Privacy policy

Privacy Policy

We are delighted that you are interested in our online shop. The protection of your privacy is very important to us. Below we provide detailed information about how we handle your data. Personal data is any data by which you can be personally identified.

Controller
The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
TUX Smoking GmbH
Herbststraße 53/28
1160 Vienna, Austria
E-mail: info@hybrid-filter.com

SSL / TLS Encryption
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to us), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string "https://" and the padlock symbol in your browser bar.

Data Collection When Visiting Our Website (Server Log Files)
When you use our website for information purposes only, we collect only the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following technically required data:

  • Website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (where applicable in anonymised form)

Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. We reserve the right to check the server log files subsequently if there are concrete indications of unlawful use.

Shopify as Processor
Our online shop operates on the Shopify platform. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. As a processor, Shopify processes personal data (e.g. order data, customer data) on our behalf. A data processing agreement pursuant to Art. 28 GDPR is in place with Shopify. Further information on data protection at Shopify can be found at: https://www.shopify.com/legal/privacy

Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies. These are small text files that are stored on your device.

We distinguish between technically necessary cookies, which may be set without your consent, and optional cookies (e.g. for analytics or marketing), which we only set after your explicit consent via our cookie banner. You can withdraw your consent at any time with effect for the future.

The legal basis for technically necessary cookies is Art. 6 (1) (f) GDPR (legitimate interest). The legal basis for all other cookies is Art. 6 (1) (a) GDPR (consent).

For information on how to manage, restrict or delete cookies in your browser, please refer to the help pages of your respective browser (e.g. Google Chrome, Mozilla Firefox, Safari or Microsoft Edge). Please note that the functionality of our website may be limited if cookies are not accepted.

Cookie Consent Management (Consentmo)
We use the consent management tool Consentmo to manage your cookie consent. Via the cookie banner you can decide for yourself which categories of cookies and services you allow. Your choice is stored so that the banner does not reappear on a subsequent visit. You can change or withdraw your settings at any time via the cookie management link or icon on our website. The data required for this is processed in order to fulfil our legal obligation to obtain and document valid consent (Art. 6 (1) (c) GDPR) and on the basis of our legitimate interest in legally compliant consent management (Art. 6 (1) (f) GDPR).

Contacting Us
When you contact us (e.g. by contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for making contact and the associated technical administration. The legal basis for the processing is Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6 (1) (b) GDPR. Your data will be deleted after the final processing of your enquiry, provided that no statutory retention obligations apply.

Data Processing When Opening a Customer Account and for Contract Processing
In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed when you provide it to us for the performance of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You may delete your customer account at any time by sending a message to the controller's address stated above. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data.

Data Processing for Order Processing
The personal data we collect is passed on to the transport company commissioned with delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. The legal basis for the transfer of data is Art. 6 (1) (b) GDPR.

E-mail Newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you a newsletter once you have expressly confirmed that you consent to receiving it. We send you a confirmation e-mail with which you confirm, by clicking on a link, that you wish to receive newsletters in future.

By activating the confirmation link, you give us your consent in accordance with Art. 6 (1) (a) GDPR. When you register, we store your IP address as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to info@hybrid-filter.com. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately.

Use of Social Media (Instagram)
Our website contains links to the Instagram profile of TUX Smoking GmbH. The operator of Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We do not use directly embedded social plugins that automatically transmit data to Meta/Instagram when the page is accessed. Data is only transmitted to Instagram if you actively click on the corresponding link and are redirected to Instagram. Meta Platforms Ireland Limited is responsible for data processing by Instagram/Meta. Further information can be found in Instagram's privacy policy: https://help.instagram.com/155833707900388/

Google Consent Mode
To control consent for Google services (e.g. Google Analytics, Google Ads), we use Google Consent Mode. This adjusts the behaviour of the Google tags to the choice you have made via our cookie banner. As long as you have not given consent, the Google tags do not set any cookies usable for analytics or advertising purposes; however, cookieless signals not suitable for direct identification (e.g. whether consent exists) may be transmitted to Google. The Google services are only fully activated after your consent.

Google Analytics
This website uses Google Analytics (version Google Analytics 4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of our website. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there.

With Google Analytics 4, IP addresses are shortened or not logged by Google by default, so that direct identifiability is reduced. A transfer of data to Google servers, including in the USA, cannot be entirely ruled out.

Google Analytics is only used after your explicit consent in accordance with Art. 6 (1) (a) GDPR, which you can give via our cookie banner. You can withdraw your consent at any time with effect for the future.

For data transfers to the USA, we rely on the EU Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR and on the EU-US Data Privacy Framework (DPF), provided that Google is certified for this. Further information can be found at: https://policies.google.com/privacy

Google Ads – Conversion Tracking and Remarketing
This website uses Google Ads, an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads, we use conversion tracking and remarketing. Conversion tracking allows us to recognise whether a user has carried out a certain action (e.g. a purchase) after clicking on one of our ads. Through remarketing, interest-based ads about our products can be shown to you on third-party websites within the Google advertising network. For this purpose, cookies and comparable technologies are used and an identifier of your browser or device may be processed.

Google Ads is only used after your explicit consent in accordance with Art. 6 (1) (a) GDPR, which you can give via our cookie banner. You can withdraw your consent at any time with effect for the future.

For data transfers to the USA, we rely on the EU Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR and on the EU-US Data Privacy Framework (DPF), provided that Google is certified for this. Further information can be found at: https://policies.google.com/privacy

Contentsquare
This website uses Contentsquare, a tool for analysing user behaviour, provided by Contentsquare SAS, 7 Rue de Madrid, 75008 Paris, France. Contentsquare records mouse movements, clicks, scrolling behaviour and other interactions on our website in anonymised form in order to improve usability. No personal data such as names or e-mail addresses is collected.

Contentsquare is only used after your explicit consent in accordance with Art. 6 (1) (a) GDPR, which you can give via our cookie banner. You can withdraw your consent at any time with effect for the future.

As Contentsquare is a French company and therefore based in the EU, no data is transferred to third countries. Further information can be found in Contentsquare's privacy policy: https://contentsquare.com/privacy-center/

YouTube Videos
We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played from our website. The operator of the YouTube platform is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

We embed YouTube videos in such a way that no connection to YouTube is established when the page is merely accessed. Data is only transmitted to YouTube/Google once you actively start the video by clicking on it. When playing, at least the following data is transmitted to Google: IP address, the specific address of the page accessed on our site, system date and time of access, and the identifier of your browser. This takes place regardless of whether you have a Google user account or are logged in.

YouTube or Google stores this data as user profiles and may use it for the purposes of advertising, market research and/or the needs-based design of its websites. The legal basis for processing is Art. 6 (1) (a) GDPR (consent). You can withdraw your consent at any time. Please note that US authorities may potentially gain access to this data on the basis of the Cloud Act. Further information can be found at: https://policies.google.com/privacy

Spotify
We use functions of the music service Spotify provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. When you visit our website, a direct connection between your browser and a Spotify server may be established via Spotify. Spotify thereby receives your IP address, the time of access, the page visited and information about your browser configuration.

If you use functions of Spotify while logged in to your Spotify user account, Spotify can associate your visit to our pages with your user account. If you do not want this, please log out of your Spotify user account. The legal basis for processing is Art. 6 (1) (a) GDPR (consent). Further information can be found in Spotify's privacy policy: https://www.spotify.com/legal/privacy-policy/

jQuery JavaScript Library
This website uses the jQuery library for JavaScript functions. This is provided locally on our server, so that no data is transmitted to external servers. Your IP address is not transmitted to third parties.

Product Reviews (Judge.me)
To display and manage product reviews, we use the service Judge.me provided by Judge.me Limited. When reviews are displayed, technical usage data (e.g. review elements accessed, device and browser information) may be processed in order to provide and evaluate the function. Insofar as more than purely technically necessary processing takes place, this is carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Otherwise, we base the display of reviews on our legitimate interest in a meaningful product presentation in accordance with Art. 6 (1) (f) GDPR. A transfer of data to third countries cannot be ruled out; where necessary, we rely for this on the EU Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR.

Functional Extensions of Our Online Shop
To extend the functions of our online shop, we use third-party applications that are integrated into our Shopify shop. These include in particular functions for product bundles/quantity discounts, upselling/cross-selling and gift promotions. As part of these functions, technical data (e.g. device and browser information, products in the shopping cart) may be processed in order to provide the respective function.

Insofar as the processing is technically necessary for the operation of the shop, it is carried out on the basis of our legitimate interest in a functional and user-friendly online shop in accordance with Art. 6 (1) (f) GDPR. Insofar as analytics or marketing functions are used, processing is only carried out after your consent in accordance with Art. 6 (1) (a) GDPR via our cookie banner.

Providers used:

  • Upselling/cross-selling function (Selleasy): Logbase Technologies LLP, PSG STEP E-Lab, PSG College of Technology, Peelamedu, Coimbatore, TN 641004, India
  • Gift promotion function (Gift Box): Digismoothie s.r.o., Czech Republic
  • Product bundle/quantity discount function (bundle service, technically provided via nice-team.net)

Google reCAPTCHA
On this website we use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This function serves to distinguish whether an input is made by a natural person or improperly by automated processing. The service includes sending the IP address and, where applicable, further data to Google and is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in preventing misuse and spam.

Google Ireland Limited is a subsidiary of Google LLC (USA). For data transfers to the USA, we rely on the EU Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR and on the EU-US Data Privacy Framework (DPF), provided that Google is certified for this.

Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://policies.google.com/privacy

Ubersuggest (Neil Patel Analytics)
This website uses Ubersuggest, an SEO and analytics tool from Neil Patel Digital LLC, 1930 Village Center Circle #3-6639, Las Vegas, NV 89134, USA. Ubersuggest may collect usage data and technical information via embedded scripts in order to enable SEO analyses and website performance evaluations.

Ubersuggest is only used after your explicit consent in accordance with Art. 6 (1) (a) GDPR, which you can give via our cookie banner. You can withdraw your consent at any time with effect for the future.

For data transfers to the USA, we rely on the EU Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR. Further information can be found at: https://neilpatel.com/privacy-policy/

Rights of the Data Subject
The applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data:

  • Right of access pursuant to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of data processed, recipients, the planned storage period, and the existence of further data subject rights.
  • Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of incorrect data or completion of incomplete data.
  • Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data, provided that the legal requirements are met.
  • Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data.
  • Right to information pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom your data has been disclosed accordingly.
  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request its transfer to another controller.
  • Right of withdrawal pursuant to Art. 7 (3) GDPR: You have the right to withdraw consent given at any time with effect for the future.
  • Right to lodge a complaint pursuant to Art. 77 GDPR: You have the right to lodge a complaint with the competent data protection supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.

Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE SCOPE OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THIS PROCESSING. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

Duration of Storage of Personal Data
The duration of storage of personal data is determined by the respective statutory retention period (e.g. commercial and tax retention periods of 7 years in Austria). After the period has expired, the corresponding data is routinely deleted, provided it is no longer required for the performance or initiation of a contract and no legitimate interest in further storage continues to exist.

Last updated: June 2026