and to obtain the following information:

  • The purposes of processing;
  • The categories of personal data processed;
  • The recipients or categories of recipients to whom the data has been or will be disclosed;
  • The envisaged storage period or, if not possible, the criteria used to determine that period;
  • The existence of the right to rectification, erasure, restriction or objection;
  • The right to lodge a complaint with a supervisory authority;
  • Where the data was not collected from the data subject, any available information about the source;
  • Whether the data has been transferred to a third country or international organisation, and details of appropriate safeguards.

If you wish to exercise this right to access, you can contact our data protection officer at any time.

Right to rectification

A data subject has the right to request the correction of inaccurate personal data and the completion of incomplete data, taking into account the purposes of the processing.

If you wish to exercise this right to rectification, you can contact us at hello@plancha.food at any time.

Right to erasure (right to be forgotten)

A data subject may request the deletion of their personal data without undue delay, in particular when:

  • The data is no longer necessary for the purposes for which it was collected;
  • The data subject withdraws consent and no other legal ground applies;
  • The data subject objects to processing and no overriding legitimate grounds exist;
  • The data was unlawfully processed;
  • Erasure is required by a legal obligation;
  • The data was collected in relation to services offered to a child.

If one of the above reasons applies and you would like to request the deletion of personal data stored on this website, you can contact us at hello@plancha.food at any time. We will ensure that the request for erasure is complied with immediately.

Right to restriction of processing

A data subject may request the restriction of processing where:

  • The accuracy of the data is contested;
  • Processing is unlawful, but erasure is opposed;
  • The data is no longer needed for processing but is required for legal claims;
  • An objection to processing is pending verification of overriding grounds.

If one of the above conditions is met and you wish to request the restriction of personal data stored on this website, you can contact us at hello@plancha.food at any time. We will arrange for the restriction of processing.

Right to data portability

A data subject has the right to receive their personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible and legally permitted.

To assert the right to data portability, you can contact us at hello@plancha.food at any time.

Right to object

A data subject may object, on grounds relating to their particular situation, to the processing of their personal data. Processing must cease unless compelling legitimate grounds are demonstrated, or the data is required for legal claims.

To exercise your right to object, you can contact us at hello@plancha.food directly.

Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.

If you wish to exercise your right to withdraw consent, you can contact us at hello@plancha.food at any time.

Right to lodge a complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria, http://www.dsb.gv.at

External payment service providers

This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example, via: Stripe (https://stripe.com/ch/privacy)

In fulfilling contracts, we use external payment service providers under DSG and, where applicable, Article 6(1)(b) and (f) GDPR. This enables us to offer secure and efficient payment options based on contractual necessity and legitimate interest.

Processed data may include name, address, bank or card details, passwords, and transaction information. This data is handled solely by the payment providers and is not accessible to us, except for confirmation of payment status. In some cases, data may be shared with credit agencies to verify identity or creditworthiness.

All transactions are subject to the terms and privacy policies of the respective providers. Please consult their policies for details on data use and your rights.

General disclaimer

All content on this blog and newsletter is reviewed with care, and we aim to provide accurate, up-to-date, and complete information. However, we cannot guarantee the absence of errors or the accuracy and timeliness of all content. We accept no liability for damages arising from the use of the blog and newsletter, unless due to wilful misconduct or gross negligence.

Content may be modified or removed at any time without notice. Use of the blog and newsletter is at your own risk. We are not liable for the content or availability of third-party sites linked here; responsibility lies solely with their operators.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our blog shall apply. If the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

Questions regarding data protection

If you have any questions about data protection, please send us an e-mail to hello@plancha.food