Naitec - Privacy policy

Terms for the Processing of Personal Data

As of 20.02.2025

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for which purposes, and to what extent. The privacy policy applies to all data processing activities carried out by us, both in the context of providing our services and especially on our websites, mobile applications, and within external online presences such as our social media profiles (hereinafter collectively referred to as "online offer").

The terms used are not gender-specific.

Table of Contents

Controller

Naitec GmbH

Schottengasse 10

1010 Vienna

Commercial Register Number: FN 644083g

Commercial Court: Vienna Commercial Court

Authorized Representatives:

Ing. Stepan Martin

Email Address:

info@naitec.ai

Imprint:

https://naitec.ai/legal-notice

Overview of Data Processing

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected individuals.

Types of Processed Data

Master Data

Payment Data
Location Data
Contact Data
Content Data
Contract Data
Usage Data
Meta-, Communication, and Process Data
Event Data (Facebook)

Categories of Affected Individuals

Customers
Prospects
Communication Partners
Users
Business and Contract Partners

Purposes of Processing

Provision of contractual services and customer support
Contact inquiries and communication
Security measures
Direct marketing
Reach measurement
Tracking
Office and organizational procedures
Conversion measurement
Management and response to inquiries
Feedback
Marketing
Improvement of our offerings
Legal obligations
Fraud prevention
Profiles with user-related information
Provision of our online offer and user-friendliness
Assessment of creditworthiness and solvency
Information technology infrastructure

Automated Individual Decisions

Credit report

Applicable Legal Grounds

Below is an overview of the legal grounds under the GDPR on which we process personal data. Please note that, in addition to the GDPR provisions, national data protection regulations in your or our country of residence or establishment may apply. If, in individual cases, more specific legal grounds are relevant, we will inform you about these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, override those interests.

In addition to the GDPR data protection regulations, national data protection regulations in Austria also apply. This includes in particular the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG) as well as the General Civil Code (ABGB) and the E-Commerce Act (ECG). The DSG specifically includes the constitutionally protected right to data protection (§ 1 DSG) as well as special provisions regarding the rights of the data subject (information, right to access, and the right to rectification, deletion, or restriction of processing).

In addition to the data protection provisions of the GDPR, national data protection provisions may also apply, which we also comply with.

Security Measures

We implement appropriate technical and organizational measures in accordance with the legal requirements, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying probabilities of occurrence and severity of the risks to the rights and freedoms of natural persons, to ensure an appropriate level of protection against these risks.

The measures include in particular ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and their separation. Furthermore, we have procedures in place that ensure the exercise of data subject rights, data deletion, and responses to data threats. Additionally, we consider the protection of personal data in the design or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.

TLS encryption (https): To protect the data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser ('secure connection').

Naitec GmbH does not process personal data of individuals under the age of 18 through its website and does not make commercial offers to them or attempt to contact them unless their legal representative has consented.

Transmission of Personal Data

In the course of our processing of personal data, there may be cases where the data is transmitted to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include service providers assigned to IT tasks or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and, in particular, enter into corresponding contracts or agreements that serve to protect your data.

Data transmission within the organization: We may transmit personal data to other entities within our organization or grant them access to such data. If this transfer occurs for administrative purposes, it is based on our legitimate business and economic interests or is required to fulfill our contractual obligations or when consent from the data subject or a legal permission is present.

Data Processing in Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of using services of third parties or disclosing or transferring data to other persons, entities, or companies, this will only occur in compliance with the legal requirements.

Subject to explicit consent or a contractually or legally required transfer, we process or have the data processed only in third countries with an adequate level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of Data

The data we process will be deleted in accordance with the legal requirements as soon as the consent for processing is withdrawn or other permissions cease to exist (e.g., when the purpose of processing the data is no longer relevant or the data is not necessary for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is required for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person.

Our privacy notices may further contain information regarding the retention and deletion of data that apply to the respective processing activities.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online offerings, as well as for analyzing visitor flows.

Notes on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except when it is not legally required. Consent is particularly not necessary if storing and reading the information, including cookies, is strictly necessary to provide users with a telemedia service (i.e., our online offering) they have explicitly requested. Essential cookies typically include those with functions related to displaying and running the online offering, load balancing, security, storing user preferences and choices, or similar purposes associated with providing the main and secondary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information about the respective cookie use.

Notes on Legal Bases Under Data Protection Law: The legal basis under data protection law on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is processed based on our legitimate interests (e.g., in the business operation of our online offering and improving its usability) or, if this is done to fulfill our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We inform users about the purposes for which we process cookies in the course of this privacy policy or within our consent and processing procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. Similarly, the data collected using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and the storage duration can be up to two years.

General Notes on Withdrawal and Objection (Opt-Out): Users can revoke their given consent at any time and also object to the processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g., by disabling the use of cookies (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Consent (Art. 6(1)(1)(a) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Processing of Cookie Data Based on Consent: We use a cookie consent management procedure in which users' consent to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure is obtained and can be managed and revoked by users. The consent declaration is stored to avoid having to repeat the request and to be able to prove the consent in accordance with legal obligations. The storage can be server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following notes apply: The storage duration of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, system, and device used; Legal basis: Consent (Art. 6(1)(1)(a) GDPR).

Business Services

We process data of our contractual and business partners, e.g., customers and prospective customers (collectively referred to as 'contractual partners') within the framework of contractual and similar legal relationships as well as associated measures and in the context of communication with contractual partners (or pre-contractual), e.g., to respond to inquiries.

We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in case of warranty and other performance disruptions. In addition, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as business organization. Furthermore, we process the data based on our legitimate interests in proper and business-like management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about other forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.

We inform contractual partners about the data required for the aforementioned purposes before or during data collection, e.g., in online forms, by special labeling (e.g., colors) or symbols (e.g., asterisks, etc.), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons. The statutory retention period is seven years for tax-relevant documents and commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents, other organizational documents, and accounting records. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the accounting record was created, or the other documents were created.

If we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply to the relationship between users and the providers.

Types of Data Processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., subject matter of contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status), Audio recordings (phone calls with our hotline).

Affected Persons: Customers; Prospective customers; Business and contractual partners
Purposes of Processing: Provision of contractual services and customer service; Security measures; Contact requests and communication; Office and organizational procedures; Administration and response to inquiries; Conversion measurement (measuring the effectiveness of marketing measures); Profiles with user-related information (Creating user profiles)
Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR); Legal obligation (Art. 6(1)(1)(c) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR)

Additional Notes on Processing Processes, Procedures, and Services:

Customer Account: Contractual partners can create an account within our online offering (e.g., customer or user account, referred to as 'customer account'). If the registration of a customer account is required, contractual partners will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and uses of the customer account, we store the IP addresses of customers along with the access times to prove registration and prevent misuse of the customer account. If customers terminate their customer account, the data related to the customer account will be deleted, unless retention is required for legal reasons. It is the customers' responsibility to back up their data upon termination of the customer account; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).
Business Analyses and Market Research: For business reasons and to identify market trends, wishes of contractual partners, and users, we analyze the data available to us on business transactions, contracts, inquiries, product configurations (e.g., garages, garden houses, etc.), and more, where the group of affected persons may include contractual partners, prospective customers, customers, visitors, and users of our online offering. The analyses are conducted for business evaluations, marketing, and market research purposes (e.g., to determine customer groups with different characteristics). If available, we may consider the profiles of registered users along with their details, e.g., on services used. The analyses serve only us and are not disclosed externally unless they are anonymous analyses with aggregated, i.e., anonymized values. Furthermore, we respect users' privacy and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g., as aggregated data); Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).
Shop and E-Commerce: We process our customers' data to enable them to select, configure, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for order fulfillment, we use service providers, particularly postal, freight, and shipping companies, to carry out delivery or execution to our customers. For payment processing, we use the services of banks and payment service providers. The required information is marked as such within the order or comparable purchase process and includes the information needed for delivery, provision, and billing, as well as contact information to enable any follow-up communication; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).
Craft Services: We process the data of our customers and clients (hereinafter uniformly referred to as 'customers') to enable them to select, purchase, or commission the chosen services or works and related activities, as well as their payment and delivery or execution or provision. The required information is marked as such within the order, purchase, or comparable contract conclusion and includes the information needed for delivery and billing, as well as contact information to enable any follow-up communication;
Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).

Providers and Services Used in Business Operations

In the course of our business activities, we use additional services, platforms, interfaces, or plugins from third parties (referred to as "services") in compliance with legal requirements. Their use is based on our legitimate interests in proper, lawful, and continuous oversight.

Types of Data Processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., contract subject, duration, customer category); Audio recordings (phone calls with our hotline).
Affected Persons: Customers; Prospective customers; Users (e.g., website visitors, users); Business and contractual partners.
Purposes of Processing: Provision of contractual services and customer service; Office and organizational procedures.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Credit Check

If we provide advance performance or assume comparable economic risks (e.g., when ordering on invoice), we reserve the right to obtain identity and credit information from specialized service providers (credit agencies) to assess credit risk based on mathematical-statistical methods, safeguarding our legitimate interests.

We process the information received from credit agencies regarding the statistical probability of payment default as part of a reasonable discretionary decision on the establishment, execution, and termination of the contractual relationship. We reserve the right to refuse payment on invoice or other advance performance in case of a negative credit check result.

The decision to provide advance performance is made in accordance with Art. 22 GDPR solely based on automated individual decision-making by our software, which relies on the credit agency's information.

Types of Data Processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract subject, duration, customer category); Audio recordings (phone calls with our hotline).
Affected Persons: Customers.
Purposes of Processing: Assessment of creditworthiness and solvency.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).
Automated Individual Decision-Making: Credit check.

Provision of the Online Offer and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of Data Processed: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Content data (e.g., entries in online forms).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online offer and user-friendliness (including our product configuration tools); IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Provision of Online Offer on Rented Storage Space: To provide our online offer, we use storage space, computing capacity, and software rented or otherwise obtained from a server provider (also called a "web host"); Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).
Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks) and to ensure server stability and performance; Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR); Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
Email Sending and Hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the addresses of recipients and senders, as well as other information related to email transmission (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection. Please note that emails on the internet are generally not sent encrypted. Typically, emails are encrypted during transport but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of emails between the sender and reception on our server;
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Blogs and Publication Media

We use blogs or similar means of online communication and publication (hereinafter referred to as "publication medium"). Readers' data is processed only to the extent necessary for displaying the publication medium and facilitating communication between authors and readers or for security reasons. Otherwise, we refer to the information on processing visitors to our publication medium within the scope of these privacy notices.

Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Audio recordings (phone calls with our hotline).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of contractual services and customer service; Feedback (e.g., collecting feedback via online form); Provision of our online offer and user-friendliness; Security measures; Administration and response to inquiries.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Comments and Contributions: If users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is for our security in case someone posts unlawful content (insults, prohibited political propaganda, etc.). In such cases, we may be held liable for the comment or contribution and therefore have an interest in the author's identity. Furthermore, we reserve the right, based on our legitimate interests, to process user data for spam detection. On the same legal basis, we reserve the right to store users' IP addresses during surveys and use cookies to prevent multiple votes. Personal information provided in comments and contributions, including contact and website details, as well as content-related information, will be stored permanently until the user objects; Legal basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and in the context of existing user and business relationships, the data of the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested actions.

Types of Data Processed: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected Persons: Communication partners.
Purposes of Processing: Contact inquiries and communication; Administration and response to inquiries; Feedback (e.g., collecting feedback via online form); Provision of our online offer and user-friendliness.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data provided to handle the reported matter;
Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(1)(b) GDPR), Legitimate interests (Art. 6(1)(1)(f) GDPR).

Newsletters and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "newsletters") only with the recipients' consent or legal permission. If the contents of the newsletter are specifically described during registration, they are decisive for the users' consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, providing your email address is generally sufficient. However, we may ask you to provide a name for personal salutation or other details if necessary for the purposes of the newsletter.

Double-Opt-In Procedure: Newsletter registration generally follows a double-opt-in procedure. After registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent unauthorized registrations. Newsletter registrations are logged to prove compliance with legal requirements, including storing the registration and confirmation times and the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to prove previously given consent. Processing of this data is limited to the purpose of defending against potential claims. Individual deletion requests can be made at any time, provided the prior existence of consent is confirmed. In cases of permanent objection obligations, we reserve the right to store the email address solely for this purpose on a blocklist.

The logging of the registration process is based on our legitimate interests to prove its proper execution. If we use a service provider for email dispatch, this is based on our legitimate interests in an efficient and secure mailing system.

Contents:

Information about us, our services, promotions, and offers.

Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); Usage data (e.g., visited websites, interest in content, access times); Audio recordings (phone calls with our hotline).
Affected Persons: Communication partners; Users (e.g., website visitors, users of online services).
Purposes of Processing: Direct marketing (e.g., via email or postal mail); Provision of contractual services and customer service.
Legal Bases: Consent (Art. 6(1)(1)(a) GDPR).
Opt-Out Option: You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe is provided at the end of each newsletter, or you can use one of the contact methods mentioned above, preferably email.

Additional Notes on Processing Processes, Procedures, and Services:

Measurement of Open and Click Rates: Newsletters contain a "web beacon," a pixel-sized file retrieved from our server or the server of our mailing service provider when the newsletter is opened. Technical information, such as browser and system details, your IP address, and the time of retrieval, is collected. This data is used for technical improvements to our newsletter, analyzing target groups and reading behavior based on retrieval locations (determinable via IP address) or access times. This analysis also determines whether newsletters are opened, when they are opened, and which links are clicked. This information is assigned to individual recipients and stored in their profiles until deletion. Evaluations help us understand user reading habits and tailor content or send different content based on user interests. Legal basis: Consent (Art. 6(1)(1)(a) GDPR).
Condition for Free Services: Consent to receive mailings may be a prerequisite for accessing free services (e.g., certain content or participation in promotions). If users wish to use the free service without subscribing to the newsletter, we ask them to contact us.

Commercial Communication via Email, Mail, Fax, or Telephone

We process personal data for commercial communication purposes, which may occur via various channels such as email, telephone, mail, or fax, in compliance with legal requirements.

Recipients have the right to revoke given consent or object to commercial communication at any time.

After revocation or objection, we store the data required to prove prior authorization for contact or dispatch for up to three years after the end of the year of revocation or objection, based on our legitimate interests. Processing of this data is limited to the purpose of defending against potential claims. To permanently respect user objections (legitimate interest), we also store data necessary to prevent renewed contact (e.g., email address, phone number, name, depending on the communication channel).

Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Audio recordings (phone calls with our hotline).
Affected Persons: Communication partners.
Purposes of Processing: Direct marketing (e.g., via email or postal mail).
Legal Bases: Consent (Art. 6(1)(1)(a) GDPR); Legitimate interests (Art. 6(1)(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") evaluates visitor flows to our online offering and may include behavioral, interest-based, or demographic information about visitors, such as age or gender, as pseudonymized values. Reach analysis helps us identify peak usage times for our online offering or its features/content and areas needing optimization.

In addition to web analysis, we may use testing methods (e.g., A/B testing) to evaluate and optimize different versions of our online offering.

Unless stated otherwise, profiles (aggregated usage data) may be created for these purposes, and information may be stored in browsers or devices. Collected data includes visited webpages, interacted elements, technical details (browser, OS, hardware), and usage times. With user consent, location data may also be processed.

User IP addresses are stored but pseudonymized (masked) for protection. Typically, no raw user data (e.g., emails or names) is stored—only pseudonyms. Neither we nor third-party providers know users' actual identities, only profile data relevant to the analysis.

Types of Data Processed: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected Persons: Users (e.g., website visitors, online service users).
Purposes of Processing: Reach measurement (e.g., access statistics, recognizing returning visitors); Profiles with user-related information (creating user profiles); Tracking (e.g., interest/behavior-based profiling, cookie usage); Provision and usability of our online offering.
Security Measures: IP masking (pseudonymization of IP addresses).
Legal Bases: Consent (Art. 6(1)(1)(a) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Google Analytics: Web analysis and reach measurement; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Art. 6(1)(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Standard Contractual Clauses (ensuring data protection for third-country transfers): https://business.safety.google/adsprocessorterms; Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de, Ad Display Settings: https://adssettings.google.com/authenticated; Further Information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).

Customer Reviews and Rating Procedures

We participate in review and rating procedures to evaluate, optimize, and promote our services. When users rate us via partnered platforms or provide feedback, the providers' terms and privacy policies apply. Ratings typically require registration with the provider.

To verify that reviewers have actually used our services, we transmit necessary customer and service data (name, email, order/item number) to the rating platform with customer consent. This data is used solely for authenticity verification.

Types of Data Processed: Contract data (e.g., contract subject, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected Persons: Customers; Users (e.g., website visitors, online service users).
Purposes of Processing: Feedback (e.g., collecting feedback via online form); Marketing.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Rating Widgets: We integrate "rating widgets" (dynamic elements displaying reviews). Widget content is fetched from provider servers, transmitting technical data (IP address, access details) for delivery. Providers may store pseudonymized data in cookies for tracking visited platforms and use it for advertising/market research; Legal Basis: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Social Media Presence

We maintain online presences on social networks to communicate with users and provide information about us.

User data may be processed outside the EU, potentially complicating rights enforcement.

Social networks typically process user data for market research and advertising, creating usage profiles to display targeted ads. Cookies store behavioral and interest data, with profiles often spanning devices (for logged-in members).

For detailed processing methods and opt-out options, refer to the respective network's privacy policies.

While users should direct requests to providers, we offer assistance if needed.

Types of Data Processed: Contact data (e.g., email, phone numbers); Content data (e.g., online form entries); Usage data; Meta, communication, and procedural data.
Affected Persons: Users (e.g., website visitors, online service users).
Purposes of Processing: Contact requests and communication; Feedback; Marketing.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Instagram: Social network; Service Provider: Meta Platforms Ireland Limited, Dublin 2, Ireland; Legal Basis: Legitimate interests (Art. 6(1)(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
Facebook Pages: Jointly responsible with Meta for "Page Insights" data collection; Service Provider: Meta Platforms Ireland Limited; Agreements: https://www.facebook.com/legal/terms/page_controller_addendum; Privacy Policy: https://www.facebook.com/about/privacy.
LinkedIn: Social network; Service Provider: LinkedIn Ireland Unlimited Company, Dublin 2, Ireland; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest: Social network; Service Provider: Pinterest Europe Ltd., Dublin, Ireland.
X (formerly Twitter): Social network; Service Provider: Twitter International Unlimited Company, Dublin, Ireland.
YouTube: Social network/video platform; Service Provider: Google Ireland Limited.
Xing: Social network; Service Provider: New Work SE, Hamburg, Germany.

Plugins and Embedded Content

We integrate functional/content elements (e.g., graphics, videos, maps) from third-party servers. Embedding requires processing user IP addresses for delivery.

Third parties may use pixel tags (web beacons) for statistical/marketing purposes, evaluating visitor behavior. Pseudonymized data may be stored in cookies and combined with other sources.

Types of Data Processed: Usage data; Meta, communication, and procedural data; Inventory data; Contact data; Content data; Location data; Event data (Facebook).
Affected Persons: Users (e.g., website visitors, online service users).
Purposes of Processing: Provision and usability of our online offering; Marketing; User profiles.
Legal Bases: Legitimate interests (Art. 6(1)(1)(f) GDPR); Consent (Art. 6(1)(1)(a) GDPR).

Additional Notes on Processing Processes, Procedures, and Services:

Facebook Plugins/Content: Joint responsibility with Meta for "Event Data"; Agreements: https://www.facebook.com/legal/controller_addendum.
Google Fonts: Font delivery; Service Provider: Google Ireland Limited.
Google Maps: Map integration; Service Provider: Google Cloud EMEA Limited.
Instagram Plugins/Content: Similar joint responsibility as Facebook.
LinkedIn Plugins/Content: Social sharing features.
Pinterest Plugins/Content: Social sharing features.
X Plugins/Content: Social sharing features.
YouTube Videos: Standard video embedding.
YouTube Videos (Privacy-Enhanced Mode): No-cookie domain embedding with limited tracking.

Changes and Updates to the Privacy Policy

We encourage regular review of our privacy policy. Updates reflect changes in data processing practices. We will notify you if changes require action (e.g., renewed consent).

Please verify company/organization contact details before use, as they may change over time.

Rights of Data Subjects

Under GDPR (Articles 15-21), you have the following rights:

Right to Object: You may object to processing based on legitimate interests (Art. 6(1)(e/f) GDPR), including profiling. For direct marketing, objections always apply.
Right to Withdraw Consent: You may revoke given consent at any time.
Right of Access: Request confirmation of whether your data is processed and obtain a copy.
Right to Rectification: Request completion or correction of inaccurate data.
Right to Erasure/Restriction: Request deletion or restricted processing under legal conditions.
Right to Data Portability: Receive your provided data in a structured, machine-readable format.
Right to Lodge a Complaint: File complaints with a supervisory authority, especially in your EU residence country.

Supervisory Authority Responsible for Us:

Austrian Data Protection Authority

Barichgasse 40-42

1030 Vienna

Tel: +43 1 52 152-0

Email: dsb@dsb.gv.at

https://dsb.gv.at

Definitions

This section explains key terms used in this policy, primarily drawn from Article 4 GDPR. Definitions are alphabetical.

Credit Check: Automated decisions without human intervention (e.g., rejecting invoice purchases). Permitted under Art. 22 GDPR only with consent, contractual necessity, or legal authorization.
Conversion Measurement: Evaluating marketing effectiveness (e.g., via cookies tracking ad success).
Personal Data: Any information relating to an identified/identifiable natural person (e.g., names, IDs, location, online identifiers).
Profiling: Automated processing to analyze/predict personal aspects (demographics, behavior, interests). Often uses cookies/web beacons.
Reach Measurement: Web analytics evaluating visitor flows (e.g., via pseudonymized cookies).
Location Data: Geographic position data from mobile/Wi-Fi signals, used for maps/location-based services.
Tracking: Monitoring user behavior across online services (e.g., via cookies/profiling for targeted ads).
Controller: Entity determining purposes/means of processing personal data.
Processing: Any operation performed on personal data (collection, storage, use, etc.).

Navigation

Where to buy

Support

Contact

Legal Notice

Billing information

Naitec GmbH

Schottengasse 10

1010 Wien

Österreich

Contact

info@naitec.ai

AT: +43 650 2749692

HU: +36 20 777 4477

SK: +421 917 142 089

Navigation

Where to buy

Support

Contact

info@naitec.ai

AT: +43 650 2749692

HU: +36 20 777 4477

SK: +421 917 142 089

Products

Where to buy

Support

Contact