Privacy policy

Privacy policy (processing of customer data)

We take the protection of personal data very serious and therefore want to make the processing of your data open and transparent.

1. Who is responsible for data processing?

In accordance with the applicable data protection law, the Austrian Company BMK Handels- und Vertriebs GmbH is responsible for the processing of the data transmitted by you.

BMK Handels- und Vertriebs GmbH

Schuhfabrikgasse 17/2

1230 Vienna


Tel: +43 (0) 1 803 87 67 – 0
Fax: +43 (0) 1 803 87 58

Company register: 1010 Wien, FN 187544a
Chamber of commerce: Wien, Sektion Handel

VAT: ATU 47961102


Terms such as „us“, „we“ or „BMK“ refer to the above mentioned Company. Our data security officer can be contacted via or via the above named postal address.


2. What data is processed?

2.1. When you visit our website:

Our PoPoLini-Onlineshop can be visited at any time without giving any information about your personal details. In this case, the technical access data stored by your browser automatically as part of page views will be transmitted to our server. These access data include the following information:

–          Date and time of your access

–          Address of the visited website

–          Content of the requested files (addresses and designations)

–          Online identifiers, such as IP address, device ID, session IDs

–          Possible error reports

–          The previously accessed page from which you were redirected to our online shop.


Our website uses Google Analytics. More information can be found at point 5.

Furthermore, we collect all those data which you actively disclose while using the functions provided during your visit at our PoPoLiNi online shop. For example we learn which article you are interested in, if you put it on your wish list.


2.2 Use of cookies

We use cookies in our online shop. These may be cookies set by us. A cookie is a standardized text file that is saved by your browser for a period of time (validity period) specified by the respective provider. Cookies allow the local storage of information, such as language settings, shopping basket contents and temporary identification features, which can be queried on subsequent visits to the website in order to reload the relevant settings. However, stored cookies can be viewed and deleted in the security settings of your browser. Furthermore, you can configure your browser settings to your wishes and thus refuse acceptance of cookies. We point out, however, that in this case you may not be able to use all the features of our online shop.


2.3. Create a PoPoLiNi customer account:

To place an order, a specific customer account is not needed. Orders can also be placed as guests. Registering in our online shop, however, can make future purchases easier for you and make an individual and easier shopping experience possible. For example, on your next order, the address data will be preselected for the selected payment method. With the customer account, we can also collect your data (such as order data, delivery data, wish lists of the products you specify) in our customer database and display personalized product recommendations that are aligned with your previous purchasing interests.

If you register in our online shop, we will create a password-protected direct access to your stored master data (e.g. name, address, date of birth, telephone number, e-mail address), order data (e.g. ordered products, article numbers, sizes) and other information (e.g. wish list products). The mandatory fields required for registration are identified separately, e.g. with a star (“*”). Voluntary information is requested for personalized offers, for example. In addition, we point out that, for security reasons, we will temporarily save the IP address you sent when registering.

You can edit and delete your PoPoLiNi customer account and the information stored therein at any time. To delete your customer account, please send us an informal message by e-mail to, by post at the above mentioned address or by using our contact form. Please note, the deletion of the customer account does not automatically extend to the already completed order transactions and the personal data stored for this purpose. Please note the point “How long will my data be stored?”

2.4. order process at the PoPoLiNi online shop:

In addition to the products you order, we collect data directly related to the execution of your order. These include in particular:

–          Information on the ordered products (e.g. article name, article number, size)

–          Your E-Mail address

–          Billing as well as delivery address

–          Payment details

–          Details on returns and complaints (e.g. reasons for returns and complaints)

–          Order number

–          Tracking numbers of shipping providers (e.g. DPD parcel service, GLS Austria)


2.5. Contacting us:

If you contact us via our contact form, by e-mail, by telephone or in any other way, depending on which contact medium you use) we will collect the resulting data (e.g., e-mail address, telephone number, address) and your message.

We also use the social networking platforms (e.g., Facebook) to communicate with our customers. Please note that we have no influence on the terms of use of the social networks and their data processing practices. Please check carefully which personal data you submit to us via the social networks.


2.6. subscription our Newsletter

Once you have subscribed to the PoPoLiNi newsletter, we will store any information you have provided for this purpose (such as name, gender, e-mail address, date of birth) for the purpose of sending newsletters.

We need this information to send and personalize our newsletter. Voluntary information is also used to personalize the newsletter.

In order to prevent the misuse of e-mail addresses, we usually ask you, with an automated process by e-mail, to confirm the application you have made. Your registration and, if applicable, the confirmation will be logged, and the IP address used for this purpose can be documented.

You can unsubscribe from PoPoLiNi newsletter at any time. To unsubscribe, you can use the unsubscribe link in each newsletter or our contact form.

3. For what purposes is your data used?

3.1. Provision of the PoPoLiNi online shop:

When you visit our PoPoLiNi-Onlineshop, we process the resulting access data from you (for example, server log files and cookies). This allows us to provide our website and the content and features you request, and to ensure the stability and security of our IT systems and databases.

Legal basis: If you use the PoPoLiNi online shop with your customer account, the legal basis is Article 6 (1) (b) of the GDPR (contract performance and pre-contractual measures).

If you use the PoPoLiNi online shop without registration, the legal basis is Article 6 (1) (f) of the GDPR (weighing our interests based on our above-mentioned legitimate interests).

As soon as you consent to our data processing, the primary legal basis is your consent (Article 6 (1) (a) of the GDPR).

3.2. Contract fulfilment (settlement of purchase)

We process your data for the execution of the contracts concluded with you as well as for the fulfilment of your desired services. The purposes are primarily based on the specific contract contents or on the services required from you. For details regarding the terms and conditions, you can always refer to our terms and conditions, for example.

For example:

–        Data for setting up and providing your customer account

–        Data for the execution of purchase contracts

–        Data for the implementation of raffles

–        Communication with you regarding contract-relevant changes, safety instructions,…

Legal basis: Article 6 (1) (b) of the GDPR (contract performance and pre-contractual measures).

3.3 Personalizing our PoPoLiNi online shop

Information that we receive from you regarding your shopping experience enables us to continuously improve our service and make it more customer-friendly and personal for you. The information you provide us with (such as your master-, order-, access data, search details or even your personal wish list) will be used by us to adapt the content of our online shop to your needs and further develop it. This will help us to provide you a better service (for example, in a search we can highlight those products that fit your wish list or products that you often consult).

Furthermore, we also use this information for individual product recommendations, as far as they are part of the personalized service offer or advertising addressed directly to you (e.g. newsletter, customer account).

Legal basis: If you use the PoPoLiNi online shop with your customer account, the legal basis is Article 6 (1) (b) of the GDPR (contract performance and pre-contractual measures).

If you use the PoPoLiNi online shop without registration, the legal basis is Article 6 (1) (f) of the GDPR (weighing our interests based on our above-mentioned legitimate interests).

As soon as you consent to our data processing, the primary legal basis is your consent (Article 6 (1) (a) of the GDPR).

You don’t want the usage of your data for personalization?

If you do not want to use your master, order and access data to personalize our online shop during your visit, you can always unsubscribe from your personal customer account and use the PoPoLiNi online shop as a guest. Thus, the data is no longer used in personalization. As a guest, the personalization takes place exclusively on the basis of your access data, which we record during the web analysis (point 5) during the visit to our online shop.

If this is not desired, you can deactivate personalization at any time based on your access data by deactivating the web analysis services mentioned under point 5.

Detailed information on your privacy rights and options can be found under point 9 What your privacy rights are and under point 10 your rights of revocation and rights of appeal.

3.4. Communication and customer service for existing customer relationships

We process your data to carry out our customer service. This includes for example:

– The processing of your concerns, inquiries by our customer service

– Non-promotional communication with you (e.g., safety advice, advice)

Legal basis: Article 6 (1) (b) of the GDPR (contract performance and pre-contractual measures)

3.5. Payment process

Depending on what has been agreed on the payment, we will give the relevant payment processing data to the authority responsible for payment service. In part, the payment service providers also collect this data on their own responsibility. To this extent, the privacy policies of the respective payment service provider apply.

Your data is transmitted to external payment service providers on the basis of Article 6 paragraph 1 letter b of the DSCVO (contract performance).

3.6. Permitted processing of your data

As far as you have consented to the processing of your personal data for certain purposes, the legal basis of the data processing for these specific purposes is your prior consent (Article 6 (1) (a) of the GDPR).

Revocation of consent

In accordance with Article 7 (2) of the GDPR, you have the right to revoke the consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Store Locator

Our website uses the Google Maps mapping service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter “Google”) for the store locator feature. In order for the Google maps service we use, it must be included and displayed in your web browser, your web browser must be able to connect to the Google server, which may be located in the US when you visit the contact page. In the event that personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield. Google receives information that the contact page of our website has been accessed from the IP address of your device.

In the store locator, you can also use location data to search for PoPoLiNi shops or partners nearby and have them displayed in Google Maps. You can enter any address data (for example, country, zip code, city) in the search field. If you only want to search for stores in your current environment, you can also use the Store Finder’s automatic locate feature by clicking the “Nearby stores” button. This will enable the HTML5 geolocation feature for automatic location discovery, which is supported by all major browsers. Before your browser performs the location, you must explicitly allow this again for privacy reasons by clicking again. Depending on which browser and which device you use, your IP address, received signals from Wi-Fi networks and – especially if you use a mobile device, GPS and mobile radio signals – are used for the subsequent location. The address data entered by you in the search field of the store search or the location automatically determined by your browser are transmitted to Google via an interface so that the PoPoLiNi shops or partners found in the vicinity can be displayed on the map of Google Maps.

If you visit the Google Maps service on our website while logged in to your Google profile, Google may also link this event to your Google profile. If you do not want to be associated with your Google profile, you’ll need to log out of Google before using our store locator. Google stores your data and uses it for advertising, market research, and personalized viewing of Google Maps. You may object to this data collection against Google.

Please have a look at the Google Privacy Policy and the Google Maps Additional Terms of Use for more information.

The legal basis for this data processing is Article 6 (1) (f) of the GDPR, based on our legitimate interests in providing the store locator described above.

5. Web analytics

5.1. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. You can prevent the installation of cookies by setting your browser software accordingly; however, please be aware that if you do this you may not be able to use the full functionality of this website.

By using this website, you consent to the processing of your data by Google in the manner and for the purposes set out above.

You can object to the collection and storage of your data at any time with effect for the future. In view of the discussion about the use of analysis tools with complete IP addresses, we would like to point out that in order to exclude a direct personal preferentiality, IP addresses are only shortened on this website because we use Google Analytics with the extension “_anonymizeIp ()”.

In addition, you may prevent the registration by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install:


6. Online advertisement

6.1. Facebook

Our websites use so-called conversion and retargeting tags (also known as “Facebook pixels”) from the Facebook social network, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA (“Facebook”) for marketing purposes. We use Facebook pixels to analyze the general use of our websites and to track the effectiveness of Facebook advertising (“conversion”). In addition, we use the Facebook pixels in order to play individualized advertising messages based on your interest in our products (“retargeting”). Facebook processes data that the service collects via cookies and similar technologies on our websites.

The resulting data in this context can be transmitted from Facebook for evaluation to a server in the US and stored there. In the event that personal information is transferred to the US, Facebook has submitted to the EU-US Privacy Shield.

If you are a member of Facebook and have allowed Facebook via the privacy settings of your account, Facebook can also link the information collected regarding your visit at us to your member account and use it for the targeted placement of Facebook Ads. The privacy settings of your Facebook profile can be viewed and changed at any time. If you are not a Facebook member, you can prevent the processing of data by Facebook by pressing the deactivate button for the provider “Facebook” on the external TrustArc opt-out website. You can still prevent data processing by clicking on the following button.

If you disable data processing through Facebook, Facebook will only display general Facebook ads that will not be selected based on information collected about you.

More information can be found in the data policy of Facebook.

7. Whom will my data be shared with?

Your data will only be disclosed if:

–        you have given your express consent in accordance with Article 6 (1) (a) GDPR,

–        Disclosure under Article 6 (1) (f) of the GDPR is required to assert, exercise and defend legal claims, and there is no reason to believe that you have an overriding interest in the protection of your data and its disclosure.

–        We are legally obliged to disclose it in accordance with Article 6 paragraph 1 letter c or e of the GDPR, especially if we have to provide information to an authority,

–        The transfer is legally permissible and, according to Article 6 paragraph 1 letter b of the GDPR, necessary for the execution of contractual relationships with you as well as the execution of pre-contractual measures, which take place at your request.


Part of the data processing described in our privacy policy may be performed on our behalf by external service providers. In addition to the aforementioned external service providers, this may include consulting firms.

If we pass on data to our service providers, they may only use the data to fulfill their tasks. Processing of your data by the commissioned service providers takes place within the framework of order processing in accordance with Article 28 of the GDPR. The service providers are carefully selected and commissioned by us. They are contractually bound by our instructions and have appropriate technical and organizational measures to protect the rights of the persons concerned and are controlled by us.

If we pass on your data beyond this privacy policy to a service provider located outside the European Economic Area, we will inform you separately about this fact and how the data transfer is protected. If you wish to receive copies of the warranties in this case, please contact our data protection officers.

8. For how long will your data be stored?

Unless other information is given in our privacy policy, we keep your data only as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data were originally collected, or we have a legitimate interest in the continued storage ,

In all other cases, we will delete your personal information except for any information we may need to keep to comply with statutory retention periods. However, in these cases we restrict processing, i.e. your data will only be used to comply with legal obligations.

Upon termination or deletion of your personal account in our online shop, we will delete all data stored about you. If a complete deletion of your data for legal reasons is not possible or necessary, the data in question will be restricted for further processing. As a rule, your order and payment data and possibly other data are subject to the statutory retention obligation of the Commercial Code and the Tax Code. We are therefore obliged to keep this data for up to 10 years.

Even if your data is not subject to any legal storage obligation, we can refrain from deletion in the legally permitted cases and instead block the customer’s account. This applies in particular to cases in which we may still need the relevant data for further contract execution or legal action or defence. Decisive for the duration of the lock are the statutory limitation periods.

9. What are your privacy rights?

To assert your statutory privacy rights described below, you may contact our Privacy Officer at any time, as described in Section 1 “Who is responsible for data processing?”.

You have the right to request information about the processing of your personal data by us at any time. As part of the provision of information, we will explain the data processing and provide you with an overview of the data stored about you.

If we have stored incorrect or outdated data, you have the right to have this data reported.

You can also request the deletion of your data. If the deletion due to legal regulations is not possible in exceptional cases, the data will be blocked, so that they are only available for this legal purpose.

Furthermore, you may restrict the processing of your personal information (for example, if you believe that the information we hold about you is incorrect).

You have the right to data portability, which means that upon request, we will send you a digital copy of the personal information you provide.

You also have the right to complain to the Data Protection Inspectorate. The supervisory authority responsible for this is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna.

10. Which right of revocation and contradiction do you have?

You would like to exercise your subsequent right of revocation and contradiction? All you need to do is send an informal message (for example by e-mail, telephone, post or via our contact form) to the contact details listed in point 1.

Revocation of consent

In accordance with Article 7 (2) of the GDPR, you have the right to revoke the consent once given to us at any time. As a result, we will not continue the data processing based on this consent for the future. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Repeal to the processing of your data

Insofar as we process your data on the basis of legitimate interests in accordance with Article 6 (1) (f) of the GDPR, you have the right to object to the processing of your data in accordance with Article 21 of the GDPR, provided that there are reasons for this arising from your particular situation or the opposition is directed against direct mail. In the latter case, you have a general right of objection that is implemented by us even without giving reasons.

11. Data security

We maintain reasonable technical measures to ensure data security, in particular to protect your data from the dangers of data transmissions and from unauthorized access by third parties. These are adapted to the current state of the art.

12. Change of privacy policy

Occasionally we update our privacy policy (for example, if we change our site or change governmental or regulatory requirements). Significant changes will be documented in this privacy policy and the approval of our customers.