Privacy Policy

Last updated: December 15, 2025
This English translation is provided for convenience only. In case of discrepancies, the German version of the Privacy Policy („Datenschutzbestimmung“) applies legally.

1. Responsible person

Rethink Minimal
Managing director: Maria Linasi
Mozartstrasse 22/3/9
E-mail: office@rethinkminimal.com

2. General Information

The protection of your personal data is of particular importance to us. We therefore process your data exclusively on the basis of the legal provisions (GDPR, Austrian Telecommunications Act 2021). In this privacy policy, we inform you about the most important aspects of data processing within the framework of our website and our online shop.

Data sharing with third parties: Your personal data will only be passed on to third parties if this is necessary for the performance of the contract, if there is a legal obligation to do so, or if you have expressly consented.

3. Data collection on our website

3.1 Server log files

When you visit our website, general information is automatically collected (server log files). This includes, for example, browser type, operating system used, domain name of your internet service provider, and IP address. This data is technically necessary to deliver the content correctly and to ensure system security.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

4. Cookies

Our website uses cookies to enable certain functions and improve user-friendliness. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit.

If you do not wish to allow cookies, you can configure your browser to notify you when cookies are being set and allow them only on a case-by-case basis. Disabling cookies may limit the functionality of our website.

Legal basis:

Consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with § 165 para. 3 TKG 2021 (for non-essential cookies)
Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (for technically necessary cookies)

5. Cookie consent tool (Cookiebot)

We use the consent management tool Cookiebot from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Cookiebot is used to obtain and document your consent to the storage of certain cookies.

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR (for the fulfillment of accountability) in conjunction with the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

Further information: https://www.cookiebot.com/de/privacy-policy/

6. WooCommerce (e-commerce system)

Our online shop is powered by the open-source system WooCommerce, a plugin from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, operated.

Data processed:

Customer information (name, address, email)
Payment and delivery information
Product and order data

Data processing is carried out to fulfill our contractual obligations and to implement pre-contractual measures.

Legal basis: Contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR.

Data transfer to the USA: Automattic Inc. is named after the EU-US Data Privacy Framework (DPF) certified and therefore guarantees an appropriate level of data protection.

Storage duration: The data processed in connection with orders will be stored for the duration of the contract processing as well as in accordance with the statutory retention periods (e.g. according to BAO and UGB – usually 7 years).

Further information: https://automattic.com/privacy/

7. Web analytics & tag management (Google Analytics & Google Tag Manager)

Our website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics allows us to collect and analyze information about the use of our website in order to continuously improve the functionality, content and user-friendliness of our online services.

In addition, we implement the Google Tag Manager This is solely for the technical management of website tags. The Google Tag Manager itself does not store any personal data and does not access device information, but merely controls the triggering of other services, which in turn may process data.

IP anonymization
IP anonymization is activated on this website. This means your IP address is shortened within the European Union or the European Economic Area before further processing. Only in exceptional cases will the full IP address be transmitted to Google servers in the USA and shortened there.

Purpose of data processing
The data is processed for the purpose of statistical analysis of user behavior, optimization of our website and improvement of our services.

Legal basis
Personal data is processed exclusively on the basis of your consent in accordance with:

Article 6 paragraph 1 letter a GDPR
Section 165 Paragraph 3 of the Telecommunications Act 2021 (TKG 2021)

Your consent will be obtained via the cookie consent tool used and can be revoked or adjusted at any time with effect for the future.

Recipients of the data & transfer to third countries
Google processes the collected data as a data processor. The possibility of data being transferred to the USA cannot be ruled out.
To ensure the level of data protection, Google relies on standard contractual clauses pursuant to Art. 46 GDPR.

Storage duration
The data collected via Google Analytics will only be stored for as long as is necessary for the aforementioned purposes or until your consent is revoked.

Revocation of consent
You can withdraw or change your consent at any time via the cookie settings on our website. The lawfulness of the processing carried out until the withdrawal remains unaffected.

Further information

Google Privacy Policy: https://policies.google.com/privacy
Information about Google Analytics: https://support.google.com/analytics

8. Payment service providers

We use various payment service providers to process payments in our online shop. Personal data (e.g., name, billing details, payment information) is transmitted to the respective providers to the extent necessary for payment processing.

Data processed: Name and billing address, order information, payment details (e.g. credit card number, account holder, IBAN).

Legal basis: Contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR.

a) Visa and Mastercard

If you pay by credit card, the transaction will be processed through the respective card providers. Visa Europe Services Inc. and Mastercard Europe SA.

Data transfer: Both companies are after the EU-US Data Privacy Framework (DPF) certified and therefore guarantee an appropriate level of data protection.

Further information:

Visa: https://www.visa.de/legal/global-privacy-notice.html
Mastercard: https://www.mastercard.de/de-de/datenschutz.html

b) Apple Pay

When using Apple Pay, payment processing is handled via Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

Data processed: Transaction data, device information, partially anonymized payment information.

Data transfer: Apple is after the EU-US Data Privacy Framework (DPF) certified and therefore guarantees an appropriate level of data protection.

Further information: https://www.apple.com/legal/privacy/de-ww/

c) Google Pay

When using Google Pay, payment processing is handled by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and any affiliated companies.

Data processed: Transaction data, device information, partially anonymized payment information.

Data transfer: Google may transfer data to the USA. Google is certified under the EU-US Data Privacy Framework (DPF) and therefore guarantees an adequate level of data protection.

Further information: https://policies.google.com/privacy

d) PayPal

When using PayPal, payment processing is handled by PayPal (Europe) S.à rl et Cie, SCA, 22–24 Boulevard Royal, L-2449 Luxembourg.

Data processed: Payment data, transaction data, account information, identification data.

Data transfer: PayPal may transfer data to group companies and service providers in third countries (including the USA). PayPal bases such transfers on appropriate safeguards in accordance with the GDPR (e.g., standard contractual clauses).

Further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

9. Shipping service provider

To deliver your orders, we pass on personal data (name, delivery address, possibly email address and telephone number for package notifications) to our shipping service providers.

We are currently using the Austrian Post AG as well as other transport companies if necessary for delivery.

Legal basis: Contract fulfillment in accordance with Art. 6 para. 1 lit. b GDPR.

10. Making contact

If you contact us via the form on the website or by email, your data will be stored for processing the request and for any follow-up questions.

Legal basis:

Contract performance (Art. 6 para. 1 lit. b GDPR)
Consent (Art. 6 para. 1 lit. a GDPR)
Legitimate interest (Art. 6 para. 1 lit. f GDPR)

11. Social Media Links

We link to our social media profiles (e.g., Instagram, Pinterest, Facebook) on our pages.
No data is automatically transmitted to these platforms when you visit our website. You will only be directed to the respective platform by clicking on the link.

12. Rights of data subjects

You have the right to:

Right of access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Withdrawal of consent (Art. 7 para. 3 GDPR)

If you believe that the processing of your data violates data protection law, you can lodge a complaint with us or with the supervisory authority.

Competent supervisory authority:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
https://www.dsb.gv.at

13. Revocation of consent

You may revoke your consent at any time with future effect.
To do so, simply send an informal email to office@rethinkminimal.com or adjust your settings directly in the cookie banner.
The legality of the processing carried out until revocation remains unaffected.

14. External fonts: Google Fonts

We integrate fonts from Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

Data processed: IP address, browser information, device information.

Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR, given via our consent tool.

Data transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework (DPF) and ensures an adequate level of data protection. Standard Contractual Clauses (SCCs) are also used.

15. Accessibility of this privacy policy

This privacy policy can be viewed at any time on our website at Privacy Policy It is accessible and is updated when changes occur.