Privacy Policy

1. General infor­ma­tion on data protection

1.1 Person responsible

ESBC — European Systemic Business Competences GmbH
Contact per­son: Ewald Wandas
Frankgasse 1/Top 3
1090 Vienna

Tel. +43/1/89 70 160

1.2 Supervisory Authority as Complaints Authority

In the event of a com­plaint to be sub­mit­ted by you via the web­site, the Data Protection Authority is the com­pe­tent super­vi­sory aut­ho­rity and can be cont­ac­ted as follows:

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna

Telephone: +43 1 52 152–0


2. In general

What the terms used, such as “per­so­nal data” or their “pro­ces­sing” mean, can be found in Article 4 of the EU General Data Protection Regulation (GDPR).

3. types of data processed

  • Inventory data (e.g., names, addresses).
  • Contact data (e.g., email, phone numbers).
  • Content data (e.g., text ent­ries, pho­to­graphs, videos).
  • Usage data (e.g., web pages visi­ted, inte­rest in con­tent, access times).
  • Meta/communication data (e.g., device infor­ma­tion, IP addresses).

4. Persons concerned

Visitors and users of the online offer (her­ein­af­ter we also refer to the data sub­jects coll­ec­tively as “users”).

5. Purpose of processing

  • Provision of the online offer, its func­tions and contents
  • Answering cont­act requests and com­mu­ni­ca­tion with users
  • Security mea­su­res
  • Reach measurement/marketing

6. Privacy Policy

We gua­ran­tee that your data will only be coll­ec­ted, pro­ces­sed, stored and used in con­nec­tion with the hand­ling of your inqui­ries and for inter­nal pur­po­ses as well as to pro­vide ser­vices reques­ted by you or to make con­tent available.

6.1 Basics of data processing

We pro­cess users’ per­so­nal data only in com­pli­ance with the rele­vant data pro­tec­tion regu­la­ti­ons. The user’s data will only be pro­ces­sed if the fol­lo­wing legal requi­re­ments are met:

  • in order to pro­vide con­trac­tual ser­vices (e.g. pro­ces­sing of orders) and online services
  • pro­ces­sing is requi­red by law
  • with your consent
  • on the basis of legi­ti­mate inte­rests (i.e. inte­rest in the ana­ly­sis, opti­miza­tion and eco­no­mic ope­ra­tion and secu­rity of our online offer within the mea­ning of Art. 6 para. 1 lit. f. DSGVO, in par­ti­cu­lar in the case of coverage mea­su­re­ment, crea­tion of pro­files for adver­ti­sing and mar­ke­ting pur­po­ses, and coll­ec­tion of access data and use of third-party services).

We would like to show you where the above legal bases are regu­la­ted in the DSGVO:

Consent Art. 6 para. 1 lit. a. and Art. 7 DSGVO.
Processing for the ful­fill­ment of our ser­vices and imple­men­ta­tion of con­trac­tual mea­su­res: Art. 6 para. 1 lit. b. DSGVO
Processing for the ful­fill­ment of our legal obli­ga­ti­ons: Art. 6 para. 1 lit. c. DSGVO
Processing for the pro­tec­tion of our legi­ti­mate inte­rests: Art. 6 para. 1 lit. f. DSGVO

6.2 Data trans­fer to third parties

Data is only pas­sed on to third par­ties within the frame­work of legal requi­re­ments. We only pass on users’ data to third par­ties if this is neces­sary, for exam­ple, for con­trac­tual pur­po­ses or on the basis of legi­ti­mate inte­rests in the eco­no­mic and effec­tive ope­ra­tion of my business.

If we use sub­con­trac­tors or other pro­ces­sors to pro­vide ser­vices, we take appro­priate legal pre­cau­ti­ons and tech­ni­cal and orga­niza­tio­nal mea­su­res to ensure the pro­tec­tion of per­so­nal data in accordance with the rele­vant legal provisions.

6.3 Data trans­fer to a third coun­try or an inter­na­tio­nal organization

Third count­ries are count­ries in which the GDPR is not directly appli­ca­ble law. This basi­cally includes all count­ries out­side the EU or the European Economic Area.

A data trans­fer to a third coun­try or inter­na­tio­nal orga­niza­tion will only take place if it takes into account that appropriate/adequate safe­guards are in place and that enforceable rights and effec­tive reme­dies are available to you.

For a copy of the appro­priate safe­guards, please see the links below:

Privacy Shield:
Standard Contractual Clauses:
6.4 Retention Period of Your Personal Data

We adhere to the prin­ci­ples of data mini­miza­tion and data avo­id­ance. This means that we only store the data you pro­vide to us for as long as is neces­sary to ful­fill the afo­re­men­tio­ned pur­po­ses or as spe­ci­fied by the various sto­rage peri­ods pro­vi­ded for by law. If the respec­tive pur­pose cea­ses to apply or after expiry of the cor­re­spon­ding peri­ods, your data will be rou­ti­nely blo­cked or dele­ted in accordance with the sta­tu­tory provisions.

6.5 Rights of the data subjects

You have the right to request con­fir­ma­tion as to whe­ther data in ques­tion is being pro­ces­sed and to infor­ma­tion about this data, as well as fur­ther infor­ma­tion and a copy of the data in accordance with Art. 15 DSGVO.

You have accor­ding to. Art. 16 DSGVO the right to request the com­ple­tion of the data con­cer­ning you or the cor­rec­tion of incor­rect data con­cer­ning you.

You have the right, in accordance with Art. 17 DSGVO, to demand that data con­cer­ning you be dele­ted wit­hout delay, or alter­na­tively, in accordance with Art. 18 DSGVO, to demand rest­ric­tion of the pro­ces­sing of the data.

You have the right to request that the data con­cer­ning you that you have pro­vi­ded to me be recei­ved in accordance with Art. 20 DSGVO and to request that it be trans­fer­red to other data controllers.

6.6 Right of revocation

You have the right to revoke given cons­ents accor­ding to Art. 7 (3) DSGVO with effect for the future.

6.7 Right of objection

You may object to the future pro­ces­sing of data con­cer­ning you in accordance with Art. 21 DSGVO at any time. The objec­tion can be made in par­ti­cu­lar against the pro­ces­sing for pur­po­ses of direct advertising.

6.8 Passing on data to e.g. courts and authorities

We take the rights of the inju­red par­ties very seriously in the event of misuse of our ser­vices. Upon court order, we will pass on data and infor­ma­tion about users to the reques­t­ing aut­ho­rity. This also and espe­ci­ally applies if there is a reasonable sus­pi­cion of misuse of our ser­vices. Misuse is when appli­ca­ble laws are vio­la­ted. In such cases, the user expressly cons­ents to the dis­clo­sure of his or her data to courts and authorities.

I would like to give you the legal basis for this:

Processing for com­pli­ance with a legal obli­ga­tion: Art. 6 para. 1 lit. c. DSGVO

6.9 Protection of your per­so­nal data

We take con­trac­tual, orga­niza­tio­nal and tech­ni­cal secu­rity mea­su­res in accordance with the state of the art to ensure that the pro­vi­si­ons of the Data Protection Act are com­plied with and thus to pro­tect the data pro­ces­sed by me against acci­den­tal or inten­tio­nal mani­pu­la­tion, loss, des­truc­tion or against access by unaut­ho­ri­zed persons.

The secu­rity mea­su­res include in par­ti­cu­lar the encrypted trans­mis­sion of data bet­ween your brow­ser and my ser­ver. For this pur­pose, a 256-bit SSL (AES 256) encryp­tion tech­no­logy is used. This includes your IP address.

In doing so, your per­so­nal data is pro­tec­ted within the scope of the following:

a) Maintaining the con­fi­den­tia­lity of your per­so­nal data.

In order to main­tain the con­fi­den­tia­lity of your per­so­nal data stored with us, we have taken various mea­su­res to con­trol access, access and access control.

b) Maintaining the inte­grity of your per­so­nal data

In order to main­tain the inte­grity of your per­so­nal data stored with us, we have taken various mea­su­res to con­trol dis­clo­sure and input.

c) Maintaining the avai­la­bi­lity of your per­so­nal data

In order to main­tain the avai­la­bi­lity of your per­so­nal data stored with us, we have taken various mea­su­res for order and avai­la­bi­lity control.

The secu­rity mea­su­res in place are con­ti­nuously impro­ved in line with tech­no­lo­gi­cal deve­lo­p­ments. Despite these pre­cau­ti­ons, due to the inse­cure nature of the Internet, we can­not gua­ran­tee the secu­rity of your data trans­mis­sion to my online ser­vice. Due to this, any data trans­mis­sion from you to my online offer is at your own risk.

6.10. Hosting and e‑mail dispatch

The hos­ting ser­vices we use serve to pro­vide the fol­lo­wing ser­vices: Infrastructure and plat­form ser­vices, com­pu­ting capa­city, sto­rage space and data­base ser­vices, e‑mail dis­patch, secu­rity ser­vices and tech­ni­cal main­ten­ance ser­vices, which we use for the pur­pose of ope­ra­ting this online offer.

In doing so, we, or our hos­ting pro­vi­der, pro­cess inven­tory data, cont­act data, con­tent data, con­tract data, usage data, meta data and com­mu­ni­ca­tion data of cus­to­mers, inte­res­ted par­ties and visi­tors of this online offer on the basis of our legi­ti­mate inte­rests in an effi­ci­ent and secure pro­vi­sion of this online offer pur­su­ant to Art. 6 (1) lit. f DSGVO in con­junc­tion with Art. 28 DSGVO. Art. 28 DSGVO (con­clu­sion of order pro­ces­sing contract).

6.11. Contacting

If you cont­act us by e‑mail or via cont­act form, you agree to elec­tro­nic com­mu­ni­ca­tion. In the course of cont­ac­ting us, per­so­nal data such as name and e‑mail address are coll­ec­ted. Your data will be trans­mit­ted SSL-encrypted. The infor­ma­tion you pro­vide will be stored exclu­si­vely for the pur­pose of pro­ces­sing the request and for pos­si­ble fol­low-up questions.

We would like to inform you about the legal basis for this:

Processing for the ful­fill­ment of our ser­vices and imple­men­ta­tion of con­trac­tual mea­su­res: Art. 6 para. 1 lit. b. DSGVO
Processing for the pro­tec­tion of our legi­ti­mate inte­rests: Art. 6 para. 1 lit. f. DSGVO

We would like to point out that e‑mails can be read or chan­ged unaut­ho­ri­zed and unno­ti­ced on the trans­mis­sion path. Furthermore, we would like to point out that we use soft­ware to fil­ter unwan­ted e‑mails (spam fil­ter). The spam fil­ter can reject e‑mails if they have been fal­sely iden­ti­fied as spam by cer­tain characteristics.

7. Cookies

Cookies” are small files that are stored on the user’s com­pu­ter. Within the coo­kies, dif­fe­rent infor­ma­tion can be stored. A coo­kie is pri­ma­rily used to store infor­ma­tion about a user (or the device on which the coo­kie is stored) during or after his visit within an online offer. Temporary coo­kies, or “ses­sion coo­kies” or “tran­si­ent coo­kies”, are coo­kies that are dele­ted after a user lea­ves an online offer and clo­ses his or her brow­ser. Such a coo­kie can store, for exam­ple, the con­tents of a shop­ping cart in an online store or a login sta­tus. Cookies that remain stored even after the brow­ser is clo­sed are refer­red to as “per­ma­nent” or “per­sis­tent”. For exam­ple, the login sta­tus can be stored if users visit them after seve­ral days. Likewise, the inte­rests of users* can be stored in such a coo­kie, which is used for range mea­su­re­ment or mar­ke­ting pur­po­ses. Third-party coo­kies” are coo­kies that are offe­red by pro­vi­ders other than the respon­si­ble party that ope­ra­tes the online offe­ring (other­wise, if they are only its coo­kies, they are refer­red to as “first-party cookies”).

We use tem­po­rary and per­ma­nent coo­kies and explain this in the con­text of this pri­vacy policy.

If users do not want coo­kies to be stored on their com­pu­ter, they are asked to deac­ti­vate the cor­re­spon­ding option in the sys­tem set­tings of their brow­ser. Stored coo­kies can be dele­ted in the sys­tem set­tings of the brow­ser. The exclu­sion of coo­kies can lead to func­tional rest­ric­tions of this online offer.

7.1 Control of coo­kies by the user

A gene­ral objec­tion to the use of coo­kies used for online mar­ke­ting pur­po­ses can be declared for a large num­ber of the ser­vices, espe­ci­ally in the case of track­ing, via the U.S. site or the EU site

Browser coo­kies: You can set all brow­sers to accept coo­kies only on request. Also, only coo­kies whose pages are curr­ently being visi­ted can be accepted by set­ting. All brow­sers offer func­tions that allow the sel­ec­tive dele­tion of coo­kies. The accep­tance of coo­kies can also be gene­rally swit­ched off, but then rest­ric­tions in the user-fri­end­li­ness of this online offer may have to be accepted.

Flash coo­kies: Flash coo­kies are the (locally) stored set­tings of the Flash Player. However, these are not brow­ser coo­kies, which are mana­ged by the respec­tive set­tings of the brow­ser, but sepa­ra­tely via the set­tings mana­ger of the Flash Player. External link:

7.1.1 Disabling or remo­ving coo­kies (opt-out)

Every web brow­ser offers opti­ons to rest­rict and delete coo­kies. For more infor­ma­tion, visit the fol­lo­wing websites:

Internet Explorer:‑9
Google Chrome:

7.2 Use of First-Party Cookies (Google Analytics)

We use Google Analytics, a web ana­ly­sis ser­vice of Google LLC (“Google”), on the basis of our legi­ti­mate inte­rest (i.e. inte­rest in the ana­ly­sis, opti­miza­tion and eco­no­mic ope­ra­tion of our online offer in terms of Art. 6 para. 1 lit. f. DSGVO) Google Analytics, a web ana­ly­tics ser­vice pro­vi­ded by Google LLC (“Google”). Google uses coo­kies. The infor­ma­tion gene­ra­ted by the coo­kie about the use of the online offer by the users is usually trans­mit­ted to a Google ser­ver in the USA and stored there.
Google is cer­ti­fied under the Privacy Shield agree­ment and ther­eby offers a gua­ran­tee of com­pli­ance with European data pro­tec­tion law (

Google will use this infor­ma­tion on our behalf for the pur­pose of eva­lua­ting your use of our web­site, com­pi­ling reports on web­site acti­vity for web­site ope­ra­tors and pro­vi­ding other ser­vices rela­ting to web­site acti­vity and inter­net usage. In doing so, pseud­ony­mous usage pro­files of the users can be crea­ted from the pro­ces­sed data.

We only use Google Analytics with IP anony­miza­tion acti­va­ted. This means that the IP address of users is shor­tened by Google within mem­ber sta­tes of the European Union or in other con­trac­ting sta­tes of the Agreement on the European Economic Area. Only in excep­tio­nal cases will the full IP address be trans­mit­ted to a Google ser­ver in the USA and shor­tened there.

The IP address trans­mit­ted by the user’s brow­ser is not mer­ged with other Google data. Users* can pre­vent the sto­rage of coo­kies by set­ting their brow­ser soft­ware accor­din­gly; users can also pre­vent the coll­ec­tion of the data gene­ra­ted by the coo­kie and rela­ted to their use of the online offer to Google, as well as the pro­ces­sing of this data by Google, by down­loa­ding and instal­ling the brow­ser plugin available at the fol­lo­wing link:

For more infor­ma­tion about Google’s use of data, set­tings and opt-out opti­ons, please refer to Google’s pri­vacy policy ( and the set­tings for the dis­play of adver­ti­se­ments by Google (

The per­so­nal data of the users will be dele­ted after 14 months.