We have prepared this Privacy Policy (version 02.09.2024-112866807) to explain, in accordance with the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national laws, what personal data (simply referred to as data) we, as the data controller, process and will process in the future, and the lawful options available to you. The terms used are intended to be gender-neutral.

In short: We provide you with comprehensive information about the data we process about you. Privacy policies often sound very technical and use legal jargon. However, this Privacy Policy aims to describe the essential information as simply and transparently as possible. Where helpful for clarity, technical terms are explained in a reader-friendly manner, links to additional information are provided, and graphics may be used. In straightforward language, we explain that we only process personal data in our business activities when a corresponding legal basis is in place. This cannot be achieved by providing brief, vague, and technical-legal explanations, as is often standard on the internet regarding data protection. We hope you find the following explanations interesting and informative, and perhaps you may even learn something new.

If any questions remain, please do not hesitate to contact the responsible party listed below or in the imprint, follow the provided links, or review additional information on third-party websites. Our contact information is also available in the imprint.

This Privacy Policy applies to all personal data processed by our company and all personal data processed by companies we have commissioned (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can provide and bill for our services and products, whether online or offline. The scope of this Privacy Policy covers:

all online presences (websites, online stores) we operate,

social media presences and email communication,

mobile apps for smartphones and other devices.

In short: This Privacy Policy applies to all areas where personal data is processed within the company through the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

In the following Privacy Policy, we provide transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that allow us to process personal data. Concerning EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can access this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example is storing data you entered in a contact form.

Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information in advance.

Legal obligation (Article 6(1)(c) GDPR): We process your data if we are legally obligated to do so. For example, we are legally required to retain invoices for accounting purposes, which usually contain personal data.

Legitimate interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently. This processing thus serves a legitimate interest.

Other conditions, such as acting in the public interest or exercising official authority and protecting vital interests, generally do not apply to us. If such a legal basis becomes relevant, it will be indicated accordingly.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG.

In Germany, the Federal Data Protection Act, or BDSG, applies.

If additional regional or national laws apply, we will inform you in the following sections.

If you have questions about data protection or data processing, please find the contact information of the responsible person or office below:

Julian Greisinger

c/o IP-Management #42572

Ludwig-Erhard-Str. 18

20459 Hamburg

Germany

Email: julian@poltix-media.net

Phone: +43 660 37 5 60 50

Imprint: https://tt-mauthausen.at/impressum

As a general criterion, we store personal data only as long as necessary to provide our services and products. This means that we delete personal data once the reason for data processing no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased, for example, for accounting purposes.

If you request deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it. We provide information on the specific duration of each data processing operation below if we have further information.

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to ensure fair and transparent data processing:

According to Article 15 GDPR, you have the right to know whether we process your data. If so, you have the right to receive a copy of the data and the following information:

the purpose of the processing;

the categories or types of data being processed;

who receives the data and, if applicable, how security is ensured if transferred to third countries;

how long the data is stored;

the existence of the right to rectification, deletion, or restriction of processing and the right to object to processing;

your right to lodge a complaint with a supervisory authority (links to these authorities are provided below);

the origin of the data if we did not collect it from you;

whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile.

You have further rights as follows:

Under Article 16 GDPR, the right to rectification, meaning that we must correct data if you find errors.

Under Article 17 GDPR, the right to deletion (“right to be forgotten”), which means you may request the deletion of your data.

Under Article 18 GDPR, the right to restrict processing, meaning we may only store the data but not use it further.

Under Article 20 GDPR, the right to data portability, meaning we provide your data in a commonly used format upon request.

Under Article 21 GDPR, the right to object, which, once enforced, brings about a change in processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then promptly assess whether we can legally comply with this objection.

If data is used for direct advertising, you may object to this type of data processing at any time. We may no longer use your data for direct marketing after that.

If data is used for profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling after that.

Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).

Under Article 77 GDPR, you have the right to lodge a complaint. This means you may contact the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights—please do not hesitate to contact the responsible office at our company!

If you believe that data processing violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl

Address: Barichgasse 40-42, 1030 Vienna

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

Website: https://www.dsb.gv.at/

Summary

Affected parties: Anyone who communicates with us by phone, email, or online form

Processed data: e.g., phone number, name, email address, entered form data. More details can be found for each contact type

Purpose: Handling communication with customers, business partners, etc.

Storage duration: Duration of the business transaction and statutory requirements

Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us and communicate by phone, email, or online form, personal data may be processed. The data is processed to address and manage your inquiry and the related business transaction. The data is stored for as long as the law requires.

The mentioned processes affect anyone who contacts us through the communication channels we provide.

When you call us, call data is pseudonymized and stored on the respective device and by the telecommunications provider. Additionally, data such as name and phone number may be sent by email afterward and saved to respond to the inquiry. The data is deleted once the business transaction is completed and legal regulations permit.When you call us, call data is pseudonymized and stored on the respective device and by the telecommunications provider. Additionally, data such as name and phone number may be sent by email afterward and saved to respond to the inquiry. The data is deleted once the business transaction is completed and legal regulations permit.

If you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.), and data may also be stored on the email server. The data is deleted once the business transaction is completed and legal regulations permit.

If you communicate with us via an online form, data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data is deleted once the business transaction is completed and legal regulations permit.

Data processing is based on the following legal bases:

Art. 6(1)(a) GDPR (consent): You give us consent to store your data and use it further for purposes related to the business transaction.

Art. 6(1)(b) GDPR (contract): It is necessary to fulfill a contract with you or a processor, such as a telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer.

Art. 6(1)(f) GDPR (legitimate interests): We aim to conduct customer inquiries and business communication professionally. Certain technical facilities, such as email programs, exchange servers, and mobile network operators, are necessary to conduct communication efficiently.

Affected: Website visitors

Purpose: Improving user experience and organization

Processed data: The data processed varies significantly depending on the services used. Most often, it includes IP address, contact and payment data, and/or technical data. More details can be found for each tool used.

Storage duration: Depends on the tools used

Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

To enable you to make bookings through our website, we use one or more booking systems. Appointments, for example, can be created easily online this way. A booking system is a software application integrated into our website that displays available resources (such as free appointments) and allows you to book directly online and usually pay as well. You may be familiar with such booking systems from the hospitality or hotel industry. Nowadays, such systems are used in various industries. Depending on the tool and settings, booking systems can be used internally for us and for customers like you. Typically, personal data from you is collected and stored.

We see our website as a free service for you to some extent. You should receive helpful information and feel comfortable on our website. This includes an online service that makes it as easy as possible for you to book appointments or services. Gone are the days of inconveniently waiting days for a booking confirmation via phone or email. With an online booking system, you can complete everything with a few clicks and move on to other things. The system also makes it easier for us to manage all bookings and appointments. Therefore, we consider such a booking system absolutely sensible for both you and us.

The exact data processed cannot be specified in this general information text about the booking system. It always depends on the tool used and its functions and capabilities. Many booking systems offer a range of additional features besides the conventional booking function. For example, many systems include an external online payment system (e.g., by Stripe, Klarna, or PayPal) and a calendar synchronization function. Accordingly, depending on the functions, different data may be processed. Usually, data such as IP address, name and contact details, technical information about your device, and the time of a booking is processed. If you make a payment in the system, banking data such as account number, credit card number, passwords, TANs, etc., may also be stored and transferred to the respective payment provider. We recommend reading the specific privacy policy of the tool used to know precisely what data is processed.

Each booking system stores data for different periods. Therefore, we cannot provide specific information on the duration of data processing here. However, personal data is generally only stored for as long as necessary to provide the services. Booking systems usually also use cookies that store information for varying lengths of time. Some cookies are deleted immediately after leaving the site, while others may be stored for several years. You can find more about this in our "Cookies" section. Please also read the providers' respective privacy policies. These should explain how long your data is stored in each case.

If you have consented to data processing by a booking system, you naturally also have the option and right to withdraw this consent. Please always be aware that you have rights regarding your personal data and can exercise these rights at any time. If you do not want personal data processed, then no personal data may be processed. It is that simple. The easiest way to withdraw consent is through a cookie consent tool or other opt-out functions. For example, you can manage cookie storage directly in your browser. The lawfulness of data management remains unaffected until your withdrawal.

If you have consented to data processing by a booking system, you naturally also have the option and right to withdraw this consent. Please always be aware that you have rights regarding your personal data and can exercise these rights at any time. If you do not want personal data processed, then no personal data may be processed. It is that simple. The easiest way to withdraw consent is through a cookie consent tool or other opt-out functions. For example, you can manage cookie storage directly in your browser. The lawfulness of data management remains unaffected until your withdrawal.

We also use the online booking system Calendly. The service provider is the American company Calendly Inc., 115 E. Main St., Ste A1B, Buford, GA 30518, USA. Calendly processes your data, including in the USA. Calendly is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Calendly uses what are known as standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission to ensure that your data complies with European data protection standards, even if transferred to third countries (e.g., the USA) and stored there. Through the EU-US Data Privacy Framework and standard contractual clauses, Calendly commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en. For more information about the standard contractual clauses used by Calendly, refer to the data processing terms at https://calendly.com/dpa. We hope we have provided you with the essential information regarding Calendly's data processing. More details on the data processed by Calendly can be found in the privacy policy at https://calendly.com/privacy.

Congratulations! If you are reading these lines, you have made it through our entire privacy policy or at least scrolled down to this point. As you can see from the extent of our Privacy Policy, we take the protection of your personal data very seriously.

We aim to inform you to the best of our knowledge and belief about the processing of personal data. Moreover, we want to explain why we use various software programs, not just which data is processed.

If you have questions about data protection on our website, please feel free to contact us or the responsible office.

We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are copyright protected.