We care about your data

Preamble The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2021). In this data protection declaration we inform you about the most important aspects of data processing on our website.
This privacy policy applies to the main domain fiskaly.com as well as to all associated subdomains.

1. Entity responsible for data processing

The entity responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:
fiskaly GmbH Mariahilfer Straße 36/5 (4th floor) 1070 Vienna Austria e-mail: privacy@fiskaly.com

2. Data Protection Officer

The person responsible has appointed a data protection officer within the meaning of Art. 37 DSGVO. The contact details of the data protection officer are as follows:
CoreTEC IT Security Solutions GmbH Ernst-Melchior-Gasse 24/DG 1020 Vienna Austria e-mail: dsgvo@coretec.at

3. Purposes and legal basis of the processed data

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and all other relevant laws (TKG 2021). Depending on whether, for example, you access our website, contact us via the contact form, subscribe to our newsletter or have a contractual relationship with us, we process your data for different purposes based on the legal bases mentioned in the following paragraph.
Depending on the purpose of the processing of your data, your consent (Art 6 Para 1 lit a GDPR), our legitimate interests (Art 6 Para 1 lit f GDPR), the fulfillment of our (pre)contractual activities (Art 6 Para 1 lit b GDPR) or the fulfillment of legal obligations (Art 6 Para 1 lit c GDPR) may be applicable as the legal basis.

3. 1. Data processing when visiting our website
4. 1. 1. Browser data

When you visit our website, certain data is automatically transmitted to us by your browser and stored in so-called server log files. This includes the following data: Type and version of the browser used, operating system used, date and time the website was accessed and IP address. The legal basis for the processing of this data is our legitimate interest (Art 6 Para 1 lit f GDPR) in the functionality and improvement of our website.

3. 1. 2. Contact

You can contact us by telephone, e-mail or via our contact form. In the event of such contact, we only process the data you provide to process and process the contact request and, if necessary, to fulfill (pre)contractual rights and obligations. If the establishment of contact is related to the fulfillment of (pre-)contractual obligations, the processing is necessary for the fulfillment of a contract or pre-contractual obligations (Article 6 (1) (b) GDPR), which represents the legal basis for the processing. If the request is made independently of the initiation or processing of a contract, the data will be processed on the basis of your consent (Art 6 Para 1 lit a GDPR), which you give by sending or making the contact request. You have the right to revoke your consent at any time (see point 4.6).

3. 1. 3. Application portal

You are welcome to send us your application documents via the contact form in the "Jobs" section. We process the data you provide in order to assess whether we can offer you a suitable vacancy, to handle the application process and to manage applicants. We use the Greenhouse application portal for this purpose.
If your application results in employment with our company, your data will also be processed to fulfill our (employment / service) contractual obligations. The processing is therefore necessary for the fulfillment of pre-contractual and contractual obligations (Art 6 para 1 lit b GDPR). If you are not hired, we will retain your personal data for six months unless you consent to us retaining it for longer.
Read the full Privacy Policy for job applicants here.

3. 1. 4. Newsletter

If you decide to subscribe to our newsletter, you will receive ongoing information about our products. If so, you must register with your name and email address to receive the newsletter. The data you provide is required for the transmission and administration of our newsletter. The processing takes place on the basis of your consent (Art 6 Para 1 lit a DSGVO), which you give to us by sending the request to receive the newsletter. You have the right to revoke your consent at any time (see point 4.6).
You can also unsubscribe from the newsletter at any time, free of charge and easily, directly via a button in the sent (newsletter) message. If so, you will not receive any further mailings from our newsletter.

3. 1. 5. Customer account

If you decide to create a customer account with us via our website, the data you enter during registration and during use will be collected and processed for the purpose of customer service and to fulfill (pre)contractual obligations. The processing of this data is therefore necessary to fulfill a contract or pre-contractual measures (Art 6 Para 1 lit b GDPR).

3. 2. Integration and use of services and content of third parties as well as cookies

In order to optimize our offer and our website and make it more user-friendly, our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm.

We use cookies for technical reasons in order to be able to offer our range of information and our service in a functional manner. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.

In the case of cookies that are not required for functional reasons, we ask for your consent in the cookie window (Art 6 Para 1 lit a GDPR). Your personal data will only be processed if this is actively given.

In the case of cookies that are marked as functionally required in the cookie window, our legitimate interest (Art 6 Para 1 lit f GDPR) in making the website user-friendly serves as the legal basis.

Please note that the functionality of our website may be restricted if cookies are deactivated.

Below you will find more detailed information on the cookies used.

3. 2. 1. Google Analytics

Google Analytics is used on this website to provide detailed insights into visitor behavior and website performance. It allows analysis of data such as page views, visitor sources, conversion rates and demographic information to improve the effectiveness of marketing strategies and user experience.
The purpose of using Google Analytics is to collect and analyze detailed information about visitor behavior on a website. Personal data such as your IP address, but also browser information (language settings, screen resolution, etc.) are transmitted to Google. The storage period is up to one year.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy

3. 2. 2. Google reCaptcha

Google reCAPTCHA is used on a website to distinguish automated bots from human users and to protect against spam, abuse and unwanted access. It poses a security measure by asking users to complete certain puzzles or tasks to prove they are not bots.
Personal data such as your IP address, but also browser information (language settings, screen resolution, etc.) are transmitted to Google. The exact storage period of this data is determined by Google and may vary. According to information from Google, reCAPTCHA data is usually deleted within 30 days. However, it is important to note that Google may store certain data longer to ensure the security and integrity of the reCAPTCHA service.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The use of Google reCAPTCHA as an absolutely necessary cookie is in accordance with Article 6 Paragraph 1 lit. f GDPR, as our legitimate interest is to protect our website and users from unwanted access, spam and abuse. For more information on how we use and protect your data, please see our full privacy policy.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 3. Google Tag Manager

Google Tag Manager is used on a website to simplify the management and implementation of tracking codes, tags and scripts.
Google Tag Manager itself does not process any personal data. It is a tag management system designed to simplify the management and deployment of tracking tags and scripts on a website.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 4. Google Ads

Google Ads is used on this website to place advertisements and to optimize online marketing. By placing ads in Google search results and on Google Display Network websites, businesses can reach their target audience, drive traffic to their website, and engage potential customers.
Google Ads allows fiskaly to create targeted advertising campaigns, target our audience, increase traffic to their website and attract potential customers. Google Ads processes various personal data in connection with advertisements. This includes information such as IP addresses, device identifiers, cookie data, location data, demographic information and interaction data such as clicks and conversions. The exact storage period of the personal data processed by Google Ads is determined by Google itself and may vary. According to information from Google, personal data is usually stored for a period of 18 months. After this time, the data will either be made anonymous or deleted.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 5. Google Ads Conversion

Google Ads Conversion is used on a website to track the behavior of website visitors after clicking on an ad and to measure whether they perform predefined actions, such as making a purchase, registering or filling out a form. This allows advertisers to measure the success of their ad campaigns and optimize conversions. It lets fiskaly determine how well ads are performing and whether they lead to desired actions from users, such as purchases, registrations, or downloading files.
Google Ads Conversion Tracking processes certain personal data related to the conversions carried out on a website. This typically includes information such as IP addresses, device identifiers, cookie data and demographic data where available. The exact storage period of the personal data processed by Google Ads Conversion Tracking is determined by Google and may vary. According to information from Google, this data is usually stored for a period of 30 days. After this time, they will either be made anonymous or deleted.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 6. Google Ads Conversion Tracking

Google Ads Conversion Tracking is used on a website to measure the success of advertising campaigns by tracking visitor behavior and recording conversions. It allows fiskaly to see how well our ads are performing, what actions visitors take on the website, and whether those actions lead to predefined goals, such as purchases, sign-ups, or download files.
Google Ads Conversion Tracking processes certain personal data related to the conversions carried out on a website. This usually includes information such as IP addresses, device identifiers, cookie data and demographic data, if available. The exact storage period of the personal data processed by Google Ads Conversion Tracking is determined by Google and may vary. According to information from Google, this data is usually stored for a period of 30 days. After this time, they will either be made anonymous or deleted.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 7. Google Ads Remarketing

Google Ads Remarketing is used on a website to target users who have already visited the website by showing them targeted ads when they visit other websites on the Google Display Network. This enables potential customers to be re-addressed and helps increase recognition and conversions.
Google Ads Remarketing usually processes personal data related to the use of the service. This includes information such as IP addresses, cookie data, device identifiers and interaction data collected from the website. For information on the storage period and more detailed information, consult Google's data protection declaration.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Google's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 8. Youtube

YouTube is embedded on a website to allow users to play videos directly on the website without having to leave the site. It offers seamless integration of video content and extends the functionality of the website with visual and interactive multimedia content. With the embedding of Youtube, Fiskaly offers the direct playback of videos on the website.
When YouTube is embedded on a website, personal data such as IP addresses and cookie data of users can be processed. It is possible that YouTube also collects further information about the use and interaction of users with the embedded videos. The exact processing and storage of personal data by embedding YouTube on a website is managed by YouTube itself. For detailed information about data processing and storage, it is advisable to consult YouTube's data protection declaration. It also states how long YouTube stores the data and what control options are available to users.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access YouTube's data protection declaration under the following link: https://policies.google.com/privacy.

3. 2. 9. Microsoft Advertising

Microsoft Advertising is used on a website to serve targeted ads and increase the visibility of a company, product or service in the search results of Microsoft search engines such as Bing. It enables fiskaly to target their target audience, increase website traffic and attract potential customers.
By integrating Microsoft Advertising on a website, various personal data can be processed, such as IP addresses, cookie data, device identifiers and demographic information, where available. The exact processing and storage of personal data by Microsoft Advertising is regulated by Microsoft itself and may vary.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Microsoft's data protection declaration under the following link: https://privacy.microsoft.com/en-us/privacystatement.

3. 2. 10. LinkedIn Insight Tag

LinkedIn Insight Tag is used on a website to track visitor behavior and gain insights into user engagement and interaction with the LinkedIn Ads and Company Page. It enables fiskaly to create targeted advertising campaigns, better understand target groups and optimize the effectiveness of LinkedIn marketing activities.
By embedding the LinkedIn Insight Tag on a website, personal data such as IP addresses, device identifiers, cookie data and demographic information can be processed. This data allows LinkedIn to track website visitor behavior and provide statistical information about engagement and interaction with LinkedIn ads. The exact storage period of the personal data processed by the LinkedIn Insight Tag is determined by LinkedIn and may vary. According to information from LinkedIn, the data is usually stored for a period of 180 days. However, it is important to note that LinkedIn may retain additional data for longer periods of time where required for legal or business purposes.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access LinkedIn's data protection declaration under the following link: https://de.linkedin.com/legal/privacy-policy.

3. 2. 11. Microsoft Advertising Remarketing

Microsoft Advertising Remarketing is used on a website to target users who have already visited the website by showing them targeted ads when they visit other websites in the Microsoft Advertising network. This allows fiskaly to re-address the target group, increase brand awareness and increase recognition value to promote conversions.
By incorporating Microsoft Advertising Remarketing on a website, personal data such as IP addresses, cookie data, device identifiers and demographic information can be processed. This data allows Microsoft to identify users who have visited the website and serve them targeted ads when they visit other websites in the Microsoft Advertising Network. The exact storage period of the processed personal data by Microsoft Advertising Remarketing is determined by Microsoft and may vary. According to Microsoft's information, the data is usually stored for a period of 180 days. However, it is possible that Microsoft also stores the data for a longer period of time if this is necessary for legal or business purposes.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Microsoft's data protection declaration under the following link: https://privacy.microsoft.com/en-us/privacystatement.

3. 2. 12. Microsoft Conversion Tracking

Microsoft conversion tracking is used on a website to track the behavior and actions of users who come to the website through Microsoft Advertising campaigns. This allows fiskaly to measure the effectiveness of ads, track conversions and analyze the ROI of their ad spend.
By integrating Microsoft Conversion Tracking on a website, personal data such as IP addresses, cookie data, device identifiers and interaction data can be processed. This data allows Microsoft to track user behavior in terms of conversions and actions on the website. The exact storage period of the processed personal data by Microsoft Conversion Tracking is determined by Microsoft and may vary. According to Microsoft's information, the data is usually stored for a period of 180 days. However, Microsoft may store the data for a longer period of time if this is necessary for legal or business purposes.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Microsoft's data protection declaration under the following link: https://privacy.microsoft.com/en-us/privacystatement.

3. 2. 13. Facebook Pixel

Facebook Pixel is used on a website to track user behavior and collect information about their interactions. This enables fiskaly to place targeted ads, measure conversions and optimize target groups for Facebook advertising campaigns.
By integrating Facebook Pixel on a website, personal data such as IP addresses, cookie data, device identifiers, location data and interaction data can be processed. This data enables Facebook to analyze user behavior, optimize ads and run targeted advertising campaigns. The exact storage period of the processed personal data by Facebook Pixel is determined by Facebook and may vary. According to information from Facebook, the data is usually stored for a period of 180 days. However, it is possible for Facebook to store the data for a longer period of time if this is necessary for legal or business purposes.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Facebook's data protection declaration under the following link: https://de-de.facebook.com/privacy/policy/.

3. 2. 14. Facebook Custom Audiences

Facebook Custom Audiences is used on a website to create personalized advertising campaigns for a specific target group. Embedding the Facebook pixel allows website visitors to be tracked and identified as a custom audience in order to show them relevant ads on Facebook and drive conversions.
By integrating Facebook Custom Audiences on a website, personal data such as IP addresses, cookie data, device identifiers, location data and interaction data can be processed. This data allows Facebook to create a custom audience and serve personalized ads to users. The exact storage period of the processed personal data by Facebook Custom Audiences is determined by Facebook and may vary. According to information from Facebook, the data is usually stored for a period of 180 days. However, it is possible for Facebook to store the data for a longer period of time if this is necessary for legal or business purposes.
Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Facebook's data protection declaration under the following link: https://de-de.facebook.com/privacy/policy/.

3. 2. 15. WebinarGeek

WebinarGeek is used on a website to enable interactive webinars to be conducted. It provides features such as attendee registration, presenting content, chatting with viewers, and recording the webinars to help us educate customers.
When registering for one of our webinars, your first and last name as well as your e-mail address will be requested and processed for the purpose of confirming your registration. For more detailed information, please consult Webinar Geek's privacy policy.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Webinar Geek's privacy policy under the following link: https://www.webinargeek.com/de/datenschutzerklarung.

3. 2. 16. Pipedrive web-visitors (by Leadfeeder)

This website uses Pipedrive's Leadfeeder add-on to track website visitors and browsing activity. A visitor cookie is used to track data such as IP address (specifically company and geographic location), pages viewed and time spent on pages. Web visit data is grouped at an organizational rather than an individual level. For more information about Leadfeeder and GDPR compliance, please visit https://www.leadfeeder.com/privacy/.
The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.
You can access Pipedrive's data protection declaration under the following link: https://www.leadfeeder.com/privacy/.

3. 2. 17. Microsoft Clarity

Microsoft Clarity is used on a website to analyze user behavior and gain valuable insights into how visitors interact with the website. It offers features like heat maps, user action recording, and website analytics to improve user experience and optimize website performance.
By embedding Microsoft Clarity on a website, various personal data can be processed, such as IP addresses, device identifiers, cookie data and interaction data collected on the website.
The exact storage period of the processed personal data by Microsoft Clarity is determined by Microsoft and may vary. However, it is known that the data is usually stored for a period of 30 days. After this time, the data will be anonymized or deleted.
For detailed information about data processing and storage by Microsoft Clarity, it is advisable to consult Microsoft Clarity's data protection declaration. It is stated there which data is collected and how long it is stored.
You can access Microsoft's data protection declaration under the following link: https://privacy.microsoft.com/en-us/privacystatement.

3. 2. 18. Zapier

Zapier is used on our website to enable workflow automation by connecting different applications and transferring data between them. This allows routine tasks to be automated to increase efficiency and reduce manual work.
Zapier as a data integration service processes potentially personal data transmitted by the various integrated applications. This can be data such as names, email addresses, contact details and other business-related information.
The storage period of the personal data processed by Zapier depends on the privacy policies of the applications involved, as Zapier acts as an intermediary. It is advisable to check the privacy statements of the applications used for precise information on data processing and storage. Zapier itself states that they typically store data for 7 days, but not permanently.
You can access Zapier's privacy policy at the following link: https://zapier.com/legal/data-privacy.

3. 2. 19. Outfunnel

We use Outfunnel marketing software to send our emails and manage our marketing campaigns. Outfunnel uses cookies as part of the tracking so that we receive information about the effectiveness of various marketing activities. This may include data such as user ID, IP address, device identifiers, cookie data, and other interaction data. Outfunnel also tracks activity on the Site and tracks email opens, clicks on hyperlinks contained therein, and other email activity.
You can access Outfunnel's privacy policy at the following link: https://outfunnel.com/privacy

3. 2. 20. Brevo (Sendinblue)

Brevo, formerly known as Sendinblue, is an all-in-one marketing and communications tool used on websites to simplify digital marketing. It offers features such as email marketing, SMS campaigns, chat, marketing automation and CRM tools to help businesses increase their customer engagement and retention.
When integrating Brevo (formerly Sendinblue) on our website, different types of personal data may be processed, depending on the specific functions and settings used.
This data includes:

• Users' contact information, such as name, email address, especially when they fill out forms or sign up for newsletters.
• Behavioral data, such as email open and click rates, website visit behavior and interactions with various marketing campaigns.
• Technical data such as IP address, device type and browser information that may be used for campaign personalization and analysis and tracking purposes.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Paragraph 1 lit a in conjunction with Art 49 Paragraph 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. You can find more information about revoking your consent under point 4.6 of this data protection declaration.
You can access Brevo’s privacy policy at the following link: https://www.brevo.com/legal/privacypolicy/.
Please note that as part of this service your personal data will be transferred to the USA and such a data transfer cannot be ruled out with certainty. The European Commission currently has an adequacy decision regarding the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you will have no legal remedy or remedy against this access. It cannot be ruled out that your data subject rights cannot be exercised or cannot be exercised to the same extent as within the European Union.

3. 2. 21. Zonka

Zonka Feedback is a comprehensive customer feedback collection and analysis tool used by fiskaly to collect real-time feedback from visitors and customers. It enables fiskaly to create and embed personalized surveys and feedback forms to gain insights into customer satisfaction, improve user experience and take targeted measures to increase customer loyalty.
When integrating Zonka Feedback on our website, the personal data collected may vary depending on the design of the surveys and feedback forms.
Typically, the following types of personal data may be processed:

• Contact Information: This includes names, email addresses, phone numbers, and other contact details that users provide in feedback forms or surveys.
• Demographic Information: This may include age, gender, occupation and other demographic information if requested in the surveys.
• Behavioral and Opinion Data: Detailed information about customer experiences, preferences, opinions and behaviors collected through surveys and feedback forms.
• Technical Data: IP addresses, device types, browser information and website usage information that may be collected to analyze user behavior and improve the survey experience.

The storage period for this data is two years. As a general rule, personal data is retained for as long as is necessary for the purposes for which it was collected or until the user requests deletion of their data.
You can access Zonka Feedback’s privacy policy at the following link: https://www.zonkafeedback.com/privacy-policy.

3. 2. 22. Pipedrive

Pipedrive is a CRM (Customer Relationship Management) tool used by fiskaly to manage and optimize sales processes. It makes it possible to organize communication with customers and conduct analyses of sales success.
Pipedrive, as a CRM system, collects personal data to provide effective sales and customer management functions.
Here are some of the common types of personal data that may be collected by Pipedrive:

• Contact Information: This includes the name, address, telephone number, email address and similar contact details of customers or potential customers.
• Communication Data: Recordings of emails, call logs, chat messages and other communication data collected about interactions with customers.
• Contract Data: Information about business transactions, contract details and purchases that customers have made with the company.
• Financial Data: Payment information and billing data necessary for transactions between the Company and its customers.
• Usage Data and Behavioral Information: Information about how customers interact with the Site or Service, what pages they visit, what products interest them, and how they respond to various marketing campaigns.
• User Interactions: Notes and feedback from customers collected as part of the CRM system to provide better services and maintain customer relationships.

The storage period for this data is two years. As a general rule, personal data is retained for as long as is necessary for the purposes for which it was collected or until the user requests deletion of their data.
You can access Pipedrive's privacy policy at the following link: https://www.pipedrive.com/en/privacy.

3. 2. 22. 1. Customer account and CRM processing

If you register for a customer account via our website dashboard.fiskaly.com, the personal data you provide will not only be used to create and manage the account, but will also be transferred to our CRM system (Pipedrive). This serves the purpose of efficiently managing our customer relationships and improving our customer service. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as the processing is necessary for the optimisation of our internal processes and the better support of our customers.
Please note that as part of this service your personal data will be transferred to the USA and such a data transfer cannot be ruled out with certainty. The European Commission currently has an adequacy decision regarding the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you will have no legal remedy or remedy against this access. It cannot be ruled out that your data subject rights cannot be exercised or cannot be exercised to the same extent as within the European Union.

3. 2. 23. Stape

Stape is a tool used to implement server-side tagging on websites to optimize data processing and tracking code management. It allows companies to collect tracking information without working directly in the user's browser, which improves website performance and increases data security by processing sensitive data on the server side.
Stape could process the following categories of personal data:

• Contact information: Names, e-mail addresses, telephone numbers;
• Technical information: IP addresses, approximate location, information about the browser and operating system, device types, IDs (user ID, session ID, customer ID), session count, query parameters.

3. 2. 24. Greenhouse

Our website uses the Greenhouse applicant management system to manage the recruitment process efficiently and effectively. Greenhouse helps us to publish job advertisements, record applications, track the status of applications and coordinate communication between applicants and our recruitment team.
As part of these activities, the following categories of personal data of applicants are processed:

• Contact information: Name, address, telephone number, email address and other contact details.
• Job-related data: Resume, cover letter, professional qualifications, educational background and employment history.
• Application information: Information from the application process, including interview records, interviewer feedback and application status.
• Identification data: In some cases, date of birth and nationality may also be processed where relevant to the application process.

We use Greenhouse to ensure that the recruitment process is transparent, fair and compliant with applicable data protection regulations. All personal data is handled in accordance with our privacy policy and legal requirements.
Please note that as part of this service your personal data will be transferred to the USA and such a data transfer cannot be ruled out with certainty. The European Commission currently has an adequacy decision regarding the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you will have no legal remedy or remedy against this access. It cannot be ruled out that your data subject rights cannot be exercised or cannot be exercised to the same extent as within the European Union.

3. 2. 25. Apollo.io

We use Apollo.io to efficiently manage our customer and business contacts and to optimise our sales and marketing activities. As part of this service, personal data such as names, e-mail addresses, telephone numbers, job titles and business contact information may be processed. This data may be used by Apollo.io to assist us in identifying potential business opportunities and managing our existing customer relationships.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the effective management of our business and customer contacts and the optimisation of our sales and marketing processes.
Apollo.io stores your personal data in accordance with the applicable data protection guidelines. Please note that your personal data may be transferred to the USA as part of this service. There is currently an adequacy decision by the European Commission regarding the USA. However, according to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed for data transfers to the USA. There is a risk that authorities based in the USA may access your data and that you have no legal recourse against this access.
You have the right to object to the processing of your personal data on the basis of our legitimate interest at any time (in accordance with Art. 21 GDPR). Further information can be found in our privacy policy under point 5.7.
Further information on data processing by Apollo.io and Apollo.io's privacy policy can be found at the following link https://www.apollo.io/privacy/.

3. 2. 26. VWO (Visual Website Optimiser)

We use VWO (Visual Website Optimizer) on our website to carry out A/B tests, multivariate tests and other optimisation measures. VWO helps us to analyse user behaviour on our website and to continuously improve our website content by testing different versions of website content and comparing their performance.
As part of this service, personal data such as IP addresses, cookie data, device information and interaction data are collected in order to analyse user behaviour on our website. This data is anonymised and used for statistical purposes to ensure that the website functions optimally and is made more user-friendly.
The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as we want to improve the user experience on our website.
You have the right to object to the processing of your personal data on the basis of our legitimate interest at any time (in accordance with Art. 21 GDPR). Further information can be found in our privacy policy under point 5.7.
Further information on data processing by VWO and VWO's privacy policy can be found at the following link https://vwo.com/privacy-policy/.

3. 2. 27. ABlyft

We use ABlyft to perform A/B tests and conversion optimisation measures on our website. ABlyft helps us to test different versions of our web pages and analyse user behaviour in order to continuously improve our website content and user experience.
As part of this service, personal data such as IP addresses, cookie data, device information and interaction data may be collected to analyse user activity on our website. However, this data is not stored by ABlyft itself. The data processing is exclusively anonymised and for statistical purposes to ensure that our website functions smoothly and is optimally tailored to the needs of our users.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as these measures contribute to improving the functionality and user-friendliness of our website.
ABlyft does not store any personal data itself. Data processing and storage takes place on servers in Germany, which are subject to strict European data protection regulations. No data is transferred to third countries.
You have the right to object to the processing of your personal data on the basis of our legitimate interest at any time (in accordance with Art. 21 GDPR). Further information can be found in our privacy policy under point 5.7.
Further information on data processing by ABlyft and ABlyft's privacy policy can be found at the following link https://ablyft.com/en/privacy-notice.

4. Storage duration

In principle, your data will only be stored for as long as is necessary to fulfill the respective purpose (item 2.1) for which the data was collected. Insofar as we are obliged to store your data further due to legal storage obligations, for example according to the provisions of the General Civil Code (ABGB), the Business Code (UGB) or the Federal Fiscal Code (BAO), your data can also be stored for the period specified by the storage obligations. The data can also be stored for as long as this is necessary to assert, exercise or defend legal claims.

5. Data subject rights

As a data subject, you have the following rights under the GDPR:

5. 1. Right to information (Article 15 GDPR)

You have the right to request information about the data stored about you.

5. 2. Right to rectification (Art 16 GDPR)

You have the right to request the person responsible to correct and/or complete the incorrect and/or incomplete data concerning you without undue delay.

5. 3. Right to erasure (Article 17 GDPR)

You have the right to demand that the person responsible delete the personal data concerning you immediately.

5. 4. Right to restriction of processing (Article 18 GDPR)

You have the right to request the person responsible to restrict the processing of your personal data.

5. 5. Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to a person responsible in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance by the person responsible to whom the personal data was provided.

5. 6. Right of withdrawal (Article 7 (3) GDPR)

You have the right to withdraw your consent to the processing of personal data at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. The revocation is only effective for the processing of personal data, which is based on your consent.

5. 7. Right of objection (Article 21 GDPR)

In particular, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on a legitimate interest. Unless our legitimate interests prevail or the processing serves to assert, exercise or defend legal claims, we will no longer process your personal data.

6. PROVISION OF DATA

The provision of personal data is required for the purposes stated in each case. If the data is not provided or not provided to the required extent, the respective services cannot be used.

7. AUTOMATED DECISION MAKING / PROFILING

Fiskaly does not use automated decision-making or profiling.

8. Right of appeal to the supervisory authority

You have the option of contacting the responsible data protection supervisory authority with a complaint. In Austria, this is the data protection authority (DSB).
Austrian data protection authority Barichgasse 40-42 1030 Vienna Austria E-mail: dsb@dsb.gv.at Phone: +43 1 52 152 0

9. Final Provisions

We reserve the right to adapt this data protection declaration if necessary, in particular to comply with new legal and/or technical requirements or changes. We will endeavor to inform you promptly of such relevant changes. In any case, you will find the current version of the data protection declaration on our homepage (https://www.fiskaly.com/privacy-policy).