Legal
Privacy Policy
Lawful processing of personal data
Privacy Information for Customers and Shop Users
Your trust is important to us. We therefore take the legally required protection of personal data very seriously. The processing of your personal data is carried out in accordance with data protection regulations. The following privacy policy informs you about the most important aspects of the processing of personal data.
The controller within the meaning of the GDPR is
KHAN E-Commerce GmbH
A-4061 Pasching, Westbahnstraße 1
Telephone: +43 7221 88887, E-Mail: office@khan.at
Data Protection Contact:
Daniel Khan, B.Sc.
E-Mail: daniel.khan@khan.at
HOSTING AND SERVER LOCATION
All servers and services used to operate this website are located within the European Union:
- Web server and database – hosted in a European data centre
- Error monitoring (Sentry) – data centre in Germany
- Payment processing (Stripe) – Stripe Payments Europe, Ltd., Dublin, Ireland
WHY IS DATA PROCESSED?
You use our website, submit an enquiry by email, transmit your order as a customer, confirm our order as a supplier, send us your application etc.; in doing so you also provide personal data such as your name, contact details, billing and delivery address. We handle this data carefully. We store and process the personal data transmitted or disclosed to us to the extent necessary for the proper processing of your request and for business transactions.
Data is therefore processed for the purpose of customer, prospect and supplier/service provider management in the context of the initiation and execution of business relationships and to fulfil legal requirements. Data processing is based on contract, pre-contractual measures and legal bases (such as Art. 6(1) GDPR, § 96(3) TKG, § 132 BAO, §§ 190, 212 UGB). No automated decision-making (profiling) takes place.
HOW LONG IS DATA STORED?
Data is retained for the duration of the processing of your request or the duration of the contractual relationship and after its termination at least as long as statutory retention periods exist or limitation periods for potential legal claims have not yet expired. Retention periods are governed by various federal laws, for example in accounting a 7-year retention obligation under VAT law (§ 18(2) UStG), and in contract law a 10-year liability claim under § 13 PHG.
TO WHOM IS DATA TRANSFERRED?
Data is only passed on or accessed to the extent absolutely necessary and insofar as it is required for the processing of business transactions or is based on a legal basis.
Possible recipients include: departments of the company involved in operational or administrative business processing; service providers of the controller (e.g. tax consultants, transport/shipping companies, document destruction companies) as well as authorities, legal representatives or companies acting as data processors in the context of IT infrastructure.
Under no circumstances will your data be passed on to third parties for advertising purposes or similar. No transfer of personal data to recipients in a third country outside the EU or to an international organisation is planned. No personal customer data is transferred to our production facility in Pakistan.
WHAT DATA IS STORED WHEN USING THE WEBSITE?
When you use our website, data that your browser automatically transmits is collected in server log files by the page provider – this includes: browser used, operating system, IP address, source/referrer, and the date and time of access.
The website uses cookies. These are small text files that are stored on your device with the help of the browser. They do no harm. The setting of cookies that are necessary for the performance of electronic communication processes or for the provision of desired functions is carried out pursuant to Art. 6(1)(f) GDPR. You can set your browser to reject cookies; please note that disabling cookies may restrict functionality.
For your order and for subsequent contract processing, your first and last name, email address, billing and delivery address, and telephone number are stored. Data that is absolutely necessary for delivery will be passed on to third-party service providers. Once the storage of your data is no longer required or legally mandated, it will be deleted.
The data you provide is required for the fulfilment of the contract. Data processing is based on Art. 6(1)(a) (consent) and/or (b) (necessary for contract performance) GDPR.
WEB ANALYTICS AND CONVERSION MEASUREMENT
We use Google Analytics 4 on our website to analyse and improve website usage. We use Google Consent Mode v2 together with a cookie consent banner:
Without your consent (default setting), all tracking functions are disabled:
- Ad storage (ad_storage): denied – no advertising cookies are set.
- Ad user data (ad_user_data): denied – no user data is transmitted to Google Ads.
- Ad personalisation (ad_personalization): denied – no personalised advertising.
- Analytics storage (analytics_storage): denied – no analytics cookies.
With your consent (via the cookie banner), all four categories are enabled. This allows:
- Anonymised visitor recognition through Google Analytics
- Attribution of advertising conversions (which ad led to a purchase)
- Display of more relevant advertising based on your visit
You can withdraw your consent at any time by deleting your browser cookies. On your next visit, the cookie banner will be displayed again. Consent is automatically renewed after 12 months.
Upon completing a purchase – even without cookie consent – an anonymised identifier (hashed email address) is transmitted to Google Ads to measure the effectiveness of our advertisements (Enhanced Conversions). This is based on Art. 6(1)(b) GDPR (contract performance). Your email address itself is never shared.
Data processing within Google Analytics is based on Art. 6(1)(a) GDPR (consent via the cookie banner).
We also use Plausible Analytics, a privacy-friendly analytics service that operates entirely without cookies and does not store any personal data.
For the detection and resolution of technical errors, we use Sentry. Sentry captures error messages, browser information and page URLs at the time of an error. No personal data (e.g. IP addresses, names or email addresses) is transmitted to Sentry. Processing takes place on servers within the EU (Sentry data centre in Germany).
PAYMENT PROCESSING
For payment processing we use Stripe (Stripe Payments Europe, Ltd., Dublin, Ireland). Stripe sets technically necessary cookies for fraud prevention and secure payment processing. Processing is based on Art. 6(1)(b) GDPR (contract performance). Further information can be found in Stripe's privacy policy.
COOKIES OVERVIEW
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
shopAccessToken | Authentication (login) | 7 days | Essential |
lang | Language preference | 1 year | Essential |
_ga, _ga_* | Anonymised visitor recognition (Google Analytics) | 2 years | Analytics (with consent) |
_gcl_au | Google Ads conversion linker | 90 days | Advertising (with consent) |
__stripe_sid, __stripe_mid | Payment processing and fraud prevention | Session / 1 year | Essential |
In addition, functionally necessary data is stored in your browser's local storage (e.g. cart contents, size preference, cookie consent choice). This data serves exclusively functional purposes and does not contain personal data.
YOUR RIGHTS AND CONTACT
As a data subject, you generally have the right to access, rectification, erasure, restriction and objection. If you have questions about the processing of your personal data, please contact us directly:
Daniel Khan, B.Sc.
Data Protection Contact
KHAN E-Commerce GmbH
A-4061 Pasching, Westbahnstraße 1
E-Mail: daniel.khan@khan.at
If you believe that the processing of your data violates data protection law, you can lodge a complaint with the supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Web: www.dsb.gv.at
Last updated: 25 March 2026