EN/DE
LinkedIn GitHub
FINAPU NIMBUSCODE
©2026 NumeraIQ Vienna, AT

Data privacy

Privacy Policy Introduction and Overview

We have written this privacy policy (version 05.01.2025-122819660) in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what legal options you have. The terms used are to be considered gender-neutral.

In short: We provide you with comprehensive information about any of your personal data we process.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. So long as it aids transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are thus informing in clear and simple language that we only process personal data in the context of our business activities if there is a legal basis for it.

If you still have questions, we kindly ask you to contact the responsible body named below or in the imprint, follow the existing links and look at further information on third-party sites. You can of course also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors). With the term personal data, we refer to information within the meaning of Article 4 No. 1 GDPR, such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this privacy policy includes:

  • All online presences (websites, online shops) that we operate
  • Social media presences and email communication
  • Mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner by the company via the channels mentioned. Should we enter into legal relations with you outside of these channels, we will inform you separately if necessary.

Contact Details of the Data Protection Controller

If you have any questions about data protection, you will find the contact details of the responsible person or controller below:

NumeraIQ FlexKapG

Wiedner Gürtel 13
1100 Vienna
Austria

Email: privacy@numeraiq.com

Storage Period

It is a general criterion for us to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as any reason for the data processing no longer exists. In some cases, we are legally obliged to keep certain data stored even after the original purpose no longer exists, such as for accounting purposes.

If you want your data to be deleted or if you want to revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to continue its storage.

We will inform you below about the specific duration of the respective data processing, provided we have further information.

Rights in Accordance with the General Data Protection Regulation

In accordance with Articles 13, 14 of the GDPR, we inform you about the following rights you have to ensure fair and transparent processing of data:

  • According to Article 15 GDPR, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information: the purpose of processing, categories of data, recipients, storage duration, your rights, and the origin of data.
  • You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
  • You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
  • According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
  • According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
  • According to Article 21 GDPR, you have the right to object, which entails a change in processing after enforcement.
  • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
  • You have the right to lodge a complaint under Article 77 of the GDPR.

In short: you have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.

Austria Data Protection Authority

Manager: Dr. Matthias Schmidl

Address: Barichgasse 40-42, 1030 Wien

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

Website: https://www.dsb.gv.at/

Security of Data Processing Operations

In order to protect personal data, we have implemented both technical and organisational measures. We encrypt or pseudonymise personal data wherever this is possible. Thus, we make it as difficult as we can for third parties to extract personal information from our data.

Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly default” which means that both software (e.g. forms) and hardware (e.g. access to server rooms) appropriate safeguards and security measures shall always be placed.

TLS Encryption with HTTPS

We use HTTPS (Hypertext Transfer Protocol Secure) to securely transfer data on the Internet. This means that the entire transmission of all data from your browser to our web server is secured – nobody can “listen in”.

We have thus introduced an additional layer of security and meet privacy requirements through technology design (Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information.

Communications

👥 Affected parties: Anyone who communicates with us via phone, email or online form

🤝 Processed data: e.g. telephone number, name, email address or data entered in forms

📓 Purpose: handling communication with customers, business partners, etc.

📅 Storage duration: for the duration of the business case and the legal requirements

⚖️ Legal basis: Article 6 (1) (a) GDPR (consent), Article 6 (1) (b) GDPR (contract), Article 6 (1) (f) GDPR (legitimate interests)

If you contact us and communicate with us via phone, email or online form, your personal data may be processed. The data will be processed for handling and processing your request and for the related business transaction. The data is stored for this period of time or for as long as is legally required.

Email

If you communicate with us via email, your data is stored on the respective terminal device (computer, laptop, smartphone, …) as well as on the email server. The data will be deleted as soon as the business case has ended and the legal requirements allow for its erasure.

Online Forms

If you communicate with us using an online form, your data is stored on our web server and, if necessary, forwarded to our email address. The data will be erased as soon as the business case has ended and the legal requirements allow for its erasure.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement is and why it is needed. As the term “Data Processing Agreement” is quite lengthy, we will often only use the acronym DPA here in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving different companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called Data Processing Agreement (DPA). Most importantly for you to know is that any processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who are the Processors?

As a company and website owner, we are responsible for any of your data that is processed by us. In addition to the controller, there may also be so-called processors involved. This includes any company or person who processes your personal data. More precisely and according to the GDPR’s definition, this means: Any natural or legal person, authority, institution or other entity that processes your personal data is considered a processor.

Cookies

👥 Affected parties: visitors to the website

🤝 Purpose: depending on the respective cookie

📓 Processed data: depends on the cookie used

📅 Storage duration: can vary from hours to years, depending on the respective cookie

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Cookies?

Our website uses HTTP-cookies to store user-specific data. Whenever you surf the Internet, you are using a browser. Most websites store small text-files in your browser. These files are called cookies.

Cookies store certain user data about you, such as language or personal page settings. When you re-open our website to visit again, your browser submits these “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to.

Which Types of Cookies are There?

There are 4 different types of cookies:

  • Essential cookies: These cookies are necessary to ensure the basic functions of a website.
  • Purposive cookies: These cookies collect information about user behaviour and whether the user receives any error messages.
  • Target-orientated cookies: These cookies ensure better user-friendliness.
  • Advertising cookies: These cookies are also known as targeting cookies. They serve the purpose of delivering customised advertisements to the user.

Right of Objection – How Can I Delete Cookies?

You can decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of erasing, deactivating or only partially accepting cookies.

Browser cookie settings:

Customer Data

👥 Affected parties: Customers or business and contractual partners

🤝 Purpose: Performance of a contract for the provision of agreed services or prior to entering into such a contract

📓 Data processed: name, address, contact details, email address, telephone number, payment information, contract data, IP address, order data

📅 Storage period: data will be erased as soon as they are no longer required for our business purposes and there is no legal obligation to process them

⚖️ Legal bases: Legitimate interests (Art. 6 Para. 1 lit. f GDPR), Contract (Art. 6 Para. 1 lit. b GDPR)

In order to be able to offer our services and contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of contractual or pre-contractual agreements so that the offered services can be provided.

Registration

👥 Affected parties: Anyone who registers to create an account with us

📓 Processed data: Personal data such as email address, name, password and other data collected during registration

🤝 Purpose: For the provision of our services, as well as to communicate with clients or customers

📅 Storage period: As long as the account associated with the texts exists, plus a period of usually 3 years

⚖️ Legal bases: Article 6 paragraph 1 letter b GDPR (contract), Article 6 paragraph 1 letter a GDPR (consent), Article 6 paragraph 1 letter f GDPR (legitimate interests)

If you register with us and provide any personal data, this data may be processed, possibly along with your IP address. Please only enter the data we need for the registration.

Web Hosting

👥 Affected parties: visitors to the website

📓 Purpose: professional hosting of the website and security of operations

🤝 Processed data: IP address, time of website visit, browser used and other data

📅 Storage period: dependent on the respective provider, but usually 2 weeks

⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests)

Every time you visit a website nowadays, certain information – including personal data – is automatically created and stored, including on this website. When you want to view a website on a screen, you use a program called a web browser. The web browser has to connect to another computer which stores the website’s code: the web server.

Whenever the browser on your computer establishes a connection and whenever data is being transferred to and from the web server, personal data may be processed. This includes data such as:

  • The full address (URL) of the accessed website
  • Browser and browser version
  • The operating system used
  • The address (URL) of the previously visited page (referrer URL)
  • The host name and the IP address of the device
  • Date and time

Web Analytics

👥 Affected parties: visitors to the website

🤝 Purpose: Evaluation of visitor information to optimise the website

📓 Processed data: Access statistics that contain data such as access location, device data, access duration and time, navigation behaviour, click behaviour and IP addresses

📅 Storage period: depending on the respective web analytics tool used

⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

We use software on our website, which is known as web analytics, in order to evaluate website visitor behaviour. Analyses of user behaviour on our website are created with this data, which we as the website operator receive.

Google Analytics Privacy Policy

On our website, we use the analytics tracking tool Google Analytics in the Google Analytics 4 (GA4) version provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes data from you, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at EU Commission.

You can find more information on Google Analytics at Google Privacy Policy.

Email Marketing

👥 Affected parties: newsletter subscribers

🤝 Purpose: direct marketing via email, notification of events that are relevant to the system

📓 Processed data: data entered during registration, but at least the email address

📅 Storage duration: for the duration of the subscription

⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

We use email marketing to keep you up to date. If you have agreed to receive our emails or newsletters, your data will be processed and stored. Email marketing is a part of online marketing.

If you want to participate in our email marketing (usually via newsletter), you usually just have to register with your email address. The registration for newsletters generally works with the help of the so-called “double opt-in procedure”.

Withdrawal – How Can I Cancel My Subscription?

You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually only takes a few seconds or a few clicks. Most of the time you will find a link at the end of every email, via which you will be able to cancel the subscription.

Messenger & Communication

👥 Affected parties: website visitors

🤝 Purpose: for contact requests and general communications between yourself and us

📓 Processed data: Data such as name, address, email address, telephone number, general content data, plus IP address if applicable

📅 Storage duration: depends on the messenger & communication functions

⚖️ Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR (legitimate interests), Article 6 paragraph 1 sentence 1 letter b GDPR (contractual or pre-contractual obligations)

We offer you various options on our website to communicate with us (e.g. messenger and chat functions, online or contact forms, email, telephone). With the use of these functions, your data will be processed and stored insofar as it is necessary to answer your inquiry and conduct any of our subsequent measures.

Content Delivery Networks

👥 Affected parties: website visitors

🤝 Purpose: Service performance optimisation (to increase website loading speeds)

📓 Processed data: data such as your IP address

📅 Storage period: most data is stored until it is no longer needed for the provision of the service

⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

On our website we use a so-called content delivery network or CDN. This helps to load our website quickly and easily, regardless of your location. Each content delivery network (CDN) is a network of regionally distributed servers that are connected to each other via the internet.

Security & Anti-Spam

👥 Affected parties: website visitors

🤝 Purpose: for cyber security

📓 Processed data: Data such as your IP address, name or technical data such as browser version

📅 Duration of storage: In most cases, data is stored until it is no longer required in order to provide the service

⚖️ Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR (legitimate interests)

So-called security & Anti-spam software can protect you and us from various spam or phishing emails and other potential cyber-attacks. We put great importance on our website’s security. A security system monitors all incoming and outgoing connections to our network or computer.

Explanation of Terminology Used

We always endeavour to express our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). But we don’t want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in our previous privacy policy:

  • Personal data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations which is performed on personal data.
  • Controller: The natural or legal person who determines the purposes and means of the processing of personal data.
  • Processor: A natural or legal person who processes personal data on behalf of the controller.
  • Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes.

Closing Remarks

Congratulations! If you are reading this, you have really “fought through” our entire privacy policy, or at least scrolled down here. As you can see from the scope of our privacy policy, we do not take the protection of your personal data lightly.

It is important to us to inform you about the processing of personal data within the scope of the legal provisions. If you have any questions, please do not hesitate to contact us.

All texts are protected by copyright.

Last updated: January 5, 2025