Privacy Policy

Privacy Policy

1. General Information

1.1 What is Personal Data

Personal data is information that reveals or may reveal the identity of the user. We adhere to the principle of data minimisation. The collection of personal data is avoided wherever possible.

1.2 Processing of Personal Data

The processing of your personal data is carried out exclusively insofar as we have obtained your consent (Article 6(1)(1)(a) GDPR) or the data in question is required for our legitimate interests and the balancing of interests establishes that there are no overriding legitimate interests, fundamental rights, or freedoms on your part (Article 6(1)(1)(f) GDPR). We may engage data processors for the processing of your personal data, with whom we have concluded a data processing agreement where necessary. Personal data is not otherwise disclosed to third parties as a matter of principle. The processing of your personal data takes place within the EU as well as in countries recognised by the EU as having adequate or appropriate data protection standards. Should the processing of personal data occur in the USA, we ensure that the services we utilise are certified under the Data Privacy Framework.

1.3 Usage Data

When visiting the website, general technical information is collected. This includes the IP address used, time, duration of the visit, browser type, and, where applicable, the referring page. This usage data is technically recorded in a log file and may be used and stored for the purpose of statistical analysis of this website. This usage data is not linked with your other personal data.

1.4 Electronic Withdrawal from Contracts

If you exercise your statutory right of withdrawal electronically, we process the following data in order to fulfil our legal obligation to provide evidence: name, email address, contract details, timestamp of the withdrawal, and your IP address.

1.5 Duration of Storage

We store your personal data following the termination of the purpose for which the data was collected only for as long as is required under statutory provisions, in particular under Austrian commercial and tax law. In particular, the following retention periods apply:

Accounting documents and business records relevant for taxation purposes: 7 years from the end of the calendar year in which the respective transaction occurred or the document was created, in accordance with Austrian Commercial Code (UGB) and Federal Tax Code (BAO)
Tax-relevant documentation: 7 years in accordance with Austrian tax law
Consent for data processing under data protection law: For the duration during which the data subject may assert rights
General business correspondence without tax relevance: For as long as necessary for the fulfilment of business purposes, unless the processing serves the assertion, exercise, or defence of legal claims
Usage data pursuant to Section 1.3 of this Privacy Policy: maximum 30 days
Documentation of withdrawal from contracts (including electronic withdrawals): 7 years from the end of the calendar year in which the withdrawal was declared or the withdrawal period expired, in accordance with Austrian commercial and tax retention obligations
Data from contact forms and appointment bookings: Following the completion of processing of the enquiry or following the appointment, provided there are no statutory retention obligations
Newsletter data: Until revocation of consent or until unsubscription from the newsletter
Cookie consents (Cookiebot): up to 12 months

2. Your Rights

2.1 Right of Access

You may request confirmation from us as to whether we process personal data concerning you, and insofar as this is the case, you have a right of access to this personal data and to the further information specified in Article 15 GDPR.

2.2 Right to Rectification

You have the right to rectification of inaccurate personal data concerning you and may, pursuant to Article 16 GDPR, request the completion of incomplete personal data.

2.3 Right to Erasure

You have the right to request that we erase personal data concerning you without undue delay. We are obliged to erase this data without undue delay, particularly if one of the following grounds applies:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing of your data was based and there is no other legal ground for the processing.
Your data has been unlawfully processed.

The right to erasure does not exist insofar as your personal data is necessary for the assertion, exercise, or defence of our legal claims.

2.4 Right to Restriction of Processing

You have the right to request from us the restriction of processing of your personal data if:

You contest the accuracy of the data and we are therefore verifying the accuracy,
The processing is unlawful and you refuse erasure and instead request the restriction of use,
We no longer need the data but you require it for the assertion, exercise, or defence of legal claims,
You have objected to the processing of your data and it has not yet been established whether our legitimate grounds override your grounds.

2.5 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided the processing is based on consent or a contract and the processing is carried out by automated means at our end.

2.6 Right to Withdraw Consent and Right to Object

Insofar as the processing of your personal data is based on consent (Article 6(1)(1)(a) GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal. Insofar as the processing of your personal data is based on Article 6(1)(1)(e) GDPR or Article 6(1)(1)(f) GDPR, you have the right pursuant to Article 21 GDPR to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. We will then cease processing your personal data

unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

2.7 General Information and Right to Lodge a Complaint

The exercise of your aforementioned rights is generally free of charge for you. You have the right to lodge a complaint directly with the competent supervisory authority, the Austrian Data Protection Authority (Oesterreichische Datenschutzbehoerde), Barichgasse 40-42, 1030 Vienna, Austria, dsb@dsb.gv.at.

2.8 Automated Decision-Making Including Profiling

Automated decision-making pursuant to Article 22 GDPR, that is, decisions based solely on automated processing — including profiling — that produce legal effects or similarly significantly affect you, does not take place at our organisation.

3. Data Security

3.1 Data Security

All data on our website is protected by technical and organisational measures against loss, destruction, access, alteration, and dissemination.

3.2 Sessions and Cookies

For the operation of the website, we employ cookies or server-side sessions in which data may be stored. We ensure that cookies are only deployed and information already stored in your terminal equipment is only accessed insofar as this is strictly necessary for the provision of the digital service expressly requested by you or where you have provided explicit consent. This is in accordance with the applicable Austrian telecommunications law (Section 165 TKG 2021) and the GDPR. Following your explicit consent, we use cookies and information already stored in your terminal equipment to personalise content and advertisements, to provide social media functions, and to analyse access to our website. With your consent, we may share information concerning your use of our website with our partners for social media, advertising, and analytics. Our partners may potentially combine this information with other data that the partners already possess concerning you. Details (e.g. domain, name, duration) of cookies used solely on the basis of your consent may be found in the cookie banner.

4. Contact Form

If you send us enquiries via contact form, your information, including contact details, will be stored for the purpose of processing and for follow-up questions. Legal bases are Article 6(1)(b) GDPR (contractual initiation), Article 6(1)(f) GDPR (legitimate interest), or your consent (Article 6(1)(a) GDPR). The data remains with us until the purpose of storage ceases to apply or you withdraw your consent. Statutory retention periods remain unaffected.

5. Presence on Social Media Platforms

We maintain online presences within social networks and platforms in order to communicate with users and to inform them about our services. When accessing the respective networks, the data protection policies of the operators apply:

Instagram / Meta Platforms Ireland Ltd. – https://help.instagram.com/519522125107875
LinkedIn Ireland Unlimited Company – https://www.linkedin.com/legal/privacy-policy

These social media platforms may process personal data outside the EU; we refer in this regard to the aforementioned privacy policies of the social media platforms. The respective social media platforms may create user profiles from your usage behaviour and the resulting interests and actions on your part, and may store cookies on your computer in which your usage behaviour is stored. If you have an account on the respective social media platform and are logged in, your usage behaviour may even be stored independently of the device. Your user profile may be used, for example, to place advertisements that presumably correspond to your interests. For individual social media platforms (in particular Instagram via Meta as well as LinkedIn), there exists a relationship of joint controllership pursuant to Article 26 GDPR with regard to the processing of so-called insights data (usage statistics). In these cases, data processing takes place on the basis of an agreement on joint controllership, which in particular stipulates that the respective platform operator is primarily responsible for fulfilling the information obligations pursuant to Articles 13 and 14 GDPR as well as for ensuring data subject rights pursuant to Articles 15–22 GDPR.

Further information on the respective agreement on joint controllership may be found

with Meta at https://www.facebook.com/legal/terms/page_controller_addendum and

with LinkedIn at https://legal.linkedin.com/pages-joint-controller-addendum.

We process the personal data exclusively for the purpose of communicating with you via the social media platform you have selected as well as for the optimisation of our online presence, and we ensure that no interests on your part are affected which override this legitimate interest on our part (Article 6(1)(1)(f) GDPR). Insofar as you have already given valid consent to the respective operator of the social media platform for the corresponding data

processing, the processing of your personal data also takes place on the basis of this consent (Article 6(1)(1)(a) GDPR).

6. Third-Party Services

6.1 Website Creation, Hosting, and Appointment Booking

Our website is operated using the services of the following hosting provider:

Wix (including Wix Bookings and Wix Forms)

Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv-Yafo, 6350671, Israel

We utilise the services of Wix for the creation, provision, and hosting of our website, for appointment booking via Wix Bookings, as well as for contact forms via Wix Forms. When visiting our website and when using our booking and contact functions, the following personal data may be processed:

IP addresses, meta and communication data, website access, date and time of request
Information concerning browser and operating system as well as other technically required data that is automatically transmitted when accessing a website
For appointment bookings: name, email address, telephone number, selected appointment, message/concern, and further information you provide in the booking form
For contact forms: name, email address, message, and further information you enter

The processing is carried out for the performance of a contract or for the implementation of pre-contractual measures (Article 6(1)(b) GDPR) and in the legitimate interest of ensuring a secure, fast, and efficient provision of our online offering as well as convenient appointment booking and contact facilitation (Article 6(1)(f) GDPR). The data is stored on Wix servers in Israel. A data processing agreement has been concluded with Wix. Israel is recognised by the EU Commission as a country with an adequate level of data protection. Data collected in the context of appointment booking and contact enquiries is stored until the appointment has been carried out or the enquiry has been processed and is no longer required for further communication, or until you request deletion. Statutory retention obligations remain unaffected.

6.2 Newsletter / Email Marketing

We send newsletters and email marketing campaigns using Wix Email Marketing.

Wix Email Marketing

Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv-Yafo, 6350671, Israel

If you subscribe to our newsletter, the following data is processed:

Email address
Name (if provided)
Time of registration
IP address at the time of registration
Information concerning the opening and clicking of newsletter emails (provided you have consented thereto)

Registration for our newsletter is carried out by means of a so-called double opt-in procedure. Following your registration, you will receive an email in which you are requested to confirm your registration. This confirmation is necessary so that no one can register using third-party email addresses. The processing is carried out on the basis of your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time by unsubscribing from the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the withdrawal.

The data is stored on Wix servers in Israel. A data processing agreement has been concluded with Wix. Israel is recognised by the EU Commission as a country with an adequate level of data protection. Your newsletter data is stored until you unsubscribe from the newsletter or we cease newsletter distribution.

6.3 Consent Management (Cookie Consent Tool)

We employ Cookiebot in order to obtain, document, and manage your consent to the storage of certain cookies on your terminal equipment or to the deployment of certain technologies in accordance with data protection regulations. This is necessary in order to comply with legal requirements.

Cookiebot

Provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark

When accessing our website, a connection is established to the servers of Cookiebot in order to obtain and document your consents and other declarations concerning cookie use. The following data is processed in this context:

IP address (anonymised)
Information concerning the browser
Date and time of visit
Consent status (consent, refusal, or preference)
Technical browser data

The processing is carried out on the basis of Article 6(1)(1)(c) GDPR in order to fulfil our legal obligation to maintain evidence of your consent pursuant to Article 7(1) GDPR.

The collected data is stored for up to 12 months.

7. Contact

For contact concerning data protection matters, you may contact the controller. Controller within the meaning of the GDPR:

DMORPHEUS GmbH

Wiener Gasse 11

A-9020 Klagenfurt am Wörthersee

Austria

Email: contact@dmorpheus.design

Phone: +43 676 852381 205