Introduction

This privacy policy provides an overview of how we process your personal data (hereinafter referred to as “data”), for what purposes, and to what extent. It applies to all data processing operations carried out by us, both in the context of our services and on our websites, mobile apps, and external online presences, such as our social media profiles (collectively referred to as “online offering”).

The terms used are to be understood as gender-neutral.

Effective Date: June 4, 2024

Table of Contents

1. Introduction
2. Data Controller
3. Overview of Processing Activities
4. Legal Basis
5. Security Measures
6. Data Transfer
7. International Data Transfers
8. Data Retention and Deletion
9. Rights of Data Subjects
10. Business Services
11. Online Offering and Web Hosting
12. Cookies
13. Blogs and Publications
14. Contact and Inquiry Management
15. Newsletters and Notifications
16. Marketing Communication
17. Web Analytics and Optimization
18. Online Marketing
19. Customer Reviews
20. Social Media
21. Plugins and Content

Data Controller

Nackad GmbH
Mexikoplatz 20
1020 Vienna, Austria
Email: [Contact Email]
Phone: [Contact Phone Number]

1. Introduction

This privacy policy aims to provide you as a user with clarity about what data we collect from you, for what purpose, and how we handle this data. Our privacy policy complies with the provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

2. Data Controller

The data controller for data processing under the GDPR is Nackad GmbH, Mexikoplatz 20, 1020 Vienna, Austria. For data protection inquiries, you can contact us by email at [Contact Email] or by phone at [Contact Phone Number].

3. Overview of Processing Activities

We process your data to provide our services. This includes the following processing activities:

• Collection and storage of IP addresses to improve website performance and security.
• Use of cookies for analyzing and optimizing our online offerings.
• Sending newsletters and notifications with prior consent.
• Processing contact inquiries and managing customer relationships.
• Conducting web analyses and marketing measures to improve our services.

4. Legal Basis

The processing of your data is based on the following legal grounds:

• Consent (Art. 6 para. 1 lit. a GDPR): Your explicit consent to process certain data, e.g., for receiving newsletters.
• Contract performance (Art. 6 para. 1 lit. b GDPR): Processing is necessary to fulfill a contract, e.g., providing services.
• Legal obligation (Art. 6 para. 1 lit. c GDPR): We are legally required to process certain data, e.g., to comply with tax regulations.
• Legitimate interests (Art. 6 para. 1 lit. f GDPR): Processing is carried out to safeguard our legitimate interests, e.g., the security of our IT systems or direct marketing.

5. Security Measures

We take appropriate technical and organizational measures to protect your data against loss, misuse, and unauthorized access. This includes, among other things:

• Encryption: Using SSL/TLS encryption for data transmission.
• Access controls: Restricting access to your data to authorized personnel.
• Security checks: Regular review and updating of our security measures.

6. Data Transfer

Your data will only be transferred to third parties under the following conditions:

• Contract performance: To service providers who assist us in providing our services (e.g., payment processors, hosting providers).
• Legal obligations: To authorities or other public bodies if we are legally required to do so.
• Legitimate interests: To business partners within the framework of legitimate interests, e.g., for marketing purposes.

7. International Data Transfers

If data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

• Adequacy decisions: Data transfers to countries where the EU Commission has determined an adequate level of data protection.
• Standard contractual clauses: Using EU Commission-approved standard contractual clauses.
• Binding corporate rules: Data protection policies approved by data protection authorities and applicable within multinational corporate groups.

8. Data Retention and Deletion

Your data will only be retained for as long as necessary for the respective processing purposes or as required by law. After the retention periods expire, the data will be deleted or anonymized. Examples of retention periods:

• Contract performance: Data is stored for the duration of the contractual relationship and beyond for the duration of statutory retention obligations (e.g., tax and commercial laws).
• Consent: Data processed based on your consent is stored until you withdraw your consent.

9. Rights of Data Subjects

You have the following rights regarding your data:

• Right of access: You can request information about the data we process about you.
• Right to rectification: You can request the correction of incorrect or incomplete data stored by us.
• Right to deletion: You can request the deletion of your data, provided there are no legal retention obligations.
• Right to restrict processing: You can request the restriction of the processing of your data.
• Right to data portability: You can request that we transfer your data in a structured, commonly used, and machine-readable format.
• Right to object: You can object to the processing of your data if it is based on legitimate interests.

10. Business Services

We process the data of our customers, suppliers, and business partners within the framework of our business services. This includes, among other things, the management of customer accounts, the processing of orders and payments, and the provision of services. This processing is based on Art. 6 para. 1 lit. b GDPR (contract performance) and Art. 6 para. 1 lit. f GDPR (legitimate interests).

11. Online Offering and Web Hosting

Our online offering is hosted by external service providers who process data on our behalf within the scope of their services. These service providers are contractually obligated to comply with data protection regulations. We specifically use providers that can ensure a high level of data security and confidentiality.

12. Cookies

We use cookies to make our online offering more user-friendly, effective, and secure. Cookies are small text files stored on your device that contain certain information. The use of cookies is based on Art. 6 para. 1 lit. f GDPR (legitimate interests). You can prevent the storage of cookies by configuring your browser software accordingly, but this may limit the functionality of our website.

13. Blogs and Publications

When you leave comments or other contributions on our blogs, your IP address and email address are stored based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) to respond in the event of legal violations. This data will be deleted as soon as it is no longer required for the purpose of collection.

14. Contact and Inquiry Management

When you contact us (e.g., via contact form, email, phone, or social media), your details are processed to handle the contact inquiry and its processing (Art. 6 para. 1 lit. b GDPR). Your details may be stored in a Customer Relationship Management System (“CRM System”) or similar inquiry organization.

15. Newsletters and Notifications

We send newsletters, emails, and other electronic notifications with promotional information only with the consent of the recipients or a legal permission (Art. 6 para. 1 lit. a GDPR). Subscription to our newsletter is carried out in a double opt-in process. You can cancel the receipt of the newsletter at any time, i.e., withdraw your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter.

16. Marketing Communication

Your data may be used for advertising purposes unless you object (Art. 6 para. 1 lit. f GDPR). This includes both the sending of advertising materials by post and by email or phone. If you no longer wish to receive advertising from us, you can object to the use of your data for this purpose at any time. The objection is free of charge and can be made via one of the contact methods specified in our advertising communications.

17. Web Analytics and Optimization

To continuously improve and optimize our online offering, we use various analysis tools. These tools collect data about user behavior on our website. The collected data may include your IP address, the pages visited, the time spent on individual pages, and the use of links and forms. This processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). The data collected helps us improve the user experience on our website and optimize our marketing strategies. You can object to the use of your data for analysis purposes at any time.

18. Online Marketing

We employ online marketing measures to promote our online offering and increase our reach. Data such as your IP address, visited websites, interests, and user behavior may be processed. This data is collected and evaluated using cookies and tracking technologies. The processing is based on your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interests (Art. 6 para. 1 lit. f GDPR). You can withdraw your consent or object to the use of your data at any time.

19. Customer Reviews

We offer our customers the opportunity to provide reviews of our services and products. These reviews are published on our website and may include the name or a pseudonym of the author. Publication is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time, after which we will remove the review from our website.

20. Social Media

We maintain online presences on social networks and platforms to communicate with our customers, interested parties, and users and inform them about our services. When using these platforms, the terms and conditions and privacy policies of the respective providers apply. User data may be processed outside the European Economic Area, which can pose risks for users. Data processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). When users communicate with us via social media, we process their information to respond to inquiries.

21. Plugins and Content

Our online offerings may include functions and content from third parties, such as videos, maps, or social network buttons. These integrations require that the providers of these contents perceive the IP address of the users. Without the IP address, they could not send the content to the user’s browser. The IP address is therefore required for displaying these contents. The integration is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in optimizing and economically operating our online offering.

22. Google Fonts

Our website uses fonts from “Google Fonts”. The service provider of this function is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Phone: +353 1 543 1000

When you access this website, your browser loads fonts and stores them in the cache. As a visitor to the website, you may receive data from the service provider, and Google may set or analyze cookies on your computer.

The use of “Google Fonts” serves to optimize our service and provide a uniform display of content. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

For more information about Google Fonts, please visit the following link:

https://developers.google.com/fonts/faq

For more information on how Google handles user data, you can view their privacy policy at:

https://policies.google.com/privacy?hl=en

Google also processes data in the USA but complies with the EU-US Privacy Shield.

https://www.privacyshield.gov/EU-US-Framework

Closing Remarks

We reserve the right to adjust this privacy policy to comply with changed legal situations or in the event of changes to the service and data processing. Users are therefore advised to regularly inform themselves about the content of the privacy policy. If user consents are required or if components of the privacy policy contain provisions of the contractual relationship with users, the changes will only be made with the users’ consent.

For further information or questions about data protection, we are happy to assist you via the specified contact options.