Privacy Policy

Rechtstext von Dr. Schwenke - für weitere Informationen bitte anklicken.

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Last updated: May 5, 2026

Table of Contents

Preamble · Controller · Contact Data Protection Officer · Overview of Processing · Applicable Legal Bases · Security Measures · Transmission of Personal Data · International Data Transfers · General Information on Data Storage and Deletion · Rights of Data Subjects · Business Services · Business Processes and Procedures · Use of Online Platforms for Offering and Sales Purposes · Providers and Services Used in the Course of Business · Payment Methods · Credit Assessment · Provision of the Online Offering and Web Hosting · Use of Cookies · Contact and Inquiry Management · Communication via Messenger · Artificial Intelligence (AI) · Video Conferences, Online Meetings, Webinars, and Screen Sharing · Cloud Services · Newsletters and Electronic Notifications · Web Analytics, Monitoring and Optimization · Digital Badges · Presences in Social Networks (Social Media) · Plug-ins and Embedded Functions and Content · Management, Organization and Auxiliary Tools · Processing of Data in the Context of Employment Relationships · Application Procedures · Changes and Updates · Definitions

Controller

AV-Professional GmbH City Park Vienna Brunner Straße 63/23 1230 Vienna

Contact: Bashir Altawil

Authorized representatives: David Knapp, Ing. Rainer Strzygowski

Email address: datenschutz@avpro.at

Phone: 0043 1 252 10 0

Imprint: https://www.avpro.at/impressum

Contact Data Protection Officer

AV-Professional GmbH City Park Vienna Brunner Straße 63/23 1230 Vienna

Contact: Bashir Altawil b.altawil@avpro.at

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

Inventory data · Employee data · Payment data · Location data · Contact data · Content data · Contract data · Usage data · Meta, communication and procedural data · Social data · Applicant data · Image and/or video recordings · Audio recordings · Log data · Performance and behavioral data · Working time data · Credit data · Salary data

Special Categories of Data

Health data · Religious or philosophical beliefs · Trade union membership

Categories of Data Subjects

Recipients of services and clients · Employees · Prospective customers · Communication partners · Users · Applicants · Business and contractual partners · Persons depicted · Third parties · Customers

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations · Communication · Security measures · Direct marketing · Reach measurement · Office and organizational procedures · Remarketing · Organizational and administrative procedures · Application procedures · Feedback · Marketing · Profiles with user-related information · Provision of our online offering and user-friendliness · Assessment of creditworthiness · Establishment and performance of employment relationships · IT infrastructure · Public relations and information purposes · Financial and payment management · Public relations · Sales promotion · Business processes and operational procedures · Artificial intelligence (AI)

Automated Decisions in Individual Cases

Credit assessment

Applicable legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.
  • Application procedures as pre-contractual or contractual relationships (Art. 6(1)(b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants in the course of the application procedure, their processing is carried out in accordance with Art. 9(2)(b), (c) or (h) GDPR.
  • Processing of special categories of personal data in relation to healthcare, professional and social security matters (Art. 9(2)(h) GDPR) – Processing is necessary for the purposes of preventive or occupational medicine, assessment of working capacity, medical diagnosis, or provision of health or social care.

National data protection regulations in Austria: In addition to the GDPR, national data protection regulations apply in Austria, in particular the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG).

Applicable legal bases under Swiss data protection law: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (Swiss FADP).

Note on the applicability of the GDPR and Swiss FADP: These privacy notices serve to provide information both under the Swiss FADP and under the GDPR. The terms of the GDPR are used for the sake of broader territorial applicability and comprehensibility.

Security Measures

We implement appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include in particular securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data. We also consider the protection of personal data in the development or selection of hardware, software, and processes, in accordance with the principle of privacy by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL.

Transmission of Personal Data

In the course of our processing of personal data, it may be transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transmission within the organization: We may transmit personal data to other departments or units within our organization or grant access to such data, based on our legitimate business interests or where necessary for fulfilling our contractual obligations.

International Data Transfers

Data processing in third countries: Insofar as we process data in a third country (i.e., outside the EU or EEA), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), recognized by the EU Commission on July 10, 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers. This dual safeguard ensures comprehensive protection of your data.

Further information on the DPF and a list of certified companies can be found at https://www.dataprivacyframework.gov/ (in English).

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are revoked or no further legal basis for processing exists.

Further notes on processing operations, procedures and services:

Retention and deletion of data: The following general retention periods apply under Austrian law:

  • 10 years – Books and records, annual financial statements, inventories, accounting documents and invoices (BAO §132, UGB §§190–212).
  • 6 years – Other business documents: commercial or business letters and other tax-relevant documents (BAO §132, UGB §§190–212).
  • 3 years – Data required to account for warranty and compensation claims, based on the regular statutory limitation period (§§ 1478, 1480 ABGB).

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, arising in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right to object at any time to processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
  • Right to withdraw consent: You have the right to withdraw consent at any time.
  • Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to access such data.
  • Right to rectification: You have the right to request the completion or rectification of inaccurate personal data concerning you.
  • Right to erasure and restriction of processing: You have the right to request the immediate deletion of data concerning you, or alternatively restriction of processing.
  • Right to data portability: You have the right to receive data concerning you in a structured, commonly used and machine-readable format.
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR.

Business Services

We process data of our contractual and business partners (collectively “contractual partners”) in the context of contractual and comparable legal relationships and associated measures, and in the context of communication with contractual partners.

We delete the data upon expiry of statutory warranty obligations, generally after four years, unless the data must be retained for legal archiving purposes (e.g., for tax purposes, generally ten years).

Types of data processed: Inventory data · Payment data · Contact data · Contract data · Usage data · Meta, communication and procedural data · Employee data

Data subjects: Recipients of services and clients · Prospective customers · Business and contractual partners · Employees

Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legal obligation (Art. 6(1)(c) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Online shop, order forms, e-commerce and delivery: We process customer data to enable selection, purchase and delivery of products and associated services; Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Event management: We process participant data to enable participation in events and use of associated services; Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Film and television production: We process data of customers and clients to enable planning, production and distribution of film and television content; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legal obligation (Art. 6(1)(c) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Rental services: We process data of tenants and prospective tenants in accordance with the underlying rental agreement; Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Technical services: We process data of customers and clients to enable selection, purchase and provision of technical services; Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Business Processes and Procedures

Personal data of recipients of services and clients is processed in the context of contractual and comparable legal relationships and pre-contractual measures. This data processing supports operational procedures in areas such as customer management, sales, payment transactions, accounting and project management.

Types of data processed: Inventory data · Payment data · Contact data · Content data · Contract data · Usage data · Meta, communication and procedural data · Log data · Employee data

Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR) · Legal obligation (Art. 6(1)(c) GDPR)

Further notes on processing operations, procedures and services:

Customer management and CRM: Procedures in the context of customer management and CRM (e.g., customer acquisition, retention, communication, complaint management); Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Sales: Procedures in planning, executing and monitoring measures for marketing and selling products or services; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Accounting and payment transactions: Procedures in recording, processing and monitoring business transactions in accounts payable and receivable; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legal obligation (Art. 6(1)(c) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Marketing, advertising and sales promotion: Procedures in the context of marketing, advertising and sales promotion (e.g., market analysis, advertising campaigns, online marketing including SEO and social media); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Public relations: Procedures in the context of public relations and PR (e.g., communication strategies, PR campaigns, press releases, media contacts); Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Use of Online Platforms for Offering and Sales Purposes

We offer our services on online platforms operated by other service providers. The privacy policies of the respective platforms apply in addition to our own.

Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.ebay.de/; Privacy policy: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260.

Providers and Services Used in the Course of Business

In the course of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers in compliance with legal requirements.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Asana: Project management – organization and administration of teams, groups, workflows, projects and processes; Service provider: Asana, Inc, 1550 Bryant Street, Suite 200, San Francisco, CA 94103, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://asana.com; Privacy policy: https://asana.com/de/terms#privacy-policy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-teams/; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Payment Methods

We offer data subjects efficient and secure payment options and use, in addition to banks and credit institutions, further payment service providers.

Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

American Express: Payment services; Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Website: https://www.americanexpress.com/de/; Privacy policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard: Payment services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website: https://www.mastercard.de/de-de.html; Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

PayPal: Payment services; Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Visa: Payment services; Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Website: https://www.visa.de; Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Credit Assessment

Insofar as we advance performance or assume comparable economic risks, we reserve the right to obtain an identity and credit check from specialized credit reference agencies.

Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Automated decisions in individual cases: Credit assessment (decision based on a credit check)

Further notes on processing operations, procedures and services:

AKV EUROPA – Alpenländischer Kreditorenverband: Credit reference agency; Service provider: AKV EUROPA, Schleifmühlgasse 2, 1041 Vienna, Austria; Website: https://www.akv.at/; Privacy policy: https://www.akv.at/impressum.

KSV1870 – Kreditschutzverband von 1870: Credit reference agency; Service provider: KSV1870 Holding AG, Wagenseilgasse 7, A-1120 Vienna, Austria; Website: https://www.ksv.at/; Privacy policy: https://www.ksv.at/datenschutzerklaerung.

Provision of the Online Offering and Web Hosting

We process user data in order to provide our online services to them.

Types of data processed: Usage data · Meta, communication and procedural data · Log data · Content data

Purposes of processing: Provision of online offering and user-friendliness · IT infrastructure · Security measures

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Provision of online offering on rented storage space: We use storage space, computing capacity and software rented from a server provider; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Collection of access data and log files: Access to our online offering is logged in the form of server log files. Log file information is stored for a maximum of 30 days and then deleted or anonymized; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Email sending and hosting: Our web hosting services also include the sending, receiving and storage of emails; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Content Delivery Network: We use a CDN to deliver content of our online offering more quickly and securely; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Hetzner: IT infrastructure services; Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz; Data processing agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

WordPress.com: Hosting and software for websites and blogs; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Website: https://wordpress.com; Privacy policy: https://automattic.com/de/privacy/; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Microsoft Azure: IT infrastructure services; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Website: https://azure.microsoft.com; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

gstatic.com: Content Delivery Network (CDN); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy policy: https://policies.google.com/privacy.

W3 Total Cache: WordPress performance and caching plugin to optimize loading times through browser caching, page caching, database caching, and optional CDN integration. In the context of caching operations, technical usage data (including IP addresses, accessed URLs, browser information) is processed in server logs. W3 Total Cache does not transmit personal data to the plugin manufacturer. Processing is carried out exclusively on our server and, if applicable, via integrated CDN services; Service provider: Newfold Digital, Inc. (BoldGrid), 5335 Gate Pkwy, Jacksonville, FL 32256, USA; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.boldgrid.com/w3-total-cache/; Privacy policy: https://www.newfold.com/privacy-center. Basis for third-country transfers (where CDN services are integrated): EU/EEA – Standard Contractual Clauses; please refer to the privacy policy of the respective CDN provider.

Use of Cookies

The term “cookies” refers to functions that store and retrieve information on users’ terminal devices. Cookies may be used for various purposes, such as ensuring the functionality, security and convenience of online offerings, as well as for the creation of analyses of visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance.

Storage period:

  • Temporary cookies (session cookies): Deleted at the latest after a user leaves an online offering and closes their terminal device.
  • Permanent cookies: Remain stored even after the terminal device is closed. Storage duration may be up to two years.

General notes on withdrawal and objection (opt-out): Users may withdraw consents at any time and object to processing, including by means of the privacy settings of their browser.

Types of data processed: Meta, communication and procedural data · Usage data

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR) · Consent (Art. 6(1)(a) GDPR)

Further notes on processing operations, procedures and services:

Processing of cookie data on the basis of consent: We use a consent management solution by means of which users’ consent to the use of cookies is obtained. The duration of storage of consent is up to two years; Legal basis: Consent (Art. 6(1)(a) GDPR).

Cookie opt-out: In the footer of our website, you will find a link through which you can change your cookie settings and withdraw corresponding consents.

Borlabs Cookie: Consent management platform for obtaining, documenting and managing user consent for the use of cookies and comparable technologies, and for enabling the withdrawal of consent already given. When visiting our website for the first time, a cookie is set that stores the user’s consent status (opt-in or opt-out per category), a pseudonymous user identifier, and the timestamp of consent. This data is processed exclusively on our own server and is not shared with third parties. The Borlabs cookie is stored on the user’s device for a maximum of 12 months; Service provider: borlabs GmbH, Rödingsmarkt 20, 20459 Hamburg, Germany; Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR); Website: https://borlabs.io; Privacy policy: https://borlabs.io/datenschutzerklaerung/. As processing takes place exclusively on our own servers within the EU, no third-country transfer occurs.

Contact and Inquiry Management

When contacting us and in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as necessary to respond to inquiries.

Types of data processed: Inventory data · Contact data · Content data · Usage data · Meta, communication and procedural data

Data subjects: Communication partners

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR) · Performance of a contract (Art. 6(1)(b) GDPR)

Further notes on processing operations, procedures and services:

Contact form: When you contact us via our contact form, by email or other means, we process the personal data transmitted to respond to and handle the inquiry; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Communication via Messenger

We use messenger services for communication purposes. In the case of end-to-end encryption, communication content is not visible even to the messenger providers themselves.

Types of data processed: Contact data · Content data · Usage data · Meta, communication and procedural data

Legal bases: Consent (Art. 6(1)(a) GDPR) · Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Apple iMessage: Sending and receiving text messages, voice messages and video calls, end-to-end encrypted; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.

Instagram: Sending messages via the social network Instagram; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/.

Facebook Messenger: Sending and receiving text messages, voice and video calls, group chats, file sharing; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Microsoft Teams: Chat, audio and video conferencing, file sharing; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Website: https://www.microsoft.com/de-de/microsoft-365; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Artificial Intelligence (AI)

We use Artificial Intelligence (AI), whereby personal data is processed. Our AI systems are deployed in strict compliance with legal requirements, adhering to the principles of lawfulness, transparency, fairness, human control, purpose limitation, data minimization, and integrity and confidentiality.

Types of data processed: Content data · Usage data

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

ChatGPT: AI-based service for understanding and generating natural language; Service provider: OpenAI Ireland Ltd, 117–126 Sheriff Street Upper, D01 YC43 Dublin 1, Ireland; Website: https://openai.com/product; Privacy policy: https://openai.com/de/policies/eu-privacy-policy.

DALL-E: Generating images from text descriptions; Service provider: OpenAI, 3180 18th St, San Francisco, CA 94110, USA; Website: https://openai.com/product; Privacy policy: https://openai.com/policies/privacy-policy.

DeepL: Translation of texts into various languages; Service provider: DeepL SE, Maarweg 165, 50825 Cologne, Germany; Website: https://www.deepl.com; Privacy policy: https://www.deepl.com/de/privacy.

Microsoft Copilot: AI-supported creation and editing of texts, tables and presentations; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Website: https://www.microsoft.com/de-de/microsoft-copilot/organizations; Privacy policy: https://www.microsoft.com/de-de/privacy/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Midjourney: Creating AI-generated images based on text inputs; Service provider: Midjourney, Inc., 795 Folsom Street, 1st Floor, San Francisco, CA 94107, USA; Website: https://www.midjourney.com/; Privacy policy: https://docs.midjourney.com/docs/privacy-policy.

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use conference platforms for the purpose of conducting video and audio conferences, webinars and other types of meetings.

Types of data processed: Inventory data · Contact data · Content data · Usage data · Image and/or video recordings · Audio recordings · Log data

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Cisco WebEx: Conference and communication software; Service provider: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf; Website: https://www.webex.com/de; Privacy policy: https://www.cisco.com/c/de_de/about/legal/privacy-full.html; Basis for third-country transfers: EU/EEA – DPF.

Microsoft Teams: Audio and video conferencing, chat, file sharing, optional recording; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Website: https://www.microsoft.com/de-de/microsoft-teams/; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

TeamViewer: Conference and communication software; Service provider: TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen, Germany; Website: https://www.teamviewer.com/de/; Privacy policy: https://www.teamviewer.com/de/legal/privacy-and-cookies/.

Zoom: Video conferencing, online meetings, webinars, screen sharing, optional recording; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Privacy policy: https://explore.zoom.us/de/privacy/; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Cloud Services

We use cloud services for the storage and management of content.

Types of data processed: Inventory data · Contact data · Content data · Usage data · Image and/or video recordings

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Adobe Creative Cloud: Cloud storage and cloud-based application software for photo editing, video editing and graphic design; Service provider: Adobe Systems Software Ireland, 4–6 Riverwalk Drive, Citywest Business Campus, Dublin 24, Ireland; Website: https://www.adobe.com/de/creativecloud.html; Privacy policy: https://www.adobe.com/de/privacy.html; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Apple iCloud: Cloud storage service; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.

Microsoft Cloud Services: Cloud storage, cloud infrastructure and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Website: https://microsoft.com/de-de; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Newsletters and Electronic Notifications

We send newsletters, emails and other electronic notifications exclusively with the consent of recipients or on a legal basis.

Content: Company news, product news, rental updates, expert knowledge, industry talk, our services, promotions and offers.

Types of data processed: Inventory data · Contact data · Meta, communication and procedural data · Usage data

Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Opt-out: You may cancel your newsletter subscription at any time via the unsubscribe link at the end of each newsletter or by using our contact details.

Further notes on processing operations, procedures and services:

Measurement of open and click rates: Newsletters contain a web beacon for measuring open and click rates. This measurement is carried out on the basis of user consent; Legal basis: Consent (Art. 6(1)(a) GDPR).

Mailjet: Email sending and automation services; Service provider: Mailjet SAS, 13–13 bis, rue de l’Aubrac, 75012 Paris, France; Website: https://www.mailjet.de; Privacy policy: https://www.mailjet.de/privacy-policy.

Web Analytics, Monitoring and Optimization

Web analytics serves to evaluate visitor flows to our online offering and may include behavior, interests or demographic information about visitors as pseudonymous values. We use an IP masking procedure (pseudonymization by truncating the IP address) to protect users.

Types of data processed: Usage data · Meta, communication and procedural data

Security measures: IP masking (pseudonymization of IP address)

Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. Google Analytics does not log or store individual IP addresses for EU users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses; Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de.

Google Site Kit: WordPress plugin for the central integration and management of Google services on the website (including Google Analytics, Google Search Console). Via Site Kit, connections to the respective Google services are established and usage data is transmitted to Google. Data processing is governed by the terms of the respective integrated Google services. Data collection via Google Analytics can be prevented using the opt-out plugin; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR); Website: https://sitekit.withgoogle.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses; Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de.

Google Search Console: We use Google Search Console to analyze the visibility of our online offering in Google Search and to monitor and optimize the technical performance of our website. Google Search Console collects data about search queries through which users found our website (search terms, clicks, impressions, average position), as well as technical information about indexing and crawling activity by Google. Personal data of individual users is made available to us by Google in aggregated and anonymized form only; identification of individual users is not possible for us. Use of Google Search Console requires verification of website ownership with Google; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — the legitimate interest consists in optimizing the discoverability and technical quality of our online offering; Website: https://search.google.com/search-console/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

Matomo: Software for web analytics and reach measurement. Data collected via Matomo is only processed by us and not shared with third parties. Cookies are stored for a maximum period of 13 months; Legal basis: Consent (Art. 6(1)(a) GDPR).

Digital Badges

Digital badges (also referred to as Open Badges) are digital certificates confirming the skills, achievements and interests of persons or organizations. Where badges are issued individually for specific persons, the associated metadata is processed.

Types of data processed: Inventory data · Content data · Usage data

Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Presences in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with users or offer information about us.

Types of data processed: Contact data · Content data · Usage data · Inventory data · Meta, communication and procedural data

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/; Basis for third-country transfers: EU/EEA – DPF.

Facebook Pages: We are jointly responsible with Meta Platforms Ireland Limited for the collection of data from visitors to our Facebook page; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

LinkedIn: We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection of data used to create Page Insights for our LinkedIn profiles; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Threads: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Website: https://www.threads.net/; Privacy policy: https://help.instagram.com/515230437301944.

Vimeo: Social network and video platform; Service provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA; Website: https://vimeo.com; Privacy policy: https://vimeo.com/privacy.

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF; Opt-out: https://myadcenter.google.com/personalizationoff.

Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Website: https://www.xing.com/; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements in our online offering obtained from the servers of third-party providers.

Types of data processed: Usage data · Meta, communication and procedural data · Location data

Legal bases: Consent (Art. 6(1)(a) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Google Fonts (retrieved from Google server): Retrieval of fonts for technically secure, maintenance-free and efficient use; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF.

Google Maps: Integration of maps from the Google Maps service; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://mapsplatform.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: EU/EEA – DPF.

Font Awesome (retrieved from provider server): Retrieval of fonts and symbols; Service provider: Fonticons, Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA; Website: https://fontawesome.com/; Privacy policy: https://fontawesome.com/privacy.

Management, Organization and Auxiliary Tools

We use services, platforms and software from third-party providers for the purposes of organizing, managing, planning and providing our services.

Types of data processed: Content data · Usage data · Meta, communication and procedural data · Inventory data · Contact data

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further notes on processing operations, procedures and services:

Asana: Project management; Service provider: Asana, Inc, 1550 Bryant Street, Suite 200, San Francisco, CA 94103, USA; Website: https://asana.com; Privacy policy: https://asana.com/de/terms#privacy-policy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

Calendly: Online appointment scheduling and management; Service provider: Calendly LLC., 271 17th St NW, Ste 1000, Atlanta, Georgia 30363, USA; Website: https://calendly.com/de; Privacy policy: https://calendly.com/privacy; Basis for third-country transfers: EU/EEA – Standard Contractual Clauses.

Mentimeter: Creation of presentations and meetings with real-time feedback; Service provider: Mentimeter AB, Alströmergatan 22, SE-112 47 Stockholm, Sweden; Website: https://www.mentimeter.com; Privacy policy: https://www.mentimeter.com/trust/legal/privacy-policy.

Trello: Project management tool; Service provider: Atlassian Pty Ltd, 350 Bush Street, Floor 13, San Francisco, CA 94104, USA; Website: https://trello.com/; Privacy policy: https://trello.com/privacy; Basis for third-country transfers: EU/EEA – DPF, Standard Contractual Clauses.

WeTransfer: Transfer of files via the internet; Service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam 1019 BW, Netherlands; Website: https://wetransfer.com; Privacy policy: https://wetransfer.com/legal/privacy.

Processing of Data in the Context of Employment Relationships

In the context of employment relationships, personal data is processed to effectively manage the establishment, performance and termination of such relationships.

Types of data processed: Employee data · Payment data · Contract data · Inventory data · Contact data · Content data · Social data · Log data · Performance and behavioral data · Working time data · Salary data · Image and/or video recordings · Usage data · Meta, communication and procedural data

Special categories of personal data: Health data · Religious or philosophical beliefs · Trade union membership

Data subjects: Employees

Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legal obligation (Art. 6(1)(c) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR) · Processing of special categories of personal data (Art. 9(2)(h) GDPR)

Further notes on processing operations, procedures and services:

Working time recording: Procedures for recording employee working hours using manual and automated methods; Legal bases: Performance of a contract (Art. 6(1)(b) GDPR) · Legitimate interests (Art. 6(1)(f) GDPR).

Video surveillance: Surveillance serves the security of the company, protection of property and safety of employees. Video data is deleted after a maximum of 96 hours unless a specific suspected case requires longer retention; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Deletion of employee data (Austrian law): Employee data is deleted when no longer required for the purpose for which it was collected. Key retention periods include: wage tax and levy obligations (§ 132(1) BAO): 7 years; social security: 7 years; records on occupational accidents (§ 16 ASchG): at least 5 years; entitlement to service certificate: 30 years.

Application Procedures

The application procedure requires applicants to communicate the data necessary for their assessment and selection. Applicant data is deleted at the latest after six months if the application is unsuccessful. Where offered, inclusion in an applicant pool is based on consent, with data retained for a maximum of 12 months.

Types of data processed: Inventory data · Contact data · Content data · Applicant data

Legal basis: Application procedures as pre-contractual or contractual relationship (Art. 6(1)(b) GDPR)

Changes and Updates

We ask you to inform yourself regularly about the content of our privacy policy. We update the privacy policy as soon as changes to data processing make this necessary.

Supervisory authority responsible for us:

Österreichische Datenschutzbehörde (Austrian Data Protection Authority) +43 1 52 152-0 dsb@dsb.gv.at

Definitions

Employees: Persons who are in an employment relationship, whether as workers, salaried employees or in similar positions.

Inventory data: Essential information necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments.

Credit assessment: Automated decisions based on automatic data processing without human involvement. Such decisions are only permissible under Art. 22 GDPR where data subjects consent, where necessary for contract performance, or where national laws permit.

Content data: Information generated in the course of creating, editing and publishing content of all kinds, including texts, images, videos and audio files.

Contact data: Essential information enabling communication with persons or organizations, including telephone numbers, postal addresses and email addresses.

Artificial intelligence (AI): The purpose of processing data through AI includes automated analysis and processing of user data to recognize patterns, make predictions and improve the efficiency and quality of our services.

Meta, communication and procedural data: Categories containing information about the manner in which data is processed, transmitted and managed.

Usage data: Information capturing how users interact with digital products, services or platforms.

Personal data: Any information relating to an identified or identifiable natural person.

Profiles with user-related information: Any type of automated processing of personal data used to evaluate, analyze or predict certain personal aspects relating to a natural person.

Log data: Information about events or activities logged in a system or network.

Reach measurement: Web analytics serving to evaluate visitor flows to an online offering.

Remarketing: The practice of noting which products a user was interested in, in order to remind the user of these products on other websites via advertisements.

Location data: Data indicating the geographically determinable position of a device or person.

Controller: The natural or legal person that determines the purposes and means of the processing of personal data.

Processing: Any operation or set of operations performed on personal data.

Contract data: Specific information relating to the formalization of an agreement between two or more parties.

Payment data: All information required for the processing of payment transactions between buyers and sellers.

AV-olution Newsletter

Subscribe