Introduction and Overview
We have prepared this Privacy Policy (Version 03/24/2026-113202190) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter “data”) we, as the controller—and the processors we have commissioned (e.g., providers)—process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process regarding you.
Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, is designed to explain the most important points to you as simply and transparently as possible. Wherever it helps with transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We use clear and simple language to inform you that, in the course of our business activities, we process personal data only when there is a corresponding legal basis for doing so. This certainly isn’t possible if we provide explanations that are as brief, unclear, and legally technical as those often found online when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you were not yet aware of.
If you still have questions, we ask that you contact the responsible party listed below or in the legal notice, follow the provided links, and review additional information on third-party websites. You can, of course, also find our contact information in the legal notice.
Scope of Application
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies we have commissioned (processors). By “personal data,” we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, and mailing address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:
In short: This Privacy Policy applies to all areas within the company where personal data is processed in a structured manner through the channels listed above. Should we enter into a legal relationship with you outside of these channels, we will notify you separately if necessary.
Legal Basis
In the following privacy policy, we provide you with transparent information regarding the legal principles and regulations—that is, the legal basis under the General Data Protection Regulation—that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the portal for EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We process your data only if at least one of the following conditions applies:
Other conditions, such as the processing of data in the public interest, the exercise of official authority, or the protection of vital interests, do not generally apply to us. However, if such a legal basis were to apply, it will be indicated in the relevant section.
In addition to the EU regulation, national laws also apply:
If additional regional or national laws apply, we will provide you with information about them in the following sections.
Contact information for the data controller
If you have any questions regarding data protection or the processing of personal data, please find below the contact details of the controller as specified in Article 4(7) of the EU General Data Protection Regulation (GDPR):
CONCEPTORISE GmbH
Maria-Theresien-Strasse 42a/2, 6020 Innsbruck, Austria
Email: info@conceptorise.com
Phone: +43 676 852 402 10
Legal notice: https://www.conceptorise.com/impressum/
Retention period
It is our general policy to retain personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.
If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.
We will provide you with information below regarding the specific duration of each data processing activity, provided we have further details on this matter.
Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure that your data is processed fairly and transparently:
In short: You have rights—don’t hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection laws or that your data protection rights have been infringed in any other way, you may file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Austrian Data Protection Authority
Director: Dr . Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Data transfers to third countries
We transfer or process data to countries outside the scope of the GDPR (third countries) only if you consent to such processing or if there is another legal basis for doing so. This applies in particular when the processing is required by law or necessary to fulfill a contractual relationship, and in any case only to the extent that it is generally permitted. In most cases, your consent is the primary reason we process data in third countries. The processing of personal data in third countries such as the United States, where many software providers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly note that, according to the European Court of Justice, an adequate level of protection for data transfers to the United States currently exists only if a U.S. company that processes personal data of EU citizens in the United States is an active participant in the EU-U.S. Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by U.S. services that are not active participants in the EU-U.S. Data Privacy Framework may result in data being processed and stored without anonymization. Furthermore, U.S. government authorities may access specific data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Whenever possible, we strive to use server locations within the EU, if such options are available.
We provide more detailed information about data transfers to third countries in the relevant sections of this Privacy Policy, where applicable.
Data Processing Security
To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. In this way, we do everything in our power to make it as difficult as possible for third parties to infer personal information from our data.
Article 25 of the GDPR refers to “data protection through technology design and privacy-friendly default settings,” meaning that security must always be a priority—whether in software (e.g., forms) or hardware (e.g., access to the server room)—and appropriate measures must be implemented. Below, we will discuss specific measures where necessary.
TLS encryption with HTTPS
TLS, encryption, and HTTPS sound very technical—and they are. We use HTTPS (which stands for “Hypertext Transfer Protocol Secure”) to transmit data over the internet in a way that prevents eavesdropping.
This means that the entire transmission of all data from your browser to our web server is secure—no one can “eavesdrop.”
This allows us to add an extra layer of security and comply with data protection through technology design (Article 25(1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data.
You can recognize that this data transmission security measure is in use by the small padlock icon
in the top-left corner of the browser, to the left of the web address (e.g., examplepage.com) and the use of the HTTPS protocol (instead of HTTP) as part of our web address.
If you’d like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.
Communication
Communication Summary
👥 Data subjects: Anyone who communicates with us by phone, email, or online form
📓 Data processed: e.g., phone number, name, email address, form data entered. You can find more details under the respective contact method
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Retention period: Duration of the business transaction and as required by law
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)
When you contact us and communicate with us by phone, email, or through our online form, we may process your personal data.
The data is processed for the purpose of handling and addressing your inquiry and the related business transaction. The data will be stored for as long as necessary or as required by law.
Affected individuals
These changes affect everyone who contacts us through the communication channels we provide.
Phone
When you call us, the call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. In addition, data such as your name and phone number may subsequently be sent via email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business matter has been resolved and legal requirements permit.
When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted as soon as the matter has been resolved and legal requirements permit.
Online Forms
When you contact us via the online form, your data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data will be deleted as soon as the matter has been resolved and legal requirements permit.
Legal Basis
The processing of data is based on the following legal grounds:
Cookies
Cookies Summary
👥 Data subjects: Visitors to the website
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
📓 Data processed: Depends on the specific cookie used. More details can be found below or from the software provider that sets the cookie.
📅 Storage duration: Depends on the specific cookie; can vary from hours to years
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.
Whenever you browse the internet, you use a web browser. Some well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as your language or personal page settings. When you visit our site again, your browser sends this “user-specific” information back to our site. Thanks to cookies, our website recognizes you and provides you with the settings you’re accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
The following diagram illustrates a possible interaction between a web browser, such as Chrome, and a web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser uses again the next time a different page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your computer.
Here's an example of what cookie data might look like:
Name: _ga
Value: GA1.2.1326744211.152113202190-9
Purpose: To distinguish between website visitors
Expiration date:After 2 years
A browser should be able to support these minimum sizes:
What types of cookies are there?
The specific cookies we use depend on the services we employ and are explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are four types of cookies:
Essential Cookies
These cookies are necessary to ensure the website’s basic functionality. For example, these cookies are needed when a user adds a product to their shopping cart, then browses other pages, and only proceeds to checkout later. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.
Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. They are also used to measure the website’s loading time and performance across different browsers.
Functional cookies
These cookies improve the user experience. For example, they save locations, font sizes, or form data that you have entered.
Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalized ads to users. This can be very convenient, but it can also be very annoying.
Usually, when you visit a website for the first time, you’ll be asked which of these types of cookies you’d like to allow. And, of course, this decision is also stored in a cookie.
If you’d like to learn more about cookies and don’t mind reading technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments titled “HTTP State Management Mechanism.”
Purpose of processing via cookies
The purpose ultimately depends on the specific cookie. You can find more details below or by contacting the manufacturer of the software that sets the cookie.
What data is processed?
Cookies are small tools that help with many different tasks. Unfortunately, it is not possible to generalize about what data is stored in cookies, but we will inform you about the data that is processed or stored in the following privacy policy.
How long cookies are stored
The duration for which cookies are stored depends on the specific cookie and is explained in more detail below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.
You also have control over how long cookies are stored. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies that are based on your consent will be deleted at the latest upon withdrawal of your consent, although the lawfulness of their storage up to that point remains unaffected.
Right to object – how can I delete cookies?
You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or allow only certain cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find these options in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data that websites have stored on your computer
Internet Explorer: Deleting and Managing Cookies
Microsoft Edge: Deleting and Managing Cookies
If you do not want to accept cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide on a case-by-case basis whether to accept each cookie or not. The procedure varies depending on the browser. If you are using Chrome, we recommend searching for instructions on Google using the search terms “delete cookies Chrome” or “disable cookies Chrome.”
Legal basis
The so-called “Cookie Directive” has been in effect since 2009. It stipulates that the storage of cookies requires your consent (Article 6(1)(a) of the GDPR). However, reactions to this directive still vary widely among EU countries. In Austria, however, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directive was not implemented as national law. Instead, the directive was largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.
For strictly necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1)(f) of the GDPR), which are typically of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often essential to achieve this.
Unless strictly necessary cookies are used, this will only occur with your consent. The legal basis for this is Article 6(1)(a) of the GDPR.
The following sections provide more detailed information about the use of cookies, provided that the software in question uses cookies.
Web Hosting Introduction
Web Hosting Summary
👥 Data Subjects: Visitors to the website
🤝 Purpose: Professional hosting of the website and ensuring its operation
📓 Data Processed: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider.
📅 Retention period: depends on the respective provider, but generally 2 weeks
⚖️ Legal basis: Art. 6(1)(f) GDPR (Legitimate Interests)
What is web hosting?
When you visit websites today, certain information—including personal data—is automatically generated and stored, and this applies to this website as well. This data should be processed as sparingly as possible and only for legitimate reasons. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the home page to the very last subpage (such as this one). By “domain,” we mean, for example, example.de or sampleexample.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We often just call them browsers or web browsers.
To display a website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it is typically handled by professional providers. These providers offer web hosting services, ensuring that website data is stored reliably and without errors. That’s a lot of technical terms, but please stick with it—it gets even better!
When your browser establishes a connection on your computer (desktop, laptop, tablet, or smartphone) and during the transfer of data to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time to ensure proper operation.
A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider.
Why do we process personal data?
The purposes of data processing are:
What data is processed?
Even as you are visiting our website right now, our web server—the computer on which this website is hosted—typically automatically stores data such as
How long is data stored?
As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data with third parties; however, we cannot rule out the possibility that government authorities may access this data in the event of unlawful conduct.
In short: Your visit is logged by our provider (the company that hosts our website on special computers called servers), but we will not share your data without your consent!
Legal basis
The lawfulness of processing personal data in the context of web hosting is based on Article 6(1)(f) of the GDPR (protection of legitimate interests), as the use of professional hosting services from a provider is necessary to present the company on the internet in a secure and user-friendly manner and, if necessary, to investigate any attacks or claims arising therefrom.
We generally have a contract with the hosting provider regarding data processing in accordance with Article 28 et seq. of the GDPR, which ensures compliance with data protection regulations and guarantees data security.
Explanation of Terms Used
We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as “personal data”) or specific technical terms (such as “cookies” or “IP address”). However, we do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used that we may not have addressed sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the relevant GDPR text here and, where necessary, add our own explanations.
Data processor
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Processor” a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors may therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
Consent
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: On websites, this consent is typically obtained through a cookie consent tool. You’re probably familiar with this. Whenever you visit a website for the first time, you’re usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust individual settings and thus decide for yourself which data processing you allow and which you don’t. If you do not consent, no personal data about you may be processed. Of course, consent can also be given in writing, i.e., not via a tool.
Personal data
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“personal data” any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
Explanation: Personal data is any information that can be used to identify you as an individual. This typically includes information such as:
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that require special protection. These include:
Profiling
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Profiling” any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about them. On the web, profiling is often used for advertising purposes or for credit checks. For example, web analytics and advertising analytics programs collect data about your behavior and interests on a website. This results in a specific user profile that can be used to deliver targeted advertising to a specific audience.
Person in charge
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Controller” the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for processing your personal data and are therefore the “data controller.” If we share collected data with other service providers for processing, they are “data processors.” A “Data Processing Agreement (DPA)” must be signed for this purpose.
Processing
Definition pursuant to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Processing” any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or any other form of making available, the alignment or combination, the restriction, erasure, or destruction;
Note: When we refer to "processing" in our Privacy Policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection of data, but also its storage and processing.
All texts are protected by copyright.
Source: Privacy Policy created using the Privacy Policy Generator for Austria by AdSimple