The protection of your personal data is of particular concern to us. Here you can get a quick and easy overview of what personal data we collect from you and what we do with it.

Data collection, purpose & legal basis

We, Foonkle EOOD, grant interested parties access to AI (artificial intelligence) controlled or supported voice- and chatbots via our website(s). Interested parties can communicate with chatbots and voicebots and ask questions about the Overmind.one business area. Data is not used for the training of the AI models and is only processed for a short time (for the AI models used, please see the information on “Recipients”). Please note that you are talking to an AI and that the answers also represent AI-generated content.

When using the voice and chatbots, the following personal data in particular is processed

– Content data:
   o Voice and audio data or conversation content
   o All other information that you provide as an end user during the conversation, such as your first name

– Usage data (metadata for billing and analysis):
   o Unique identifiers (e.g. call ID, session ID)
   o Timestamp and duration of the interaction
   o Technical parameters of the transmission
   o IP address

The use of voice and chatbots is voluntary. There is no obligation to provide your personal data. The data processing described does not involve any automated decision-making or profiling.

In principle, the data is collected directly from you as the user. However, depending on the formulation of your interactions, the processing may also include data of natural persons – in this case, the data is collected when the user discloses it.

The data processing that takes place in the course of using the voice and chatbots serves in particular to provide information about Overmind.one or general information about the use of AI. The application is also intended to support companies in decision-making and to arouse and promote the interest of potential companies in our voice intelligence solutions.

The processing of the spoken word is, in principle, the processing of biometric data, as this is objectively suitable for identifying persons. However, since these biometric data are not used in this case for the purpose of uniquely identifying a natural person, no special categories of personal data are processed and a legal basis pursuant to Art. 9 para. 2 GDPR is therefore not required.

Your data will only be processed for as long as is necessary to fulfill the pre-contractual measures. After the interaction, your content data will be deleted immediately. Exceptions to this are individual metadata relevant to billing (e.g. call ID, duration), which are stored for the purpose of billing in accordance with the statutory retention periods of 7 years (Section 132 BAO), as well as technical metadata (in particular IP address), which are stored for 14 days for security purposes and then deleted.

Transmission recipients

Please note that we may update this privacy policy from time to time (e.g. due to changes in legal regulations or the use of new technologies). We therefore recommend that you check this privacy policy regularly for new information.

In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection.
Please feel free to contact us at any time in this regard.

Data protection coordination team
Overmind.one

data@overmind.one

This section lists the sub-processors used for the provision of itellico AI services. Processing takes place in the EU by default. Certain specialized or alternative services can be activated at the customer’s request, which may result in data transfer to the USA.

Part 1: Standard-Plattform

These are the core components of the itellico platform. Data processing for these services takes place primarily in data centers within the EU (Frankfurt).

Amazon Web Services (EU)

Purpose of processing Hosting of the Kubernetes infrastructure for the itellico voice AI cluster platform, provision of SIP communication services and storage of call data (transcripts, audio responses).

Recipient of the data
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy,
L-1855 Luxembourg.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
Customer-configurable (standard: 30 days, adjustable from immediate deletion to customer-specific requirements). Further information AWS data protection notice. Processing takes place on servers in the EU (Frankfurt).

Microsoft Azure (EU)

Purpose of the processing
1. speech recognition (speech-to-text): Transcription of speech input.
2. speech synthesis (text-to-speech): Generation of speech output.
3. AI processing (LLM): Processing of text queries using large language models.

Recipient of the data
Microsoft Ireland Operations Limited, One Microsoft Place, South
County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage (zero retention policy).
Results are stored on the itellico AWS cluster.

Further information Microsoft Privacy Policy. Processing takes place on Microsoft’s infrastructure in the EU.

OpenAI

Recipient of the data
1. AI processing (LLM): Processing of text requests by large language models (e.g. GPT series).
2. speech recognition (speech-to-text): Conversion of speech input into text (e.g. Whisper).

Recipient of the data
OpenAI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126
Sheriff Street Upper, Dublin 1, D01 YC43 Ireland.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage (zero retention policy for API data). Results are stored on the itellico AWS cluster.

Further information OpenAI privacy policy. Processing takes place on Microsoft’s infrastructure in the EU.

Live Kit (EU)

Purpose of processing
Real-time communication (WebRTC & SIP): Provision of the infrastructure for audio communication in real time and connection to the telephone network (SIP).

Recipient of the data
LiveKit, Inc, 981 Mission St, San Francisco, CA 94103, USA.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage.
Further information LiveKit privacy policy. Communication takes place in real time and is not recorded or stored. Data traffic is routed via dedicated servers in the EU.

Part 2: Optional special services (USA)

These services are not activated by default. They can be used at the express request of the customer to optimize performance or for specific use cases (e.g. alternative language models). When activated, content data (audio/text) is transmitted to the USA for processing. A zero-retention policy applies to all providers listed here.

Deepgram (USA)

Purpose of processing
Alternative speech-to-text transcription.

Recipient of the data
Deepgram Inc, 548 Market St, Suite 25104, San Francisco, CA 94104-5401,
USA. *Transmission protected by SCCs in accordance with Art. 46 GDPR.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage (zero retention). Results are stored on the itellico AWS cluster.

Further information Deepgram privacy policy

Cartesia (USA)

Purpose of processing
Alternative text-to-speech speech synthesis.

Recipient of the data
Cartesia, Inc, 1766 18th Street, San Francisco, CA 94107, USA. *Transmission protected by SCCs in accordance with Art. 46 GDPR.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage. Results are stored on the itellico AWS cluster.

Further information Cartesia privacy policy

ElevenLabs (USA)

Purpose of processing
Alternative text-to-speech speech synthesis and voice cloning.

Recipient of the data
Eleven Labs Inc, 169 Madison Ave #2484, New York, NY 10016,
USA. *Transmission protected by SCCs in accordance with Art. 46 GDPR.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage. Results are stored on the itellico AWS cluster.

Further information ElevenLabs privacy policy

Anthropic (USA)

Purpose of processing
Alternative AI processing (LLM): Processing of text requests
by large language models (e.g. Claude series).

Recipient of the data
Anthropic, PBC, PO Box 2318, San Francisco, CA 94126, USA. *Transmission protected by SCCs in accordance with Art. 46 GDPR.

Legal basis
Contract fulfillment (Art. 6 para. 1 lit. b GDPR).

Storage period
API processing: No storage (zero retention policy). Results are stored on the itellico AWS cluster.

Further information Anthropic privacy policy

Introduction and overview

We have prepared this privacy policy (version 20.06.2025-113016739) to explain to you in accordance with
the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national
laws which personal data (data for short) we as the controller – and
the processors (e.g. providers) commissioned by us – process, will process in the future
and which lawful options you have. The terms used are
to be understood as gender-neutral.

In short, we provide you with comprehensive information about the data we process about you.

Data protection declarations usually sound very technical and use legal
terminology. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and
transparently as possible. Where it is conducive to transparency, technical
terms are explained in a reader-friendly way, links to further information are provided and graphics
are used. We thus inform you in clear and simple language that we only process personal data as part of
our business activities if there is a legal basis for doing so. This is certainly not possible by providing
with explanations that are as concise, unclear and legally technical as possible, as is often standard on the Internet
when it comes to data protection.

I hope you find the following explanations interesting and informative and perhaps there is some information that you did not know about.

If you still have any questions, please contact the responsible body named below or in the legal notice, follow the links provided and take a look at further
information on third-party websites. Our contact details can of course also be found at
in the legal notice.

Scope of application

• This privacy policy applies to all personal data processed by us in the company
  and to all personal data processed by companies commissioned by us
  (processors). By personal data, we mean information within the meaning of
  in accordance with Art. 4 No. 1 GDPR, such as the name, email address and postal address
  of a person. The processing of personal data ensures that we can offer and bill our
  services and products, whether online or offline. The scope of application of this privacy policy includes:
• all online presences (websites, online stores) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: the privacy policy applies to all areas in which personal data is processed in a structured manner in the
company via the channels mentioned. If we enter into legal relationships with you outside
of these channels, we will inform you separately
if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE
EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:

1. consent (Article 6(1)(a) GDPR): You have given us your consent to process data
for a specific purpose. An example would be the storage of your
contact form data.

2. contract (Article 6(1)(b) GDPR): In order to fulfill a contract or pre-contractual
obligations with you, we process your data. For example, if we conclude a purchase contract with you at, we need personal information in advance.

3. legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal
obligation, we process your data. For example, we are required by law
to keep invoices for accounting purposes. These usually contain
personal data.

4. legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict
your fundamental rights, we reserve the right to process personal
data. For example, we need to process certain data in order to operate our website
securely and efficiently. This processing is therefore a legitimate
interest.

Other conditions such as the performance of recordings in the public interest and
the exercise of official authority and the protection of vital interests do not generally apply to us at. If such a legal basis should be relevant, it will be indicated at.
In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the
Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act (BDSG) applies.
If other regional or national laws apply, we will inform you about them in the following sections about it.

Contact details of the controller

If you have any questions about data protection or the processing of personal data,
you will find below the contact details of the controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR):

Foonkle EOOD
Email: data@overmind.one

Storage period

It is a general criterion for us that we only store personal data for as long as is absolutely necessary for the provision of our
services and products. The
means that we delete personal data as soon as the reason for the data processing
no longer exists. In some cases, we are legally obliged to store certain data
even after the original purpose no longer applies, for example for the purposes of
accounting.

If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store.

We will inform you about the specific duration of the respective data processing below, provided that
we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled,
so that data is processed fairly and transparently:
In accordance with Article 15 GDPR, you have a right to information as to whether we are processing your data. If this is the case, you have the right to receive a copy of the data
and the following information:

• the purpose for which we carry out the processing
• the categories, i.e. the types of data that are processed
• who receives this data
• and if the data is transferred to third countries,
• how security can be guaranteed
• how long the data will be stored;
• the existence of the right to rectification, erasure or restriction of processing
  and the right to object to processing
• that you can lodge a complaint with a supervisory authority (links to these authorities can be found below)
• the origin of the data if we have not collected it from you
• whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you
• According to Article 16 GDPR, you have a right to rectification of the data, which means that we must correct
  data if you find errors.
• According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which
  specifically means that you may request the erasure of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which
  means that we may only store the data but not use it any further.
• According to Article 20 GDPR, you have the right to data portability, which means that we
  will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have the right to object, which entails a
  change in processing after enforcement.
• If the processing of your data is based on Article 6(1)(e) (public interest,
  exercise of official authority) or Article 6(1)(f) (legitimate interest),
  you can object to the processing.

We will then check as quickly as possible whether we can legally comply with this objection.

If data is used for direct marketing purposes, you can object to this type of data processing at any time at. We may then no longer use your data
for direct marketing.

If data is used for profiling, you can object to this type of data processing at any time.

We may then no longer use your data for profiling.

If data is used for profiling, you can object to this type of data processing at any time.

We may then no longer use your data for profiling.

Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on
automated processing (e.g. profiling).

According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the
data processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the controller listed above at!

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website
can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state at. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at.

Security of data processing

In order to protect personal data, we have implemented both technical and organizational
measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR refers to “data protection through technology design and through data protection-friendly default settings” and means that we always think about security both in terms of software (e.g. forms) and hardware (e.g. access to the server room) and take appropriate measures. If necessary, we will discuss specific measures below.

TLS encryption with https

TLS, encryption and https sound very technical – and they are. We use HTTPS (the
Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) for our website and subpages (such as for our voicebots) to transmit
data tap-proof on the Internet.

This means that the complete transmission of all data from your browser to our
web server is secured – nobody can “eavesdrop”.
We have thus introduced an additional layer of security and comply with data protection through
technology design (Article 25 (1) GDPR). By using TLS (Transport Layer
Security), an encryption protocol for secure data transmission on the Internet, we can ensure
the protection of confidential data.

You can recognize the use of this data transmission security by the small lock symbol
at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use
of the https scheme (instead of http) as part of our Internet address.

If you would like to know more about encryption, we recommend searching Google
for “Hypertext Transfer Protocol Secure wiki” to obtain good links to further information on.

Communication
Communication Summary

Data subjects: Anyone who communicates with us by telephone, email or online form
Data processed: e.g. telephone number, name, email address, form data entered. More details
can be found in the respective contact type used
Purpose: Processing of communication with customers, business partners, etc.

Storage period: Duration of the business case and the statutory provisions
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f
GDPR (legitimate interests).

If you contact us and communicate by telephone, e-mail or online form, personal data may be processed.
The data is processed for the handling and processing of your question and the associated business transaction. The data is stored for as long as or as required by law.

Affected persons

All those who contact us via the
communication channels provided by us are affected by the aforementioned processes.

E-mail

If you communicate with us by email, data may be stored on the respective
end device (computer, laptop, smartphone, etc.) and
data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed
and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on our web server
and may be forwarded to one of our e-mail addresses. The data will be deleted
as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal bases:

Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data at
and to continue to use it for purposes relating to the business case;
Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the fulfillment of a
contract with you or a processor such as the telephone provider or we
must process the data for pre-contractual activities, such as the preparation of an offer;

Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and
business communication in a professional manner. This requires certain
technical facilities such as email programs, exchange servers and
mobile network operators in order to be able to operate communication efficiently.

Data processing agreement (DPA)

In this section, we would like to explain what an order processing contract is and
why it is needed. Because the word “data processing agreement” is quite a
tongue twister, we will often only use the acronym DPA in this text. Like
most companies, we do not work alone, but also use the services
of other companies or individuals. By involving various
companies or service providers, we may pass on personal data to
for processing. These partners then act as processors with whom we enter into a contract, known as a data processing agreement (DPA).

The most important thing for you to know about is that the processing of your personal data takes place exclusively in accordance with our
instructions and must be regulated by the DPA.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors.
This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal
person, public authority, agency or any other body which processes personal
data on our behalf is considered a processor. Processors can therefore be service providers such as
hosting or cloud providers, payment or newsletter providers or large companies such as
Google or Microsoft, for example.

To make the terminology easier to understand, here is an overview of the three roles in the
GDPR:

Data subject (you as a customer or interested party) → Controller (we as a company and
client) → Processor (service provider such as a web host or cloud provider).

Content of a data processing agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. This states above all that the processor processes the data to be processed at
exclusively in accordance with the GDPR.

• Commitment to us as the controller
• Obligations and rights of the controller
• Categories of data subjects
• Type of personal data
• Type and purpose of data processing
• Subject and duration of data processing
• Place of data processing
• The contract also contains all the obligations of the processor. The most important obligations are

to ensure data security measures

to take possible technical and organizational measures to protect the rights of the
data subject

to maintain a data processing register
to cooperate with the data protection supervisory authority at its request

carry out a risk analysis in relation to the personal data received

Sub-processors may only be commissioned with the written consent of the controller

You can find out what a DPA looks like in concrete terms at
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarb
eitung.html. A sample contract is presented here.

Cookies
Cookies Summary

Affected parties: Visitors to the website

Purpose: depending on the cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

Processed data: Depending on the cookie used. You can find more details on this at
below or from the manufacturer of the software that sets the cookie.

Storage period: depending on the cookie, can vary from hours to years

Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR
(legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following
privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include
Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites
store small text files in your browser. These files are called cookies.
One thing cannot be denied: Cookies are really useful little helpers. Almost all websites
use cookies. More precisely, they are HTTP cookies, as there are also other cookies
for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the “brain” of your browser, so to speak. A cookie consists of a name and
a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal
page settings. When you visit our site again, your browser transmits the
“user-related” information back to our site. Thanks to cookies, our website
knows who you are and offers you the settings you are used to. In some browsers, each
cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

A possible interaction between a web browser such as Chrome and the web server could look like this. The web browser requests a website and receives a
cookie back from the server, which the browser uses again as soon as another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google
Analytics). Each cookie must be evaluated individually, as each cookie stores different data.
The expiry time of a cookie also varies from a few minutes to a few years. Cookies
are not software programs and do not contain viruses, Trojans or other “malware”.
Cookies also cannot access information on your PC.
Cookie data can look like this, for example:
Name: _ga
Value: GA1.2.1326744211.152113016739-9
Purpose: To distinguish between website visitors
Expiry date: After 2 years
A browser should be able to support these minimum sizes:
At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used
and is clarified in the following sections of the privacy policy. At this point,
we would like to briefly explain the different types of HTTP cookies.
There are 4 types of cookies:

Essential cookies

These cookies are necessary to ensure basic website functions. For example,
needs these cookies when a user places a product in the shopping cart, then continues surfing on other
pages and only later goes to the checkout. Thanks to these cookies, the shopping cart is not deleted
even if the user closes their browser window.

Purposeful cookies

These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website
with different browsers.

Targeted cookies

These cookies ensure better user-friendliness. For example, entered
locations, font sizes or form data are saved.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.
When you visit a website for the first time, you are usually asked which of these
cookie types you would like to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and do not shy away from technical documentation,
we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the
Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Purpose of processing via cookies
The purpose ultimately depends on the cookie in question. You can find more details on this at
below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy about it.

Storage duration of cookies

The storage period depends on the cookie in question and is specified below. Some
cookies are deleted after less than an hour, others can remain stored on a
computer for several years.
You can also influence the storage period yourself. You can delete all cookies manually at any time via your browser
(see also “Right to object” below). Furthermore,
cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of the storage until then remains unaffected.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which
service or website the cookies originate from, you always have the option of deleting, deactivating or only partially accepting cookies at. For example, you can block cookies from third-party providers, but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete
cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can set up your browser so that
always informs you when a cookie is to be set. In this way, you can decide for each individual
cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called “cookie guidelines” have been in place since 2009. This states that the storage
of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different reactions to these directives within the EU countries. In Austria
, however, this directive was implemented in Section 165 (3) of the Telecommunications Act
(2021). In Germany, the cookie directives have not been implemented as national law.
Instead, this directive was largely implemented in Section 15 (3) of the
Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024

For strictly necessary cookies, even if no consent has been given, there are legitimate
interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We
would like to provide visitors to the website with a pleasant user experience and for this
certain cookies are often absolutely necessary.
Insofar as cookies that are not absolutely necessary are used, this only happens in the case of
your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies if
uses cookies.

Web hosting introduction
Web hosting summary

Data subjects: Visitors to the website

Purpose: professional hosting of the website and securing its operation

Processed data: IP address, time of website visit, browser used and
other data. You can find more details on this below or at the
web hosting provider used in each case.

Storage period: depends on the respective provider, but usually 2 weeks
Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information – including
personal data – is automatically created and stored, including on this website. This
data should be processed as sparingly as possible and only with justification. By website
we mean the entirety of all web pages on a domain, i.e. everything from the start page
(homepage) to the very last subpage (like this one). By domain we mean, for example,
example.de or sampleexample.com.
If you want to view a website on a computer, tablet or smartphone,
you use a program called a web browser. You probably know some
web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We
call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website’s
code is stored: the web server. Operating a web server is a
complicated and time-consuming task, which is why this is usually done by professional providers,
providers. They offer web hosting and thus ensure that
website data is stored reliably and error-free. A lot of technical terms,
but please stay tuned, it will get even better!

When connecting the browser on your computer (desktop, laptop, tablet or
smartphone) and during data transfer to and from the web server,
may process personal data. On the one hand, your computer stores data,
on the other hand, the web server must also store data for a period of time in order to ensure proper
operation.

Why do we process personal data?

The purposes of data processing are

1. professional hosting of the website and securing its operation

2. to maintain operational and IT security

3. anonymous evaluation of access behavior to improve our offer and, if necessary,
for criminal prosecution or prosecution of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the
computer on which this website is stored, usually automatically saves data such as
the complete Internet address (URL) of the website accessed
browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g.
https://www.beispielquellsite.de/vondabinichgekommen/)
the host name and IP address of the device from which access is made (e.g.
COMPUTERNAME and 194.23.43.121) date and time in files, the so-called web server log files
How long is data stored?
As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (company that runs our website on special
computers (servers)), but we do not pass on your data without the consent of!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results
from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of
professional hosting with a provider is necessary in order to present the company securely on the Internet
and in a user-friendly manner and to be able to pursue attacks and claims from this if necessary.

There is a contract between us and our hosting provider IONOS for
order processing in accordance with Art. 28 f. GDPR, which guarantees compliance with data protection
and data security.

1&1 IONOS web hosting privacy policy

Summary of data protection

Data subject: Visitors to the website

Purpose: Website storage and accessibility on the Internet
Processed data: IP address, but primarily also technical data

Storage period: Visitor data is deleted after 8 weeks

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is 1&1 IONOS Webhosting?

To host our website, we use the web hosting services of the company IONOS by
1&1. In Germany, 1&1 IONOS SE is based at Elgendorfer Str. 57 in 56410 Montabaur.
In Austria, you will find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna.
IONOS offers the following web hosting services: Domain, Website & Shop, Hosting &
WordPress, Marketing, E-Mail & Office, IONOS Cloud and Server. With over 22 million domains,
almost 9 million customer contracts and 100,000 servers, IONOS is one of the largest German
top dogs in the web hosting sector.

We have already mentioned it in our introductory words on the subject of web hosting:
hosting also stores data about you or your end device on the IONOS servers.
First and foremost, your IP address, which is known to be personal data, is stored. In addition, technical data such as the URL of our website, the name
of your internet browser or which operating system you are using is also stored.

Why do we use 1&1 IONOS web hosting?

IONOS was founded in Germany back in 1988 and therefore has over 30 years of experience at. However, this does not mean that the company is not constantly evolving in technological terms. It is precisely this combination of experience and innovative spirit that we believe provides a good basis for our website at. After all, we want our website to function smoothly 24 hours a day at
and guarantee a high level of security. Since IONOS
does not limit the monthly data traffic and provides plenty of storage space, our website remains powerful even with many visitors.

What data is processed by 1&1 IONOS Webhosting?

1&1 IONOS Webhosting may also process your personal data. When you visit our website, the following data about you or your computer is stored by IONOS:

the previously visited website (also called referrer)
the requested website (in this case our website)

Browser type and browser version

Your operating system and device type used
Time of page access

Your IP address in anonymized form

The data collected is used to increase the security of the website, to detect possible
errors and also to carry out anonymous statistical analyses. According to IONOS,
only uses the anonymized IP address to determine the location of access.

How long and where is the data stored?

The data is stored on IONOS’ own servers. In principle, IONOS stores the data for as long as is necessary to fulfill its obligations. Visitor data is stored for 8
weeks. However, data may also be stored for longer, for example to provide with evidence for possible legal disputes. Visitor data will not be passed on to third parties and will not be transferred to a country outside the EU.
How can I delete my data or prevent data storage?
You have the right to information, correction or deletion and restriction of processing of your personal data at any time. You can also withdraw your consent
to the processing of data at any time.
If you generally want to deactivate, delete or manage cookies, you can find the relevant links to the instructions for the most popular browsers at
the section browsers.

Legal basis

We have a legitimate interest in using IONOS in order to be able to offer our online service. Professional hosting with a provider is necessary in order to present our
company securely and in a user-friendly manner on the Internet and to be able to track possible cyber attacks. The legal basis for this is Art. 6 para. 1 lit. f GDPR
(legitimate interests).
You can find much more information about data protection at IONOS in the
privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about data protection at, you can also contact the data protection team at
IONOS by emailing datenschutz@ionos.de.
Data processing agreement (DPA) IONOS
We have concluded a data processing agreement (DPA) with IONOS in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA at in our general section
“Data processing agreement (DPA)”.

This contract is required by law because IONOS processes personaldata on our behalf. It clarifies that IONOS may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the
order processing contract (AVV) at
https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnu
ng-dsgvo/auftragsverarbeitung/.

Explanation of terms used

We always endeavor to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain
technical terms (such as cookies, IP address). However, we do not want to use these
without explanation. Below you will find an alphabetical list of important
terms that we may not have sufficiently addressed in the previous privacy policy. If these terms have been taken from the GDPR and are
definitions, we will also quote the GDPR texts here and add our own explanations to
where necessary.

Profiling

Definition in accordance with Article 4 of the GDPR
For the purposes of this Regulation, the term:
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal
aspects relating to a natural person, in particular to
analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests,
reliability, behavior, location or movements;
Explanation: Profiling involves the collection of various pieces of information about a person
in order to learn more about that person. In the web sector, profiling
is often used for advertising purposes or for credit checks. For example, web or
advertising analysis programs collect data about your behaviour and interests
on a website. This results in a special user profile that can be used to target advertising to
a specific target group.

Closing words

Congratulations! If you are reading these lines, you have really “fought” your way through our entire privacy policy at or at least scrolled this far. As you can see from the
scope of our privacy policy, we take the protection of your personal data, anything but lightly.
It is important to us to inform you about the processing of
personal data to the best of our knowledge and belief. However, we not only want to tell you which
data is processed, but also explain the reasons for using various software programs. As a rule, privacy policies sound very technical and legal. However, as most of you are not web developers or lawyers, we wanted to take a different approach to and explain the facts in simple and clear language.
Of course, this is not always possible due to the subject matter. Therefore, the most important
terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the
controller. We wish you a pleasant time and hope to welcome you back to our website
soon.
All texts are protected by copyright.

Source: Data protection declaration created with the data protection generator for Austria by AdSimple