Nachfolgend informieren wir Sie darüber, wie Ihre personenbezogenen Daten bei der Nutzung unserer Webseite und Produkte verarbeitet werden und welche Rechte Ihnen diesbezüglich zustehen.

Datenschutzhinweise

Overmind.one ist eine Marke der Foonkle EOOD.

Für die Foonkle EOOD, v. Strelbiste 6 Enos Str., office 6,Sofia, 1408 (im Folgenden Foonkle), hat der Schutz Ihrer persönlichen Informationen oberste Priorität. Selbstverständlich halten wir die relevanten Datenschutzgesetze in Europa ein und möchten Sie mit den nachfolgenden Datenschutzhinweisen umfassend über den Umgang mit Ihren Daten aufklären.

Informationen und Kontaktdaten

Overmind.one ist eine Marke der Foonkle EOOD

Verantwortlicher gem. Art. 4 Abs. 7 EU Datenschutzgrundverordnung (DSGVO) für alle Inhalte und daraus möglicher entstehenden gesetzlichen Haftungen der Overmind.one ist daher:

Foonkle EOOD

v. Strelbiste 6 Enos Str., Büro 6

1408 Sofia

Fragen zum Thema Datenschutz er Marke Overmind.one können Sie an unseren Datenschutzbeauftragten per Email richten: data@overmind.one

Alle Sprach- und Chatbot Lösungen in dieser Website werden technisch von itellico internet solutions zur Verfügung gestellt. Overmind.one wird nur temporärer, bedarfsbasierter Zugriﬀ auf die itellico-Plattform zur Analyse und Optimierung der Konfiguration und Leistung des KI-Bots im Auftrag des Verantwortlichen gewährt. Hier geht es zu den Datenschutzbestimmungen von Itellico.

Datenverarbeitung für Voice Intelligence (Sprach- und Chatbots)

Der Schutz Ihrer personenbezogenen Daten ist uns ein besonderes Anliegen. Hier können Sie sich einfach und schnell einen Überblick verschaffen, welche personenbezogenen Daten wir von Ihnen erheben und was wir damit machen.

Datenerhebung, Zweck & Rechtsgrundlage

Wir, die Foonkle EOOD, gewähren Interessent*innen Zugang zu KI (künstlichen Intelligenz) gesteuerten bzw. gestützten Sprach- und Chatbots über unsere Website(s). Interessent*innen können mit Chat- und Voicebots kommunizieren und Fragen zum Geschäftsfeld der Overmind.one stellen. Daten werden nicht für das Training der verwendeten KI-Modelle verwendet und nur kurzzeitig verarbeitet (zu den verwendeten KI-Modellen sehen Sie bitte die Informationen zu „Übermittlungsempfänger*innen“) ein. Bitte beachten Sie, dass Sie mit einer KI sprechen und auch die Antworten KI-generierte Inhalte darstellen.
Im Rahmen der Nutzung der Sprach- und Chatbots werden insbesondere folgende personenbezogene Daten verarbeitet:

• Inhaltsdaten:
o Sprach- und Audiodaten bzw. Gesprächsinhalte
o Alle sonstigen Informationen, die Sie als Endnutzer*in im Gespräch mitteilen, wie z.B. den Vornamen
• Nutzungsdaten (Metadaten für Abrechnung und Analyse):
o Eindeutige Kennungen (z.B. Anruf-ID, Session-ID)
o Zeitstempel und Dauer der Interaktion
o Technische Parameter der Übertragung
o IP-Adresse

Die Nutzung der Sprach- und Chatbots ist freiwillig. Es besteht keine Pflicht zur Bereitstellung Ihrer personenbezogenen Daten. Mit der beschriebenen Datenverarbeitung erfolgt keine automatisierte Entscheidungsfindung und kein Profiling.

Grundsätzlich werden die Daten direkt bei Ihnen als Nutzer*in erhoben. Je nach Formulierung Ihrer Interaktionen kann die Verarbeitung jedoch auch Daten natürlicher Personen umfassen – in diesem Fall werden die Daten mit Bekanntgabe durch die Nutzerin*en Nutzer erhoben.

Die im Zuge der Nutzung der Sprach- und Chatbots erfolgende Datenverarbeitung dient insbesondere dem Zweck der Bereitstellung von Informationen zu Overmind.one oder allgemeinen Informationen zum Einsatz von KI. Die Anwendung soll zudem Unternehmen in der Entscheidungsfindung unterstützen und das Interesse potenzieller Unternehmen an unseren Voice Intelligence Lösungen wecken und fördern.
Die Verarbeitung von personenbezogenen Daten basiert auf Grundlage von Art. 6 Abs. 1 lit. b der Datenschutz-Grundverordnung (DSGVO), da die Verarbeitung zur Durchführung von vorvertraglichen Maßnahmen (Informationsbereitstellung vor ggf. stattfindenden Abschluss von Voice Intelligence Verträgen) notwendig ist, die auf Anfragen von Interessent*innen hin erfolgen. Da die Nutzung freiwillig ist, entstehen Ihnen bei einer Nichtbereitstellung Ihrer Daten keine Nachteile – abgesehen davon, dass das die Spach- und Chatbots nicht genutzt werden können.

Bei der Verarbeitung vom gesprochenen Wort handelt es sich zwar grundsätzlich um die Verarbeitung biometrischer Daten, da diese objektiv dafür geeignet ist, Personen zu identifizieren. Nachdem diese biometrischen Daten in diesem Fall allerdings nicht zum Zweck der eindeutigen Identifizierung einer natürlichen Person herangezogen werden, werden keine besonderen Kategorien personenbezogener Daten verarbeitet, eine Rechtsgrundlage nach Art. 9 Abs. 2 DSGVO ist daher nicht erforderlich.

Ihre Daten werden nur so lange verarbeitet, wie es für die Erfüllung der vorvertraglichen Maßnahmen erforderlich ist. Nach der Interaktion werden Ihre Inhaltsdaten umgehend gelöscht. Ausgenommen davon sind einzelne abrechnungsrelevante Metadaten (z.B. Anruf-ID, Dauer), die zum Zwecke der Abrechnung gemäß der gesetzlichen Aufbewahrungsfristen von 7 Jahren (§ 132 BAO) aufbewahrt werden, sowie technische Metadaten (insb. IP-Adresse), die für Sicherheitszwecke 14 Tage gespeichert und danach gelöscht werden.

Übermittlungsempfänger*innen

Bitte beachten Sie, dass wir diese Datenschutzerklärung von Zeit zu Zeit aktualisieren (zB. aufgrund von Änderungen gesetzlicher Vorschriften oder dem Einsatz neuer Technologien). Wir empfehlen Ihnen deshalb, diese Datenschutzerklärung regelmäßig auf Neuheiten zu überprüfen.

Ihnen stehen grundsätzlich die Rechte auf Auskunft, Berichtigung, Löschung, Einschränkung, Datenübertragbarkeit, Widerruf und Widerspruch zu.
Bitte wenden Sie sich diesbezüglich gerne jederzeit an uns.

Datenschutz-Koordinationsteam
Overmind.one

data@overmind.one

Datenverarbeiter Voice Intelligence (Sprach- und Chatbots)

Dieser Bereich listet die Sub-Auftragsverarbeiter auf, die für die Erbringung der itellico KI-Dienste eingesetzt werden. Die Verarbeitung findet standardmäßig in der EU statt. Bestimmte spezialisierte oder alternative Dienste können auf Wunsch des Kunden aktiviert werden, was eine Datenübertragung in die USA zur Folge haben kann.

Teil 1: Standard-Plattform

Dies sind die Kernkomponenten der itellico-Plattform. Die Datenverarbeitung für diese Dienste findet primär in Rechenzentren innerhalb der EU (Frankfurt) statt.

Amazon Webdienste (EU)

Zweck der Verarbeitung Hosting der Kubernetes-Infrastruktur für die itellico Sprach-KI-Clusterplattform, Bereitstellung von SIP-Kommunikationsdiensten und Speicherung der Gesprächsdaten (Transkripte, Audio-Antworten).

Empfänger der Daten
Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy,
L-1855 Luxembourg.

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
Kundenkonfigurierbar (Standard: 30 Tage, einstellbar von sofortiger Löschung bis zu kundenspezifischen Anforderungen). Weitere Informationen AWS Datenschutzhinweis. Die Verarbeitung erfolgt auf Servern in der EU (Frankfurt).

Microsoft Azure (EU)

Zweck der Verarbeitung
1. Spracherkennung (Speech-to-Text): Transkription von Spracheingaben.
2. Sprachsynthese (Text-to-Speech): Erzeugung von Sprachausgaben.
3. KI-Verarbeitung (LLM): Verarbeitung von Textanfragen durch große Sprachmodelle.

Empfänger der Daten
Microsoft Ireland Operations Limited, One Microsoft Place, South
County Business Park, Leopardstown, Dublin 18, D18 P521, Irland.

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung (Zero-Retention-Policy).
Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Weitere Informationen Microsoft Datenschutzerklärung. Die Verarbeitung erfolgt auf der Infrastruktur von Microsoft in der EU.

OpenAI

Zweck der Verarbeitung

1. KI-Verarbeitung (LLM): Verarbeitung von Textanfragen durch große Sprachmodelle (z.B. GPT-Serie).
2. Spracherkennung (Speech-to-Text): Umwandlung von Spracheingaben in Text (z.B. Whisper).

Empfänger der Daten
OpenAI Ireland Limited, 1st Floor, The Liﬀey Trust Centre, 117-126
Sheriﬀ Street Upper, Dublin 1, D01 YC43 Ireland.

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung (Zero-Retention-Policy für API-Daten). Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Weitere Informationen OpenAI Datenschutzerklärung. Die Verarbeitung erfolgt auf der Infrastruktur von Microsoft in der EU.

Live-Kit (EU)

Zweck der Verarbeitung
Echtzeit-Kommunikation (WebRTC & SIP): Bereitstellung der Infrastruktur für die Audio-Kommunikation in Echtzeit und Anbindung an das Telefonnetz (SIP).

Empfänger der Daten
LiveKit, Inc., 981 Mission St, San Francisco, CA 94103, USA.

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung (Zero-Retention). Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Teil 2: Optional Spezialdienste (USA)

Diese Dienste sind nicht standardmäßig aktiviert. Sie können auf ausdrücklichen Wunsch des Kunden zur Leistungsoptimierung oder für spezifische Anwendungsfälle (z.B. alternative Sprachmodelle) genutzt werden. Bei Aktivierung werden Inhaltsdaten (Audio/Text) zur Verarbeitung in die USA übermittelt. Für alle hier gelisteten Anbieter gilt eine Zero-Retention-Policy.

Deepgram (USA)

Zweck der Verarbeitung
Alternative Speech-to-Text-Transkription.

Empfänger der Daten
Deepgram Inc., 548 Market St, Suite 25104, San Francisco, CA 94104-5401,
USA. *Übertragung durch SCCs gemäß Art. 46 DSGVO geschützt.*

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung (Zero-Retention). Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Weitere Informationen Deepgram Datenschutzerklärung

Cartesia (USA)

Zweck der Verarbeitung
Alternative Text-to-Speech-Sprachsynthese.

Empfänger der Daten
Cartesia, Inc., 1766 18th Street, San Francisco, CA 94107, USA. *Übertragung durch SCCs gemäß Art. 46 DSGVO geschützt.*

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung. Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Weitere Informationen Cartesia Datenschutzerklärung

ElevenLabs (USA)

Zweck der Verarbeitung
Alternative Text-to-Speech-Sprachsynthese und Voice Cloning.

Empfänger der Daten
Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016,
USA. *Übertragung durch SCCs gemäß Art. 46 DSGVO geschützt.*

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Speicherdauer
API-Verarbeitung: Keine Speicherung. Ergebnisse werden auf dem itellico AWS-Cluster gespeichert.

Weitere Informationen ElevenLabs Datenschutzerklärung

Anthropic (USA)

Zweck der Verarbeitung
Alternative KI-Verarbeitung (LLM): Verarbeitung von Textanfragen
durch große Sprachmodelle (z.B. Claude-Serie).

Empfänger der Daten
Anthropic, PBC, PO Box 2318, San Francisco, CA 94126, USA. *Übertragung durch SCCs gemäß Art. 46 DSGVO geschützt.*

Rechtsgrundlage
Vertragserfüllung (Art. 6 Abs. 1 lit. b DSGVO).

Weitere Informationen Anthropic Datenschutzerklärung

Datenverarbeitung und Zweck Website

Introduction and overview
We have prepared this privacy policy (version 20.06.2025-113016739) to explain to you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws which personal data (data for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in the future and which lawful options you have. The terms used are to be understood as gender-neutral.
In short, we provide you with comprehensive information about the data we process about you.
Data protection declarations usually sound very technical and use legal terminology. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. Where it is conducive to transparency, technical terms are explained in a reader-friendly way, links to further information are provided and graphics are used. We thus inform you in clear and simple language that we only process personal data as part of our business activities if there is a legal basis for doing so. This is certainly not possible by providing with explanations that are as concise, unclear and legally technical as possible, as is often standard on the Internet when it comes to data protection.
I hope you find the following explanations interesting and informative and perhaps there is some information that you did not know about.
If you still have any questions, please contact the responsible body named below or in the legal notice, follow the links provided and take a look at further information on third-party websites. Our contact details can of course also be found at in the legal notice.
Scope of application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of in accordance with Art. 4 No. 1 GDPR, such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of application of this privacy policy includes: all online presences (websites, online stores) that we operate social media presences and email communication mobile apps for smartphones and other devices In short: the privacy policy applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
Legal basis
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data. As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679. We only process your data if at least one of the following conditions applies:
1. consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your contact form data.
2. contract (Article 6(1)(b) GDPR): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you at, we need personal information in advance.
3. legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are required by law to keep invoices for accounting purposes. These usually contain personal data.
4. legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.
Other conditions such as the performance of recordings in the public interest and the exercise of official authority and the protection of vital interests do not generally apply to us at. If such a legal basis should be relevant, it will be indicated at. In addition to the EU Regulation, national laws also apply: In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short. In Germany, the Federal Data Protection Act (BDSG) applies. If other regional or national laws apply, we will inform you about them in the following sections about it.
Contact details of the controller
If you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR):
Foonkle EOOD Email: data@overmind.one
Storage period
It is a general criterion for us that we only store personal data for as long as is absolutely necessary for the provision of our services and products. The means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for the purposes of accounting.
If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store.
We will inform you about the specific duration of the respective data processing below, provided that we have further information on this.
Rights under the General Data Protection Regulation
In accordance with Articles 13, 14 GDPR, we inform you of the following rights to which you are entitled, so that data is processed fairly and transparently: In accordance with Article 15 GDPR, you have a right to information as to whether we are processing your data. If this is the case, you have the right to receive a copy of the data and the following information:
the purpose for which we carry out the processing
the categories, i.e. the types of data that are processed
who receives this data
and if the data is transferred to third countries,
how security can be guaranteed
how long the data will be stored;
the existence of the right to rectification, erasure or restriction of processing and the right to object to processing
that you can lodge a complaint with a supervisory authority (links to these authorities can be found below)
the origin of the data if we have not collected it from you
whether profiling is carried out, i.e. whether data is automatically evaluated in order to create a personal profile of you
According to Article 16 GDPR, you have a right to rectification of the data, which means that we must correct data if you find errors.
According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the erasure of your data.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
According to Article 21 GDPR, you have the right to object, which entails a change in processing after enforcement.
If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing.
We will then check as quickly as possible whether we can legally comply with this objection.
If data is used for direct marketing purposes, you can object to this type of data processing at any time at. We may then no longer use your data for direct marketing.
If data is used for profiling, you can object to this type of data processing at any time.
object to this type of data processing at any time. We may then no longer use your data for profiling.
If data is used for profiling, you can object to this type of data processing at any time.
type of data processing at any time. We may then no longer use your data for profiling.
Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.
In short: you have rights – do not hesitate to contact the controller listed above at!
If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state at. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) at.
Security of data processing
In order to protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.
Art. 25 GDPR refers to “data protection through technology design and through data protection-friendly default settings” and means that we always think about security both in terms of software (e.g. forms) and hardware (e.g. access to the server room) and take appropriate measures. If necessary, we will discuss specific measures below.
TLS encryption with https
TLS, encryption and https sound very technical – and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) for our website and subpages (such as for our voicebots) to transmit data tap-proof on the Internet.
This means that the complete transmission of all data from your browser to our web server is secured – nobody can “eavesdrop”. We have thus introduced an additional layer of security and comply with data protection through technology design (Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.
If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to obtain good links to further information on.
Communication Communication Summary
Data subjects: Anyone who communicates with us by telephone, email or online form Data processed: e.g. telephone number, name, email address, form data entered. More details can be found in the respective contact type used Purpose: Processing of communication with customers, business partners, etc.
Storage period: Duration of the business case and the statutory provisions Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests).
If you contact us and communicate by telephone, e-mail or online form, personal data may be processed. The data is processed for the handling and processing of your question and the associated business transaction. The data is stored for as long as or as required by law.
Affected persons
All those who contact us via the communication channels provided by us are affected by the aforementioned processes.
E-mail
If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.
Online forms
If you communicate with us using an online form, data is stored on our web server and may be forwarded to one of our e-mail addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.
Legal basis
The processing of the data is based on the following legal bases: Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data at and to continue to use it for purposes relating to the business case; Art. 6 para. 1 lit. b GDPR (contract): It is necessary for the fulfillment of a contract with you or a processor such as the telephone provider or we must process the data for pre-contractual activities, such as the preparation of an offer;
Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical facilities such as email programs, exchange servers and mobile network operators in order to be able to operate communication efficiently.
Data processing agreement (DPA)
In this section, we would like to explain what an order processing contract is and why it is needed. Because the word “data processing agreement” is quite a tongue twister, we will often only use the acronym DPA in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data to for processing. These partners then act as processors with whom we enter into a contract, known as a data processing agreement (DPA).
The most important thing for you to know about is that the processing of your personal data takes place exclusively in accordance with our instructions and must be regulated by the DPA. Who are processors? As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, public authority, agency or any other body which processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft, for example.
To make the terminology easier to understand, here is an overview of the three roles in the GDPR Data subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service provider such as a web host or cloud provider) Content of a data processing agreement As mentioned above, we have concluded a DPA with our partners who act as processors . This states above all that the processor processes the data to be processed at exclusively in accordance with the GDPR.
Commitment to us as the controller
Obligations and rights of the controller
Categories of data subjects
Type of personal data
Type and purpose of data processing
Subject and duration of data processing
Place of data processing
The contract also contains all the obligations of the processor. The most important obligations are
to ensure data security measures to take possible technical and organizational measures to protect the rights of the data subject
to maintain a data processing register to cooperate with the data protection supervisory authority at its request
carry out a risk analysis in relation to the personal data received
Sub-processors may only be commissioned with the written consent of the controller
You can find out what a DPA looks like in concrete terms at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarb eitung.html. A sample contract is presented here.

Cookies Cookies Summary
Affected parties: Visitors to the website
Purpose: depending on the cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
Processed data: Depending on the cookie used. You can find more details on this at below or from the manufacturer of the software that sets the cookie.
Storage period: depending on the cookie, can vary from hours to years
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies. One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website . These cookie files are automatically stored in the cookie folder, the “brain” of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
A possible interaction between a web browser such as Chrome and the web server could look like this. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested. There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “malware”. Cookies also cannot access information on your PC. Cookie data can look like this, for example: Name: _ga Value: GA1.2.1326744211.152113016739-9 Purpose: To distinguish between website visitors Expiry date: After 2 years A browser should be able to support these minimum sizes: At least 4096 bytes per cookie At least 50 cookies per domain At least 3000 cookies in total
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies. There are 4 types of cookies:
Essential cookies
These cookies are necessary to ensure basic website functions. For example, needs these cookies when a user places a product in the shopping cart, then continues surfing on other pages and only later goes to the checkout. Thanks to these cookies, the shopping cart is not deleted even if the user closes their browser window.
Purposeful cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website with different browsers.
Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying. When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course, this decision is also stored in a cookie.
If you want to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”. Purpose of processing via cookies The purpose ultimately depends on the cookie in question. You can find more details on this at below or from the manufacturer of the software that sets the cookie.
What data is processed?
Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy about it.
Storage duration of cookies
The storage period depends on the cookie in question and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years. You can also influence the storage period yourself. You can delete all cookies manually at any time via your browser (see also “Right to object” below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of the storage until then remains unaffected.
Right to object – how can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting, deactivating or only partially accepting cookies at. For example, you can block cookies from third-party providers, but allow all other cookies. If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings: Chrome: Delete, activate and manage cookies in Chrome Safari: Manage cookies and website data with Safari Firefox: Delete cookies to remove data that websites have placed on your computer Internet Explorer: Delete and manage cookies Microsoft Edge: Delete and manage cookies
If you generally do not want to have cookies, you can set up your browser so that always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.
Legal basis
The so-called “cookie guidelines” have been in place since 2009. This states that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different reactions to these directives within the EU countries. In Austria , however, this directive was implemented in Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024
For strictly necessary cookies, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We would like to provide visitors to the website with a pleasant user experience and for this certain cookies are often absolutely necessary. Insofar as cookies that are not absolutely necessary are used, this only happens in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.
In the following sections, you will be informed in more detail about the use of cookies if uses cookies.
Web hosting introduction Web hosting summary
Data subjects: Visitors to the website
Purpose: professional hosting of the website and securing its operation
Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or at the web hosting provider used in each case.
Storage period: depends on the respective provider, but usually 2 weeks Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)
What is web hosting?
When you visit websites these days, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one). By domain we mean, for example, example.de or sampleexample.com. If you want to view a website on a computer, tablet or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why this is usually done by professional providers, providers. They offer web hosting and thus ensure that website data is stored reliably and error-free. A lot of technical terms, but please stay tuned, it will get even better!
When connecting the browser on your computer (desktop, laptop, tablet or smartphone) and during data transfer to and from the web server, may process personal data. On the one hand, your computer stores data, on the other hand, the web server must also store data for a period of time in order to ensure proper operation.
Why do we process personal data?
The purposes of data processing are
1. professional hosting of the website and securing its operation
2. to maintain operational and IT security
3. anonymous evaluation of access behavior to improve our offer and, if necessary, for criminal prosecution or prosecution of claims
What data is processed?
Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as the complete Internet address (URL) of the website accessed browser and browser version (e.g. Chrome 87) the operating system used (e.g. Windows 10) the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/) the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121) date and time in files, the so-called web server log files How long is data stored? As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.
In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without the consent of!
Legal basis
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely on the Internet and in a user-friendly manner and to be able to pursue attacks and claims from this if necessary.
There is a contract between us and our hosting provider IONOS for order processing in accordance with Art. 28 f. GDPR, which guarantees compliance with data protection and data security.
1&1 IONOS web hosting privacy policy
Summary of data protection
Data subject: Visitors to the website
Purpose: Website storage and accessibility on the Internet Processed data: IP address, but primarily also technical data
Storage period: Visitor data is deleted after 8 weeks
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)
What is 1&1 IONOS Webhosting?
To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany, 1&1 IONOS SE is based at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, you will find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna. IONOS offers the following web hosting services: Domain, Website & Shop, Hosting & WordPress, Marketing, E-Mail & Office, IONOS Cloud and Server. With over 22 million domains, almost 9 million customer contracts and 100,000 servers, IONOS is one of the largest German top dogs in the web hosting sector.
We have already mentioned it in our introductory words on the subject of web hosting: hosting also stores data about you or your end device on the IONOS servers. First and foremost, your IP address, which is known to be personal data, is stored. In addition, technical data such as the URL of our website, the name of your internet browser or which operating system you are using is also stored.
Why do we use 1&1 IONOS web hosting?
IONOS was founded in Germany back in 1988 and therefore has over 30 years of experience at. However, this does not mean that the company is not constantly evolving in technological terms. It is precisely this combination of experience and innovative spirit that we believe provides a good basis for our website at. After all, we want our website to function smoothly 24 hours a day at and guarantee a high level of security. Since IONOS does not limit the monthly data traffic and provides plenty of storage space, our website remains powerful even with many visitors.
What data is processed by 1&1 IONOS Webhosting?
1&1 IONOS Webhosting may also process your personal data. When you visit our website, the following data about you or your computer is stored by IONOS:
the previously visited website (also called referrer) the requested website (in this case our website)
Browser type and browser version
Your operating system and device type used Time of page access
Your IP address in anonymized form
The data collected is used to increase the security of the website, to detect possible errors and also to carry out anonymous statistical analyses. According to IONOS, only uses the anonymized IP address to determine the location of access.
How long and where is the data stored?
The data is stored on IONOS‘ own servers. In principle, IONOS stores the data for as long as is necessary to fulfill its obligations. Visitor data is stored for 8 weeks. However, data may also be stored for longer, for example to provide with evidence for possible legal disputes. Visitor data will not be passed on to third parties and will not be transferred to a country outside the EU. How can I delete my data or prevent data storage? You have the right to information, correction or deletion and restriction of processing of your personal data at any time. You can also withdraw your consent to the processing of data at any time. If you generally want to deactivate, delete or manage cookies, you can find the relevant links to the instructions for the most popular browsers at the section browsers.
Legal basis
We have a legitimate interest in using IONOS in order to be able to offer our online service. Professional hosting with a provider is necessary in order to present our company securely and in a user-friendly manner on the Internet and to be able to track possible cyber attacks. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). You can find much more information about data protection at IONOS in the privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about data protection at, you can also contact the data protection team at IONOS by emailing datenschutz@ionos.de. Data processing agreement (DPA) IONOS We have concluded a data processing agreement (DPA) with IONOS in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, in particular, what must be included in a DPA at in our general section “Data processing agreement (DPA)”.
This contract is required by law because IONOS processes personaldata on our behalf. It clarifies that IONOS may only process data that it receives from us in accordance with our instructions and must comply with the GDPR. You can find the link to the order processing contract (AVV) at https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnu ng-dsgvo/auftragsverarbeitung/.
Explanation of terms used
We always endeavor to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms that we may not have sufficiently addressed in the previous privacy policy. If these terms have been taken from the GDPR and are definitions, we will also quote the GDPR texts here and add our own explanations to where necessary.
Profiling
Definition in accordance with Article 4 of the GDPR For the purposes of this Regulation, the term: “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements; Explanation: Profiling involves the collection of various pieces of information about a person in order to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. For example, web or advertising analysis programs collect data about your behaviour and interests on a website. This results in a special user profile that can be used to target advertising to a specific target group.
Closing words
Congratulations! If you are reading these lines, you have really “fought” your way through our entire privacy policy at or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data, anything but lightly. It is important to us to inform you about the processing of personal data to the best of our knowledge and belief. However, we not only want to tell you which data is processed, but also explain the reasons for using various software programs. As a rule, privacy policies sound very technical and legal. However, as most of you are not web developers or lawyers, we wanted to take a different approach to and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy. If you have any questions about data protection on our website, please do not hesitate to contact us or the controller. We wish you a pleasant time and hope to welcome you back to our website soon. All texts are protected by copyright.
Source: Data protection declaration created with the data protection generator for Austria by AdSimple

Datenschutzhinweise

Informationen und Kontaktdaten

Datenverarbeitung für Voice Intelligence (Sprach- und Chatbots)

Datenverarbeiter Voice Intelligence (Sprach- und Chatbots)

Datenverarbeitung und Zweck Website

Firmeninformation

Customer Support

Kooperationen

Ressourcen