Privacy Policy

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Baba Genetics
Liniengasse 29/2
1060 Vienna
Austria
E-Mail: linkup@babagenetics.com
Phone: +43 677 645 53 703

2. General Information on Data Processing

We process personal data exclusively on the basis of the applicable legal provisions (GDPR, Austrian Data Protection Act (DSG), Austrian Telecommunications Act 2021 (TKG 2021)).

Personal data means any information relating to an identified or identifiable natural person.

3. Hosting and Shop System

Our website is operated on our own server and is based on the shop system PrestaShop.

Server log data is processed by us as the controller.

Collected server log data:

• IP address

• Date and time of request

• Browser type and browser version

• Operating system

• Referrer URL

• Accessed pages/files

• HTTP status code

Purpose of processing:

• Ensuring stable website operation

• System security

• Error analysis

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Log files are stored only for as long as necessary to ensure system security.

4. Orders in the Webshop

When placing an order, we collect and process the following data:

• First and last name

• Billing address

• Delivery address (if different)

• Email address

• Phone number (if provided)

• Order details

• Payment reference data

Purpose:

• Contract processing

• Shipment of goods

• Invoicing

• Accounting

• Compliance with statutory retention obligations

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract)
Art. 6(1)(c) GDPR (legal obligation)

5. Payment Processing – Advance Bank Transfer

We offer bank transfer (advance payment) as the sole payment method.

For payment processing, we process:

• Account holder name

• IBAN

• Transfer amount

• Payment reference

• Booking date

This data is received via our account-holding bank for payment reconciliation.

No transfer of payment data to external payment service providers takes place.

6. Shipping Service Providers

For contract fulfillment, we transfer necessary data to shipping service providers.

Standard Shipping:

GLS

Express Shipping:

UPS

The following data may be transmitted:

• Name

• Delivery address

• Phone number (if required for delivery notification)

• Email address (if used for tracking)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

The respective privacy policies of the shipping providers can be found on their websites.

7. Cookies

Our website uses technically necessary cookies, particularly for:

• Shopping cart functionality

• Login area

• Order processing

• Language settings

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Additional cookies (e.g., analytics or marketing cookies) are used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

8. Data Retention

Personal data is stored only for as long as necessary for contract fulfillment or as required by statutory retention obligations.

Under Austrian commercial and tax law, retention periods generally amount to 7 years.

9. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

• Right to withdraw consent at any time

To exercise your rights, please contact us at the address provided above.

10. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Vienna
Austria

11. Data Security

We implement appropriate technical and organizational measures to protect your data against loss, destruction, or unauthorized access.

Our website uses SSL/TLS encryption.

12. Web Analytics with Google Analytics 4 (GA4)

This website uses Google Analytics in the version Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics 4 enables us to analyze the use of our website in order to technically and economically optimize our offering.

12.1 Nature and Scope of Processing

Google Analytics 4 uses cookies and comparable technologies (e.g., local storage) to collect information about user behavior.

In particular, the following data may be processed:

• IP address (shortened, see below)

• Device information (device type, operating system, screen resolution)

• Browser information

• Approximate location data (country/region)

• Referrer URL

• Pages visited

• Time spent on pages

• Click behavior

• Scroll behavior

• Date and time of access

• Event data

• Conversions

• Session data

Google Analytics 4 operates on an event-based tracking model. Direct personal identification by us does not take place.

12.2 IP Anonymization

IP anonymization is activated by default in Google Analytics 4.

Your IP address is shortened within the European Union or the European Economic Area before processing. A complete IP address is not permanently stored.

12.3 Purpose of Processing

Processing is carried out for the following purposes:

• Analysis of user behavior

• Reach measurement

• Improvement of user experience

• Optimization of our webshop

• Measurement of marketing effectiveness (if activated)

12.4 Legal Basis

Processing takes place exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 165(3) TKG 2021.

Google Analytics is not activated without your consent.

You may withdraw your consent at any time via our cookie consent tool with future effect.

12.5 Recipients and Data Processing Agreement

Google Analytics is used as a processor.

A Data Processing Agreement (Art. 28 GDPR) has been concluded with Google.

Processing generally takes place within the EU. However, a transfer to third countries, particularly the United States, cannot be entirely excluded.

12.6 Third Country Transfers

Data may be transferred to Google’s parent company in the United States.

Google relies on appropriate safeguards pursuant to Art. 46 GDPR, including:

• EU Standard Contractual Clauses

• Participation in the EU-US Data Privacy Framework (where applicable)

Despite these safeguards, it cannot be ruled out that US authorities may access data under certain legal conditions.

12.7 Storage Period

The retention period for user-related data in Google Analytics is set to [e.g., 14 months].

After expiry of this period, data is automatically deleted.

Aggregated and anonymized evaluations may be stored for longer periods.

12.8 Deactivation Options

You can prevent the storage of cookies by adjusting your browser settings.

Additionally, you can prevent the collection of your data by Google Analytics by:

• Withdrawing consent via our cookie banner

• Installing the Google Analytics opt-out browser add-on:
  https://tools.google.com/dlpage/gaoptout

12.9 No Data Merging

We do not merge collected data with other data sources.

If features such as Google Signals or cross-device tracking are activated, this will only occur based on separate consent.

13. Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy where necessary in order to adapt it to changed legal requirements or technical developments.