Preamble

The following privacy policy aims to inform you about the types of personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent, in connection with the provision of our application.

The terms used are not gender-specific.

Effective date: July 29, 2025

Table of Contents

• Preamble
• Controller
• Contact Data Protection Officer
• Overview of Processing
• Representative in the European Union
• Relevant Legal Bases
• Security Measures
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of Online Services and Web Hosting
• Use of Cookies
• Blogs and Publications
• Contact and Request Management
• Web Analysis, Monitoring, and Optimization
• Online Marketing
• Affiliate Programs and Links
• Plug-ins and Embedded Content

Controller

Michael Kauf
anfrage@easig.at

Contact Data Protection Officer

Representative in the European Union

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and the categories of data subjects.

Types of Data Processed

• Inventory data
• Contact data
• Content data
• Contract data
• Usage data
• Meta, communication, and procedural data
• Log data

Categories of Data Subjects

• Interested parties
• Communication partners
• Users

Purposes of Processing

• Communication
• Security measures
• Audience measurement
• Tracking
• Conversion measurement
• Audience segmentation
• Affiliate tracking
• Organizational and administrative procedures
• Feedback
• Marketing
• User profiling
• Provision of our online service and user experience
• IT infrastructure

Relevant Legal Bases

Legal bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or business. If specific legal bases apply in individual cases, we will inform you of these in this privacy policy.

• Consent (Art. 6(1)(a) GDPR): The data subject has given consent to the processing of personal data for one or more specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Austria: In addition to the GDPR, national data protection laws apply in Austria, particularly the Data Protection Act (DSG). The DSG contains specific provisions regarding the right to access, rectification, or erasure of data, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to individuals’ rights and freedoms, to ensure a level of security appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation. In addition, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider data protection in the development or selection of hardware, software, and procedures in accordance with the principles of data protection by design and by default.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transfer on the Internet. These technologies encrypt the information exchanged between the website or app and the user’s browser (or between two servers), protecting it from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. A website secured with an SSL/TLS certificate is indicated by the presence of HTTPS in the URL, which signals to users that their data is transmitted securely and encrypted.

General Information on Data Storage and Deletion

We delete personal data in accordance with legal requirements as soon as the consents on which processing was based are revoked or other legal grounds for processing no longer apply. This includes situations where the original purpose of processing no longer applies or the data is no longer needed. Exceptions apply if legal obligations or special interests require longer retention or archiving of the data.

This includes data that must be retained for commercial or tax purposes or is necessary for legal claims or protecting the rights of other natural or legal persons.

Our privacy notices include additional information about retention and deletion of data that applies to specific processing operations.

If multiple retention periods or deletion deadlines apply to a specific piece of data, the longest period shall apply. Data that is no longer processed for its original purpose but is retained for legal or other reasons will be processed solely for those justified purposes.

Retention and deletion periods under Austrian law:

• 10 years: Retention period for books and records, annual financial statements, inventories, management reports, opening balances, accounting records and invoices, and other required work instructions and organizational documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
• 6 years: Other business documents, including business correspondence received or copies of sent correspondence relevant for tax purposes, time sheets, cost accounting documents, price calculations, and payroll documentation not already included in accounting records (BAO §132, UGB §§190-212).
• 3 years: Data necessary to consider potential warranty and compensation claims or similar contractual claims and related inquiries, based on previous business experience and standard industry practices, stored for the duration of the general statutory limitation period (§§ 1478, 1480 ABGB).

Rights of Data Subjects

Data subject rights under the GDPR: As a data subject, you are entitled to various rights under the GDPR, particularly Articles 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent given at any time.
• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, access to that data and further information in accordance with legal requirements.
• Right to rectification: You have the right to request the correction of inaccurate data concerning you and the completion of incomplete data in accordance with legal requirements.
• Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without undue delay, or alternatively, to request a restriction of processing of such data.
• Right to data portability: You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller, where technically feasible.
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Provision of Online Services and Web Hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Types of Data Processed:

• Content data (e.g., entries in online forms)
• Usage data (e.g., visited websites, interest in content, access times)
• Meta, communication, and procedural data (e.g., IP addresses, timestamps)
• Log data

Data Subjects:

• Users (e.g., visitors to the website, users of online services)

Purposes of Processing:

• Provision of our online services and user experience
• Information technology infrastructure (operation and provision of IT systems and devices)

Legal Bases:

• Legitimate interests (Art. 6(1)(f) GDPR)

Use of Cookies

The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies can be used for various purposes, such as ensuring the functionality, security, and user-friendliness of online services, as well as analyzing visitor flows. We use cookies in accordance with legal requirements. Where necessary, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and accessing information is essential to provide explicitly requested content and functionalities. This includes storing preferences or ensuring the functionality and security of our online services. Consent can be withdrawn at any time. We clearly inform users about the scope and use of cookies.

Legal basis information under data protection law: Whether we process personal data using cookies depends on whether user consent has been obtained. If consent is given, it forms the legal basis. Without consent, we rely on our legitimate interests, which are described in this section and in the context of specific services and procedures.

Storage duration: With regard to storage duration, we distinguish between the following types of cookies:

• Temporary cookies (also: session cookies): These are deleted at the latest when a user leaves the online service and closes their device (e.g., browser or mobile app).
• Persistent cookies: These remain stored even after the device is closed. For example, login status can be saved, or preferred content shown directly when the user revisits a website. The data collected via cookies may also be used for reach measurement. Unless we provide specific information about cookie type and duration (e.g., when requesting consent), users should assume that cookies are persistent and may be stored for up to two years.

General information about withdrawal and objection (opt-out): Users can withdraw their given consents at any time and object to processing in accordance with legal requirements—this can also be done via browser privacy settings.

• Types of data processed: Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Further notes on processing, procedures, and services:

• Processing of cookie data based on consent: We use a consent management solution to obtain users’ consent for the use of cookies or for the procedures and providers mentioned in the context of the consent management solution. This process is used to collect, record, manage, and revoke consent—particularly regarding the use of cookies and similar technologies for storing, accessing, and processing information on user devices. The user’s consent is obtained for cookie use and related data processing, including the specific procedures and providers listed in the consent management system. Users can manage and revoke their consents at any time. Consent declarations are stored to avoid re-requesting and to comply with legal proof obligations. Storage takes place server-side and/or in a cookie (called an opt-in cookie) or via similar technology to associate the consent with a specific user or device. If no specific providers are mentioned, the following general information applies: Consent may be stored for up to two years. A pseudonymous user ID is generated and stored along with the time of consent, scope of consent (e.g., cookie categories and/or providers), and information about the browser, system, and device used; Legal basis: Consent (Art. 6(1)(a) GDPR).

Blogs and Publishing Media

We use blogs or similar forms of online communication and publication (hereinafter “publishing media”). The data of readers is processed for purposes of the publishing media only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Additionally, we refer to the general information in this privacy policy regarding the processing of visitor data.

• Types of data processed: Inventory data (e.g., full name, address, contact information, customer number); contact data (e.g., postal and email addresses, telephone numbers); content data (e.g., written or visual posts and related metadata, such as author and timestamp); usage data (e.g., page views, dwell time, click paths, frequency of use, device type and OS, interaction with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, IDs, involved persons).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Feedback (e.g., collecting feedback via online forms); provision of our online offering and user experience; security measures.
• Retention and deletion: Deletion as described in the section “General Information on Data Retention and Deletion”.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further notes on processing, procedures, and services:

• UpdraftPlus: Backup software and backup storage; Service provider: Simba Hosting Ltd., 11 Barringer Way, St. Neots, Cambs., PE19 1LW, UK; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://updraftplus.com/; Privacy Policy: https://updraftplus.com/data-protection-and-privacy-centre/.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media), and within the context of existing user and business relationships, we process the information of the inquiring individuals to the extent necessary to respond to contact requests and any requested actions.

• Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts as well as related information, such as authorship or time of creation); usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
• Data subjects: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online services and user-friendliness.
• Storage and deletion: Deletion in accordance with the section “General Information on Data Storage and Deletion”.
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Additional information on processing procedures and services:

• Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data provided to respond to and handle the respective request. This typically includes data such as name, contact details, and any other information required for proper handling. These data are used solely for the specified purpose of contact and communication.
  Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Web Analysis, Monitoring and Optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate visitor flows of our online offering and can include pseudonymous data about user behavior, interests, or demographic information (e.g., age or gender). With reach analysis, we can determine the most frequently used times, content, or features of our services, and identify areas in need of improvement.

We may also use testing procedures to optimize different versions of our online offering or components.

Unless stated otherwise, profiles may be created for these purposes, and information may be stored and read in a browser or device. Collected data may include visited websites, used elements, technical details (browser, OS), and time of usage. If location data collection is consented to, this may also be processed.

IP addresses are also stored, but we use IP masking (i.e., pseudonymization via IP truncation). Generally, no clear personal data (e.g., names or email addresses) is stored for web analytics, A/B testing, or optimization—only pseudonymous information is used.

Legal basis: Where user consent is obtained, processing is based on that consent. Otherwise, data is processed based on our legitimate interests (efficient, economical, and user-friendly services). Please refer to our cookie notice in this privacy policy.

• Types of data processed: Usage data; meta, communication, and procedural data.
• Data subjects: Users (e.g., website visitors).
• Purposes of processing: Reach measurement; user profiles; provision and optimization of online services.
• Storage and deletion: Deletion in accordance with “General Information on Data Storage and Deletion”; cookies may be stored for up to 2 years.
• Security measures: IP masking.
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional tools and services:

• Google Analytics: We use Google Analytics to analyze usage based on a pseudonymous user ID, which does not contain clear data like names or email addresses. It allows the analysis of user behavior across sessions and devices. EU users’ IP addresses are not logged but are anonymized (IP masking) before processing. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)
  Privacy Policy: https://policies.google.com/privacy
  Data Processing Terms: https://business.safety.google/adsprocessorterms/
  Opt-out: https://tools.google.com/dlpage/gaoptout?hl=en

Online Marketing

We process personal data for online marketing purposes, such as displaying advertising content tailored to users’ potential interests and measuring their effectiveness.

User profiles are created and stored in cookies or similar technologies. These profiles may include viewed content, visited websites, device and system information, time of use, etc. If users have given consent for location tracking, this data may also be processed.

IP addresses are pseudonymized using IP masking. Clear personal data (e.g., email addresses) is not used.

Cookies may be read across sites using the same marketing technology, which enables analysis and enhancement of advertising efforts.

In rare cases, if users are part of a social network using the same marketing tech, personal profiles may be linked, depending on the user’s agreements with that provider.

We only receive aggregated data for ad performance (conversion tracking).

• Storage and deletion: Cookies may be stored for up to 2 years.
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Opt-out options:

• Europe: https://www.youronlinechoices.eu
• Canada: https://www.youradchoices.ca/choices
• USA: https://www.aboutads.info/choices
• Global: https://optout.aboutads.info

Additional services:

• Google Ads & Conversion Tracking
• Google AdSense with personalized ads

Providers, legal bases, and links for more information are the same as in the Google Analytics section.

Affiliate Programs and Affiliate Links

We include affiliate links or references to third-party offers and services (e.g., search forms, widgets, discount codes). If users follow these links and use the offers, we may receive a commission or benefit.

To track this, third-party providers must be able to identify that the user followed a link from our site. Affiliate links may include values such as the referrer, time, user ID, type of offer, etc.

• Legal basis: Consent or Legitimate interests.
• Purposes of processing: Affiliate tracking.
• Data types processed: Contract data, usage data, meta data.

Plug-ins and Embedded Functions/Content

We incorporate third-party functions/content (e.g., graphics, videos, maps), which require processing of users’ IP addresses.

Third-party services may also use pixel tags and store pseudonymous information in cookies to analyze traffic or user behavior. Data may include browser/OS, referring websites, time, etc.

• Legal basis: Consent or Legitimate interests.
• Data types: Usage data, meta data.
• Storage: Cookies may be stored for up to 2 years.

Example: Google Fonts

Used for consistent and legally compliant display of fonts. Google receives the user’s IP and technical data. No IP addresses are logged or analyzed, according to Google.

Provider: Google Ireland Limited
Legal basis: Legitimate interests
Privacy Policy: https://policies.google.com/privacy
More info: https://developers.google.com/fonts/faq/privacy?hl=en

Legal Notice Generator Source:
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke