Privacy Policy

We are a privacy and information security company and truly care about protecting your data. Any sensitive information provided by you, including personal data, is treated confidentially. Processing data in line with all applicable laws and regulations is essential to us. 

We use your data only for purposes described in this privacy policy and as authorised by you. This privacy policy describes how personal information may be processed by us, as well as relevant rights and duties.

 

Data Collection and Processing

We may process the following personal data for the purposes of providing and improving our services and products, as well as managing our customer base and regular business operations.

  • Contact Information - may be collected via our contact form, feedback form or direct communication. This includes:
    • name
    • email address
    • phone

  • Additional Information - may be collected via our contact form, feedback form or direct communication. This includes:
    • company
    • country
    • content of your message/feedback
    • (feedback rating)

Regarding our contact form, your email address and a message text are the only mandatory fields we require you to fill out in order to be able to answer your requests. For our feedback form, we ask at least for a short message, however you do not need to provide any personal information with it. Further information that may be collected outside our website may include billing information, company addresses, job titles, UID-numbers, company registration numbers, correspondence or other data that is relevant for conducting business.

We do not process any special categories of personal data and we are not performing any kind of profiling. Also, we do not collect any information about you from other organisations. Your data is not retained longer than necessary. We do not provide the data to third parties in any way, unless we are legally obliged to do so.

 

Lawfulness of processing

Organisations may only process personal data if they have a legal basis for doing so. We use four of the six possible lawful bases listed in the EU General Data Protection Regulation for our processing operations:

  • Permission: to answer your requests in case you contact us.
  • Contractual agreements: when you, as a customer, purchase products and/or services from us or want to do so, and we necessarily must process your personal data to enter into or execute an agreement with you
  • Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records for the legally required time in accordance with tax legislation.
  • Legitimate interest: if you have been a customer in the past, we will retain your contact details two years after the last contact moment to be able to contact you in the future for possible follow-up projects.

 

Recipients and data transfer

We do not provide any personal data to third parties, unless we are legally obliged to do so. We do, however, make use of the services of selected specialist suppliers in the field of ICT. We have concluded processing agreements with these organisations. Processors may only process personal data on our behalf and under our supervision, only for purposes we determine and under strict confidentiality. We actively monitor compliance with the security obligations of our processors. Our processors come from the European Union, or have a relevant branch in the EU, which means that they must comply with the GDPR. We therefore do not pass on any personal data to countries where your personal data is less well protected. If we work with self-employed providers, temporary employees, or partners who are not processors because they are under our direct authority, and it is necessary to exchange personal data, we enter into a confidentiality agreement.

 

Storage period of the data

We do not store personal data for longer than is necessary for the purpose for which we obtained it. We base this assessment on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period.

 

Data security

We make sure to secure your data in an appropriate way in all our systems. We do this with all kinds of technical measures like encryption, but also with organisational measures such as physical and logical access controls to safeguard our assets.

 

Your rights

Pursuant to the General Data Protection Regulation, you have the right to inspect your personal data on request and, if necessary, to amend them or have them deleted. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Finally, in some cases it is possible to invoke the right to data portability. We do not use automated individual decision-making, such as profiling.

At the bottom of this privacy statement is how you can contact us to exercise your rights. To verify your identity, we may ask a number of identifying questions.

In addition, it is possible to lodge a complaint with the Data Protection Authority. See: https://www.dsb.gv.at/ 

 

Our contact details

If you wish to make use of your GDPR rights, you have questions about this privacy statement or about our services you can contact us via the following options.

nospia e.U.

contact@nospia.com
contact form

Gislarweg 6
5300 Hallwang
Austria