Privacy policy

Data privacy policy

This Data Privacy Policy informs you which personal data we process, how and for which purposes we process personal data (hereinafter “data”) in the context of our online offer and the related websites, functions, content, and external online presences, such as our social media profiles (collectively “online offer”). The terms “processing” or “controller” used herein are defined in Article 4 of the General Data Protection Regulation (GDPR).


Bildgasse 40
Industrie Nord
6890 Lustenau
Phone: 0043 / 5577 / 866 44 – 0

Categories of processed data:

  • Basic data (e.g. name, address)
  • Contact details (e.g. email, phone numbers)
  • Content data (e.g. text entries, photos, videos)
  • User data (e.g. websites visited, interest in content, access times)
  • Meta and communication data (e.g. device identifiers, IP addresses).

Categories of data subjects:

Visitors and users of the online offer (hereinafter collectively “users”).

Purposes for which we process personal data:

  • To make available the online offer, its functions and content
  • to answer contact requests and to communicate with users
  • to implement security measures
  • to measure audience reach/to carry out marketing measures


“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This definition must be understood broadly and covers basically any handling of data.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases:

Subject to Article 13 GDPR, we process data based on the following legal provisions. Where this data privacy policy does not disclose the legal basis for our processing operations, the following applies: Your consent is obtained on the basis of Article 6 (1) (a) and Article 7 GDPR, and we provide our services and implement contractual procedures and answer requests on the basis of Article (6) (1) (b) GDPR. We lawfully process data to comply with our legal obligations according to Article (6) (1) (c) GDPR and for the purposes of our legitimate interests according to Article (6) (1) (f) GDPR. Personal data may be lawfully processed in order to protect the vital interests of the data subject or of another natural person according to Article 6 (1) (d) GDPR.

Cooperation with processors and third parties:

Whenever we disclose, transfer or make data otherwise accessible to other persons or companies (processors or third parties) in the context of our processing operations, we do so on the basis of a legal authorisation (for example if it is necessary to transfer data to third parties, such as payment services providers, according to Article (6) (1) (b) GDPR for the performance of a contract), on the basis of your consent, to comply with a legal obligation or to pursue our legitimate interests (e.g. when we use contractors, web hosters, etc).

We will appoint third parties for the processing of data on the basis of a “data processing agreement” according to Article 28 GDPR.

Transfer of data to third countries:

Whenever we process data in a third country (i.e. in a state outside the European Union (EU) or the European Economic Area (EEA)) or where processing operations are carried out by third parties or data are disclosed or transferred to third parties, we do so only if this is necessary to comply with our (pre)contractual obligations on the basis of your consent, to comply with a legal obligation or to pursue our legitimate interests. Subject to legal or contractual authorisations, we process data or have data processed in a third country only if the conditions laid down in Articles 44 et seq GDPR are complied with.  Data are therefore processed if appropriate safeguards have been provided, such as an officially recognised level of data protection consistent with EU requirements (e.g. the “Privacy Shield” for the United States) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of the data subject:

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to further information and to a copy of such data according to Article 15 GDPR.

According to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data concerning you or to have incomplete personal data completed.

According to Article 17 GDPR, you have the right to obtain the erasure of the relevant data without undue delay or, alternatively, according to Article 18 GDPR, the right to restriction of processing.

According to Article 20 GDPR, you have the right to receive the data you have provided to us or to have those data transmitted to another controller.

Furthermore, according to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal:

You have the right to withdraw your consent at any time according to Article 7 (3) GDPR.

Right to object:

You have the right to object at any time to processing of your personal data based on Article 21 GDPR. You may also object to processing of data for direct marketing purposes.

Cookies and right to object to processing for direct marketing purposes:

“Cookies” are tiny text files that are stored on your computer. Cookies can store different information. A cookie primarily helps store information on a user (or on the device on which the cookie is stored) during, and also after a user visits a website in the context of an online offer. Temporary cookies or “session cookies” or “transient cookies” are cookies that are deleted when a user leaves a website and closes his or her browser. Such a cookie can store the content of an online basket or a login status. “Permanent” or “persistent” cookies remain on your computer also after you close your browser and can therefore store the log-in status if you visit the website again. Such a cookie can also store a user’s preferences that are used to measure audience reach or for marketing purposes. “Third-party cookies” are cookies of providers other than the controller who operates the online offer (the controller’s cookies are called “first-party cookies”).

We can use temporary and permanent cookies and explain our cookie policy in this data privacy policy.

If you want to block cookies, you should adjust the settings on your browser which allow you to disable cookies. You can adjust the settings on your browser to delete cookies. However, if you do this, you may not be able to benefit from the full functionality of this online offer.

You can generally block the use of cookies for online marketing purposes in a number of services, especially in the case of tracking via the US site or the EU site You can also block the storage of cookies by adjusting the settings on your browser. However, if you do this, you may not be able to benefit from the full functionality of this website.

Erasure of data:

Data we process will be erased or processing restricted subject to Articles 17 and 18 GDPR. Unless this data privacy policy explicitly states otherwise, we erase data we have processed as soon as they are no longer necessary for the purposes for which they were processed, and when the legal retention periods have expired. Where data are not erased because they are necessary for other and lawful purposes, processing will be restricted. Data will then be blocked and not processed for other purposes. This applies, for example, to data that we are required to keep on the grounds of commercial or tax laws.

According to legal requirements applicable in Austria, there is a 7-year retention period according to § 212 (1) of the Commercial Code (UGB) (books and records, inventories, opening balance sheets, financial statements and directors’ reports, etc.) and according to § 132 (1) Federal Tax Code (BAO) (accounting records, receipts/invoices, accounts, receipts, business records, statement of revenue and expenditure, etc.), a 22-year retention period in connection with land, and a 10-year retention period for documents relating to electronic services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the mini-one-stop-shop (MOSS) applies.

Business-related processing operations:

In addition, we process

  • contract data (e.g. subject-matter of a contract, duration, customer category),
  • payment data (e.g. bank details, payment history)

of our customers, prospects and business partners for the provision of services under a contract, for service and customer support, marketing, advertising, and market research.


We use hosting services in order to provide the following services: infrastructure and platform services, computing capacity, memory and database services, security services, and technical maintenance services which we use to run this online offer.

In doing so, we or our hosting provider processes personal details, contact details, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of this online offer on the basis of our legitimate interests which consist in making this online offer available in an efficient and safe manner according to Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of data processing agreement).

Collection of access data and log files:

Based on our legitimate interests according to Article 6 (1) (f) GDPR, our hosting providers or we will collect data on every access to the server which hosts the services (so-called server log files). Access data include the name of the website visited, the name of the file that was retrieved, and the date and time when it was retrieved, the data volume transferred, status of successful transfer, type and version of browser, user's operating system, referrer URL (the site visited before), IP address and requesting provider.

Log file information is stored for a maximum period of 7 days for security reasons (e.g. to clear up cases involving abuse or fraud) and is then erased. Data that must be kept for evidence purposes will not be erased until the respective incident is finally resolved.

Provision of contractual services:

We process personal details (such as names and addresses and contact details of users), contract data (e.g. services used, names of contact points, payment information) in order to comply with our contractual obligations and to provide services according to Article 6 (1) (b) GDPR. Information that you are obliged to provide in online forms is necessary for the conclusion of a contract.

 We erase data after the expiration of legal guarantee obligations or similar obligations; every three years, we assess whether it is still necessary to keep data; data are erased after the expiration of legal archiving obligations. Any information provided in a customer’s account is kept until the account is deleted.


If a user contacts us (for example via contact form, email, phone or social media), we will process the user’s information to handle the contact request according to Article 6 (1) (b) GDPR. The user’s information can be stored in a customer relationship management system (“CRM system) or in a similar request organization.

We erase requests that are no longer necessary. We assess that necessity every two years; the legal archiving obligations apply.

Google Analytics:

Based on our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer according to Article 6 (1) (f) GDPR) we use Google Analytics, a web analytics service provided by Google LLC (“Google“). Google uses cookies. Information generated by the cookies on the use of this website is regularly transmitted to and stored by a Google server in the United States.

Google is certified according to the EU-US Privacy Shield and therefore guarantees to comply with European data protection laws (

On our behalf, Google will use this information for the purpose of evaluating your use of our online offer, for compiling synthesis reports on website activity for website operators, and for providing us with other services relating to website activity and internet usage. In this context, pseudonym user profiles can be created on the basis of the processed data.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will be truncated by Google in a Member State of the European Union or in another contracting state of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.

The IP address transmitted by your browser will not be matched with other data of Google. Furthermore, you may adjust the settings of your browser to block cookies; furthermore, you can download and install the browser plugin provided below to prevent the collection of data relating to your use of this online offer generated by the cookie to Google and the processing of such data by Google.

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.


If you want to learn more about how Google uses data, how to adjust your settings and how to object, go the following Google websites: ("How Google uses information from sites or apps that use our services“), (“How Google uses data in advertising”),  (“Control the information Google uses to show you ads”).

 Online presence in social media:

We are active on social media and platforms in order to communicate with and inform customers, prospects and users on these platforms about our services. When you visit these media and platforms, the terms and conditions and data processing policies of the respective operators apply.

Unless our data privacy policy provides otherwise, we process the data of users if they communicate with us via social media and on platforms via posts on our online presence or via messages sent.

Integration of services and content provided by third parties:

We provide content or services offered by third parties in the context of our online offer based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Article 6 (1) (f) GDPR) in order to integrate their content and services such as videos or fonts (hereinafter collectively “content”).

However, this always requires the third-party providers of such content to recognise the IP address of a user, because they could not send content to a user’s browser without the IP address. The IP address is therefore necessary to display such content. We endeavour to use only content of providers who use the IP address only to deliver such content. Furthermore, third-party providers can also use pixel tags (transparent graphic images also referred to as “web beacons”) for purposes of statistics or marketing. Pixel tags are used to analyse information such as user traffic on the pages of this website. Pseudonymous data can also be stored in cookies on the user’s computer and contain, among other things, technical information on the browser and operating system, referring websites, time of visit, and other information on the use of our online offer, and can be matched with such information from other sources.