Privacy Policy
Introduction
In this privacy policy, we outline our approach regarding the data collected from users who access this website or provide us with personal data in any other way.
The protection of your personal data is a priority for us. We process your data exclusively on the basis of legal regulations (GDPR, TKG 2003). In this privacy information, we inform you about the most important aspects of data processing within the framework of our website.
Competent authority within the meaning of the General Data Protection Regulation (GDPR): Austrian Data Protection Authority.
Last updated: 05.02.2026
User Rights
You have the following rights:
Right of Access
Request confirmation as to whether and to what extent your personal data is being used and processed, as well as access to the personal data stored about you and additional information.
Data Portability
Request a copy of the personal data you have voluntarily provided to us in a structured, commonly used, and machine-readable format.
Right to Rectification
Request a correction of the personal data we have stored about you.
Right to Erasure
Request the deletion of your personal data.
Right to Object
Object to the processing of your personal data by us.
Right to Restriction
Request the restriction of the processing of your personal data by us.
Right to Lodge a Complaint
Lodge a complaint with a supervisory authority.
Important Notice
Please note, however, that these rights are not unconditional; they are subject to our own legitimate interests and regulatory requirements.
Should you have any questions about this privacy policy or believe that there are violations of data protection law, please contact us directly by email at [email protected] with the subject "Data Protection," or feel free to call us so that we can resolve the matter together.
Storage
We store your personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our policies. Retention periods depend on the type of data collected and the purpose for which it was collected, taking into account both case-specific circumstances and the necessity to delete outdated, unused information as soon as possible. Records containing personal data of clients, account setup documents, communications, and other data are stored in accordance with applicable laws and regulations.
Data Correction
We will correct, complete, or remove incomplete or incorrect data at any time.
Basis for Data Collection
The processing of your personal data (i.e., any data that allows your identification by reasonable means; "personal data") is necessary to fulfill our contractual obligations to you and to provide you with our services, protect our legitimate interests, and comply with legal and financial regulatory obligations to which we are subject.
What Data is Collected?
We collect two types of data and information from users.
Non-Personal Data
The first category includes non-identifying and non-identifiable user data provided or collected through the use of the website ("non-personal data"). We do not know the identity of the user from whom non-personal data was collected.
Non-personal data that may be collected includes aggregated usage data and technical data transmitted by your device, including certain information regarding software and hardware (e.g., the browser and operating system used on the device, language setting, access time, etc.). We use this data to improve the functionality of our website.
We may also collect data about your activity on the website (e.g., pages viewed, browsing behavior, clicks, actions, etc.).
Personal Data
The second category includes personal data—that is, data that identifies an individual or can identify them through reasonable measures.
Device Data: We collect personal data from your device. Such data includes geolocation data, IP address, unique identifiers (e.g., MAC address and UUID), and other data resulting from your activity on the website.
How Do We Obtain Data About You?
We receive data when you use our website or access it in connection with one of our services. By accessing this website, your access data is automatically collected and stored. This includes your IP address. The process is technically necessary and thus represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
Voluntary Provision of Data
You provide data to us voluntarily when you contact us. In this case, the legal basis is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR.
How is the Data Used? To Whom is the Data Disclosed?
No Disclosure to Third Parties
We do not share user data with third parties except as described in this privacy policy.
We use data for the following purposes:
- Service Provision: Personal data we receive from you within the scope of our services is treated as strictly confidential and in accordance with legal requirements, and processed exclusively to provide our services. This also applies to processing operations required to carry out pre-contractual measures. The legal basis for this is Art. 6 Para. 1 lit. a GDPR (consent) or Art. 6 Para. 1 lit. b GDPR (contract performance).
- Contact Inquiries: If you contact us, the associated personal data will be processed to handle the inquiry and for the duration of our contractual relationship, plus the legally prescribed retention period. The legal basis for this is Art. 6 Para. 1 lit. a GDPR (consent) or Art. 6 Para. 1 lit. b GDPR (contract performance), as well as Art. 6 Para. 1 lit. c GDPR (legal obligation). If no business relationship develops from your contact inquiry, your personal data will be deleted after six months at the latest.
-
Legal Disclosure: We may also disclose data if we believe in good faith that it is helpful or appropriate to:
- (i) comply with applicable laws, regulations, legal proceedings, or official requests;
- (ii) enforce our policies (including our agreement) and investigate possible violations thereof;
- (iii) investigate, detect, prevent, or take action against illegal activities or other misconduct, suspected fraud, or security issues;
- (iv) assert or enforce our own legal claims or defend ourselves against the claims of others;
- (v) protect the rights, property, or safety of our business, our users, you, or third parties; or to
- (vi) cooperate with law enforcement authorities and comply with applicable laws and regulations.
Security
We take industry-standard physical, technical, and administrative security measures to protect personal data. However, we unfortunately cannot guarantee absolute data security. Therefore, while we strive to protect your personal data, we cannot guarantee the unconditional security of information you provide to us or through our services.
Disclaimer
We cannot be held responsible for the actions of those who have gained unauthorized access to our website or misuse it, and we provide no express or implied warranty that we can prevent such access.
Links
Please note that links found on this website lead in part to external pages with independent privacy policies, for which we assume no liability.
Specifically, there are links to our profiles on Facebook and Instagram. Please consider the privacy settings of the respective platform, which we cannot influence, and only use this option if you agree with the privacy settings of the respective platform.
The entity responsible for data processing for Facebook and Instagram within Europe is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, Ireland.
There, you can also find further information regarding your respective rights and settings options for protecting your privacy.
Elfsight
We use the Elfsight plugin to display Google reviews. It loads images directly from Instagram. All other data is collected on the server side and cached. When you, as a visitor to our website, load the content, it is loaded from Elfsight's cache for the Instagram feed. No personal data is collected for this data request.
Responsible Party
The entity responsible for data processing is Elfsight, LLC, 0015, Armenia, Yerevan, Paronyana str., 19/3, 201.
Further information on data protection can be found at: https://elfsight.com/privacy-policy/
Google Analytics / Web Analysis
This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). We have concluded a corresponding contract for order data processing with the provider. The relationship with the web analysis provider is based on the adequacy decision of the European Commission ("Privacy Shield"). Data processing takes place on the basis of the legal provisions of § 96 Para. 3 TKG as well as Art. 6 Para. 1 lit. a (consent) and f (legitimate interest) of the GDPR.
Cookies
Google Analytics uses so-called "cookies," text files stored on your computer that enable an analysis of your use of the website. You can prevent this by setting up your browser so that no cookies are stored. However, we point out that in this case, you may not be able to fully use all functions of this website.
The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators, and to provide other services related to website use and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Google will in no case associate your IP address with other Google data.
By using this website, you agree to the processing of data collected about you by Google in the manner described above and for the aforementioned purpose. Consent to data collection and storage can be revoked at any time with effect for the future.
IP Anonymization
This website uses Google Analytics with the extension "_anonymizeIp()," which means that IP addresses are only processed in shortened form to exclude direct personal identification.
Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de
Further Information: https://www.google.com/privacy/privacy-policy.html
Google Tag Manager
The Google Tag Manager service is used on our website.
Tag Manager is a service that allows us to manage website tags via an interface. This allows us to integrate code snippets such as tracking codes or conversion pixels into websites without interfering with the source code. Data is only forwarded by the Tag Manager; it is neither collected nor stored. Tag Manager itself is a cookie-less domain and does not process personal data, as it serves purely to manage other services in our online offering.
When Google Tag Manager starts, the browser establishes a connection to Google's servers. These are mainly located in the USA. Through this, Google gains knowledge that our website was accessed via a user's IP address.
Tag Manager ensures the resolution of other tags, which in turn may collect data. However, Tag Manager does not access this data. If a deactivation was made at the domain or cookie level, it remains in effect for all tracking tags implemented with Tag Manager.
Further Information
- Website: https://www.google.com
- Privacy: https://policies.google.com/privacy
- Security Principles: https://safety.google/intl/de/principles/
- Ads Processor Terms: https://business.safety.google/adsprocessorterms/
- Data Centers: https://www.google.com/about/datacenters/locations/
Updates or Changes to these Privacy Provisions
We reserve the right to change or review these privacy provisions from time to time. You will find the date of the current version under "Last updated." Your continued use of the platform following the announcement of such changes on our website represents your consent to such changes to the privacy provisions and counts as your agreement to be bound by the amended provisions.
How to Reach Us
Please contact us with general questions about the website, the data we collect about you, or the use of that data.
Variant E.S.e.U. (Elena Designcoach)
Dr. Elena Sizova