Privacy Policy

Last updated: 05.02.2025

Data Protection Declaration

Provision of information pursuant to Art 13 of the General Data Protection Regulation 2016/679/EU ("GDPR"):

Thank You for Your interest in Our Products. The protection of Your privacy is of high priority to Us. Therefore, this Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use Our Website and/or Our Services and tells You about Your privacy rights and how the law protects You. We only process Your Personal Data on the basis of legal requirements set by the GDPR and other relevant legal provisions in order to provide and improve Our Products.

In this Privacy Policy, We provide You with information on data protection, which generally applies to Our Processing of Personal Data, including data collection on Our Website. In particular, You as a data subject will be informed about the rights to which You are entitled.

By using Our Products, You agree to the collection and use of Personal Data in accordance with this Privacy Policy.

1. Data Controller and contact details

Controller in the sense of Art 4 item 7 GDPR:

1BillionLives GmbH
Registration Number: FN 592713m
Porzellangasse 23
1190 Vienna
Austria

E-Mail: office@flinncomply.com

If You have any questions about data protection in connection with Our Products, you can also contact Our Regulatory and Quality Team at any time. They can be reached at the above postal address and at the e-mail address provided above (subject line: “For the attention of the Regulatory and Quality Department”). However, please note that if You use this e-mail address, the contents will not be read exclusively by Our Regulatory and Quality Department. If You wish to exchange confidential information, please first request that We contact You directly at this e-mail address.

2. Interpretation and Definitions

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access Our Service or parts of Our Service.
  
  

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to 1BillionLives GmbH, Porzellangasse 23, 1090 Wien Österreich.
  
  

• Country refers to: Austria
  
  

• Device means any device that can access the Products such as a computer, a cellphone or a digital tablet.
  
  

• Personal Data includes all information relating to an identified or identifiable natural person (“data subject” within the meaning of Art 4 item 1 GDPR). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person. Data does not have to be confidential or sensitive to be classified as Personal Data.
  
  

• Processing of Personal Data means any operation or set of operations performed on Personal Data.
  
  

• Services refers to Our Flinn software products, including our Vigilance Module, Literature Module, Regulatory Monitoring Module, Complaint Module, and future modules. The services also include any potential concierge services.
  
  

• Service Provider means any natural or legal person who processes the data on Our behalf. It refers to third-party companies or individuals employed by the Company to facilitate Our Products, to provide Our Products on Our behalf, to perform services related to Our Products or to assist Us in analyzing how Our Products are used.
  
  

• Products means Our Website and Our Services together.
  
  

• Tools means cookies and similar tracking technologies.
  
  

• Website refers to Our website, accessible from http://www.flinn.ai 
  
  

• You means the individual accessing or using Our Products, or the company, or other legal entity on behalf of which such individual is accessing or using Our Products, as applicable.

3. Data processing operation

3.1.   Processing of Your Personal Data when visiting Our Website

3.1.1. Type and extent of data processing:

You can visit Our Website without providing any personal information. When you access Our Website, only certain access data are processed automatically either generated by the use of the Website or from the Website infrastructure itself (for example, the duration of a page visit). In particular, the following data are processed in this context:

• Your Device's Internet Protocol address (e.g. IP address),

• page of the accessed Website;

• time and date of Your visit,

• time spent on those pages,

• type/version of the internet browser used;

• unique device identifiers (e.g. Your device unique ID number)

other diagnostic data (e.g. operating system, previously visited website (referrer URL), time of the server request, data volume transferred, session IDs).

We may also collect information that Your browser sends whenever You visit Our Website or when You access the Website by or through a mobile device

This information does not allow Us to identify You personally; however, IP addresses are considered Personal Data within the meaning of the GDPR.

3.1.2. Legal basis and purpose:

The purpose of this Processing of Your Personal Data is to establish and maintain technical security with regards to our Website, improve the Website's quality and generate non-personal statistical information to monitor the usage of Our Website. We may use the Your Personal Data specified in section 3.1.1 for purposes such as data analysis, identifying usage trends, determining the effectiveness of Our promotional campaigns and to evaluate and improve Our Products, marketing and Your experience.

The processing is based on Our legitimate interest (Art 6 para 1 lit f GDPR) in achieving the mentioned purposes.

3.1.3. Storage period:

The server log files are, in general, automatically deleted after fourteen (14) days at the latest.

3.2. Processing of Your Personal Data when using Our Services

3.2.1. Type and extent of data processing:

Every time You use Our Services, We collect the access data that Your browser automatically transmits to enable You the access to Our Services as described in section 3.1.1.

Additionally, Your e-mail address is required in order to register to and use Our Services. Optionally, Your name and role can be specified in the user profile.

3.2.2. Legal basis and purpose:

The Processing of Your Personal Data is necessary to enable the access of Our Services, in particular visits to Our web application, to ensure the long-term functionality and security of Our systems, and to generally maintain Our Services in terms of administration. Your Personal Data is also stored in internal log files for the purposes previously described, in order to find the cause and take action against it in the event of repeated or criminal access attempts that endanger the stability and security of Our Services.

The legal basis for the Processing of Your Personal Data is Art 6 para 1 lit b GDPR when Our Services are accessed for the purpose of initiating or executing a contract. Otherwise, Art 6 para 1lit f GDPR applies, based on Our legitimate interest in providing access to Our services, ensuring the long-term functionality and security of Our systems and monitor the usage of Our Services.

3.2.3. Storage period:

We only store Your Personal Data for as long as is necessary to fulfill the purposes for which We collected them. After that, We delete Your Personal Data immediately, unless We still need them until the expiry of the statutory limitation period for evidence purposes for civil claims or due to statutory retention requirements. For regulatory reasons, Your Personal Data used for our services is stored for 30 years.

For evidence purposes, We must store contract data for three years from the end of the year in which Our business relationship with You ends. Any claims shall become time-barred at the earliest no earlier than at this point in time, pursuant to the statutory limitation period.

Even after that, We are required to retain some of Your Personal Data for accounting purposes. This obligation arises from statutory documentation requirements under the Austrian Commercial Code (Unternehmensgesetzbuch), the Federal Fiscal Code (Bundesabgabenordnung), the Banking Act (Bankwesengesetz), the Financial Market Money Laundering Act (Finanzmarkt-Geldwäschegesetz), and the Securities Supervision Act (Wertpapierhandelsgesetz). The retention periods stipulated in these regulations range from two to ten years.

3.3. Processing of Your Personal Data when contacting Us via Our contact form

3.3.1. Type and extent of data processing:

When contacting Us via the contact form provided on Our Website, We will use Your data as indicated in order to process Your contact request and deal with it. The data processing involved is necessary to issue a response in respect of Your request, as We would otherwise not be able to contact You. Details whose indication is mandatory are marked with a *-symbol; certain additional information may be provided voluntarily.

Moreover, the respective explanations of this section apply accordingly to the Processing of Personal Data being entailed by direct contact requests executed via contact details provided on Our Website, without making use of the contact form.

3.3.2. Legal basis and purpose:

The purpose of the Processing of Personal Data is to enable Us an exchange with You and attend and manage Your requests to Us. We answer Your request on the basis of Our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, We may also store Your data for different purposes, of which You will be informed of separately.

3.3.3. Storage period:

We delete Your requests as well as Your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of six (6) months and subsequently erased if We do not receive follow-up requests and if the data must not be further processed for different purposes.

3.4. Processing of Your Personal Data when sending You Our Newsletter

3.4.1. Type and extent of data processing:

You may subscribe to Our newsletter via Our Website. You only have to provide Your e-mail address. The newsletter will be sent exclusively to e-mail addresses provided by interested users.

3.4.2. Legal basis and purpose:

Your Personal Data mentioned above are processed in the form of a newsletter for the purpose of direct marketing, i.e. to send You regular updates on Our Products as well as special offers and general information about other goods, services, promotions and events which We offer. You will also have the opportunity to take part in one of Our surveys. We use the results of these surveys to improve Our Products.

We will contact you by e-mail, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

A newsletter or other electronic advertisements will in no case be sent without Your prior consent (Art 6 para 1 lit a GDPR) which We obtain from You directly on Our Website. If You no longer wish to receive the newsletter, You can unsubscribe at any time (withdrawing Your consent) by notifying Us of Your wish via the contact address specified under section 1 or by clicking on the respective link at the end of a newsletter.

3.4.3.    Storage period:

All data collected for the delivery of the newsletter will be erased within [seven (7) days] after unsubscribing from the newsletter. Furthermore, We automatically erase Your data in case You are inactive for a period of [three (3) years] (in which You do not interact with any newsletter provided by Us).​

4. Transfer of Your Personal Data

We will only transfer Your Personal Data collected by Us or make them available to third-parties if:

• You have given Your express consent to do so in accordance with Art 6 para 1 lit a GDPR,

• the disclosure is necessary to assert, exercise or defend legal claims in accordance with Art. 6 para 1 lit f GDPR and there is no reason to assume that You have an overriding legitimate interest in not disclosing Your Personal Data,

• We are legally obliged to transfer on Your Personal Data in accordance with Art 6 para 1 lit c GDPR,

• this is legally permissible and, in accordance with Art. 6 para 1 lit b GDPR, is necessary for the processing of contractual relationships with You or for the implementation of pre-contractual measures that are carried out at Your request or

• the disclosure is necessary to evaluate, negotiate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about Our Product users is among the assets transferred. In this case We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

4.1. Transfer of Your Personal Data within Our organisation

Within Our organisation, Your Personal Data will only be provided to those affiliates or employees who need them to fulfil their respective obligations. Affiliates include Our parent companies and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.

4.2. Transfer of Your Personal Data to Our Service Providers

Furthermore, external processors deployed by Us receive Your Personal Data if they need these data to provide their respective services (whereby the mere possibility to access Personal Data is sufficient). We may in particular transfer your data to the following categories of Service Providers:

• data centers that store Our web applications and databases,

• software providers,

• IT service providers that maintain Our systems.

If We pass on Your Personal Data to Our Service Providers, they may use them exclusively to fulfill their tasks, in particular to monitor and analyse the usage of Our Products and to maintain the accessibility of Our Products. All deployed Service Providers will process Your Personal Data in strict observance of the requirements of the GDPR and solely based on Our explicit instructions. We have carefully selected and commissioned the Service Providers. They are contractually bound by Our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by Us.

4.3. Transfer of Your Personal Data due to legal rights or obligations

In addition, Your Personal Data may be disclosed in connection with official inquiries, court orders, and legal proceedings if We think in the good faith belief that such action is necessary to:

• comply with Our legal obligations,

• protect and defend Our rights or property,

• prevent or investigate possible wrongdoing in connection with Our Products,

• protect the personal safety of Users of Our Products or the public,

• protect against legal liability.

5. Cookies and similar tracking technologies

5.1. General Information

We use Cookies and similar tracking technologies (“Tools”) to track the activity on Our Products and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Products. The technologies We use may include:

• Cookies or browser cookies: A cookie is a small file placed on Your Device by Your browser. Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses. They are not used to run programmes or install viruses on Your computer. Similar technologies include, in particular, web storage (local/session storage), fingerprints, tags, or pixels. Most browsers are set by default to accept cookies and similar technologies. You can generally adjust Your browser settings to reject cookies or similar tracking technologies or to store them only with Your prior consent. However, if You reject cookies or similar tracking technologies, some of Our Products may not function smoothly for You. Unless You have adjusted Your browser setting so that it will refuse cookies or similar tracking technologies, Our Products may use these Tools.
  
  

• Web beacons: Certain sections of Our Products and Our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "persistent" or "session" cookies. Persistent cookies remain on Your personal computer or mobile device when You go offline, while session cookies are deleted as soon as You close Your web browser. Learn more about cookies on the Privacy Policies website article.

Below, We categorise the Tools We use and provide information on their providers, the storage duration of cookies, and the sharing of data with third parties. Additionally, We explain when We seek Your voluntary consent to use the Tools and how You can revoke it.

Should the information in the cookie banner contradict this Privacy Policy despite Our best efforts, the information in this Privacy Policy shall take precedence.

5.2. Essential Tools

We use certain Tools to ensure the basic functions of Our Products, to provide you with a convenient and personalised experience and to make the usage of Our Products as time efficient as possible ("Essential Tools"). Without these Tools, We would not be able to operate Our Website and provide Our Services.

Therefore, essential Tools are used without consent, based on Our legitimate interest according to Art. 6 para 1 lit f GDPR. In certain cases, these Tools may also be required for the fulfilment of a contract or pre-contractual measures, in which case processing is carried out in accordance with Art. 6 para 1 lit b GDPR.

5.2.1. Own Cookies

We use three types of cookies, all encrypted and exclusively processed by Us:

1. Session Cookies: for login authentication.

2. Preference Cookies: to store temporary user settings, such as filters or list sorting.

3. Toast Cookies: to display important notifications directly in the web application.

5.3. Functional Tools

We also use Tools to enhance the user experience with Our Products and offer additional features ("Functional Tools"). These Tools are not strictly necessary for the core functionality of Our Products but can provide significant user benefits, particularly regarding user-friendliness and the provision of additional communication, display, or payment channels.

The legal basis for Functional Tools is Your consent under Art. 6 para 1 lit a GDPR unless otherwise specified. For further instructions on how to exercise your rights under the GDPR see section 9.

5.3.1. LiveChat

Our Website uses a direct chat tool provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, to improve communication with users.

If You have general or specific questions and issues about Our Website, Our Services, or the Company, You can send Us a message via LiveChat. You will see whether someone is online to respond immediately. If not, We will answer Your inquiry during business hours as soon as possible. In this context, We process data solely for communication purposes.

When using LiveChat, the IP address of the device and the address of the subpage from which You access LiveChat are recorded. HubSpot also uses cookies and similar technologies (a complete list is available at Link1, Link2, Link3). Chats conducted are logged and stored.

The legal basis is Art 6 para 1 lit b GDPR if the data is required to respond to Your inquiry within the scope of initiating or fulfilling a contract. Otherwise, Art. 6 para 1 lit f GDPR applies, based on Our legitimate interest in maintaining communication with customers and fostering a positive public image through quick accessibility of Our staff.

We exclusively use HubSpot products with servers in Europe; therefore, the data collected in this context is stored exclusively in compliance with the GDPR.

Further information can be found in HubSpot‘s Privacy Policy.

5.4. Analytics Tools

To improve Our Website and Products, We use the following Tools to statistically collect and analyse general usage behaviour based on access data ("Analytics Tools").

The legal basis for Analytics Tools is Your consent under Art. 6 para 1 lit a GDPR unless otherwise specified. For further instructions on how to exercise your rights under the GDPR see section 9.

5.4.1. June Analytics

Our Website uses June Analytics, an analytics software for the statistical evaluation of visitor access provided by June Inc., 8 The Green, Dover, DE 19901, USA. All data is stored with June Inc.’s cloud provider in Frankfurt/Main.

The following data may be stored in the visitor log along with a pseudonymised visitor ID:

• referrer URL (previously visited page),

• visited pages (date, time, URL, title, duration),

• downloaded files,

• clicked links to other websites,

• achievement of specific goals (conversions),

• technical information (operating system, browser type, version, and language, device type, brand, model, and resolution),

• approximate location (country and possibly city, based on anonymised IP address).

June Analytics does not use Cookies. Further information can be found in June Analytics‘ Privacy Policy.

5.4.2.    Looker Studio Analytics

We use Looker Studio, a business intelligence solution for managing and visualising large datasets, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA. Data is temporarily stored on servers in Frankfurt/Main during the use of Looker Studio.

The following data may be stored in the visitor log along with a pseudonymised visitor ID:

• referrer URL (previously visited page),

• visited pages (date, time, URL, title, duration),

• downloaded files,

• clicked links to other websites,

• achievement of specific goals (conversions),

• technical information (operating system, browser type, version, and language, device type, brand, model, and resolution),

• approximate location (country and possibly city, based on anonymised IP address).

Further information can be found in Looker Studio‘s Privacy Policy.

5.4.3.    Datadog

We use Datadog, a monitoring and analytics platform by Datadog, Inc., 620 8th Avenue, 45th Floor, New York, NY 10018, USA, to monitor and analyse server and application data in real-time. Datadog helps Us ensure service performance, identify errors, and detect security issues early.

Data processed by Datadog may be stored on servers outside the European Union. We ensure data protection through appropriate security measures and standard contractual clauses in accordance with Art. 46 GDPR.

The following data may be processed:

• usage and performance data from Our servers and applications (e.g., CPU usage, memory usage, response times),

• log data from server requests (e.g., timestamps, anonymised IP addresses),

• information on executed processes and actions within Our systems,

• Error messages and other system reports.

Datadog processes data on a pseudonymised basis and does not share Personal Data with third parties. Further information on Processing of Personal Data by Datadog can be found in Datagog’s Privacy Policy.

5.4.4. Google BigQuery

We use Google BigQuery, a cloud data storage and analytics platform by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA. Google BigQuery allows Us to manage, analyse, and visualise large datasets in real-time.

Data stored and processed in Google BigQuery may be stored on Google's servers inside and outside the European Union. Data protection is ensured by compliance with EU data protection standards and the use of standard contractual clauses pursuant to Art. 46 GDPR.

The following data may be processed in Google BigQuery:

• aggregated usage statistics and analytics patterns,

• system performance and technical monitoring data,

• anonymised or pseudonymised visitor and customer information,

• data required for internal analysis and reporting.

Personal Data is anonymised or pseudonymised before storage in BigQuery, wherever possible. Further information on data processing by Google BigQuery can be found in Google’s Privacy Policy.

5.5. Use of Marketing and Sales Tools

We use the following Tools and platforms to carry out marketing and sales activities (“Marketing and Sales Tools”). They help to optimize Our communication with prospects and customers, support Our sales efforts, and analyze marketing measures.

By using these Tools, We ensure that Your Personal Data is processed in compliance with applicable data protection laws, and appropriate technical and organizational measures are taken to protect Your Personal Data.

The legal basis for Marketing and Sales Tools is Your consent under Art. 6 para 1 lit a GDPR unless otherwise specified. For further instructions on how to exercise your rights under the GDPR see section 9.

5.5.1. Google Workspace (Google Suite)

We use Google Workspace (formerly G Suite), a cloud-based productivity and collaboration solution provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA, for document processing, emails, calendars, and other business processes.

Google Workspace supports Us in the efficient management of data and communication. Data may be stored and processed on Google servers located outside the European Union. Google ensures compliance with EU data protection standards, including standard contractual clauses pursuant to Art. 46 GDPR.

The following data may be processed when using Google Workspace:

• e-mails, calendar entries, and attachments (when using Gmail and Google Calendar).

• documents, spreadsheets, and presentations stored in Google Docs, Sheets, or Slides.

• access information (e.g., time and device type),

• log data such as IP addresses and system usage metadata.

All data is processed in accordance with Google’s privacy policies. Google provides encryption and access restriction options to ensure a high level of data protection.

Further information about data processing by Google Workspace can be found in Googles’ Privacy Policy and the  Google Workspace Privacy Notice Google Workspace Privacy Policy.

5.5.2. Notion

We use Notion, a cloud-based collaboration and project management Tool provided by Notion Labs Inc., 2300 Harrison St, San Francisco, CA 94110, USA. Notion enables Us to organize and manage projects, documentation, and tasks in a central workspace.

Data stored in Notion may be processed on servers in the United States. The protection of Your data is ensured through appropriate security measures and standard contractual clauses pursuant to Art. 46 GDPR.

The following data may be processed when using Notion:

• project and task details (e.g., titles, content, status),

• uploaded documents and files,

• access logs (e.g., username, editing timestamps),

• usage and activity statistics.

Notion does not store sensitive Personal Data unless consciously entered by users into the platform. Data processing is carried out in accordance with Notion's privacy policy. Further information can be found in Notions’ Privacy Policy.

5.5.3. HubSpot

We use HubSpot, a CRM platform provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, for marketing, sales, and service purposes. HubSpot supports Us in managing customer relationships, automating marketing processes, and analyzing user interactions.

Personal Data may be processed on servers in the United States. HubSpot is committed to complying with European Union data protection standards and provides appropriate guarantees pursuant to Art. 46 GDPR, including the implementation of standard contractual clauses.

The following data may be processed when using HubSpot:

• contact information (e.g., name, email address, phone number),

• interactions with Our communication channels (e.g., e-mail open and click rates),

• information about visited pages and actions taken on Our Website,

• technical data (e.g., IP address, browser type, operating system).

Further information about data processing by HubSpot can be found in HubSpot’s Privacy Policy.

5.5.4. Aircall

We use Aircall, a cloud-based telephone functions and solutions provided by Aircall SAS, 11-15 Rue Saint Georges, 75009 Paris, France, for managing Our business telephone communication. Aircall enables Us to efficiently make and receive calls and analyse call data.

Personal data may be processed on servers both within and outside the European Union. Aircall ensures that appropriate security measures and standard contractual clauses pursuant to Art. 46 GDPR are implemented to protect Your data.

The following data may be processed when using Aircall:

• call data (e.g., phone number, date, time, call duration),

• call recordings (if consent has been given),

• usage data of the telephony platform,

• technical data (e.g., IP address, device type).

Further information about data processing by Aircall can be found in Aircall’s Privacy Policy.

6. Security of Your Personal Data

The security of Your Personal Data is important to Us but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

7. Children’s Privacy

Our Products do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18.

If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We take steps to remove that information from Our servers. If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

8. Links to other websites

Our Products may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third-party's site. We strongly advise You to review the Privacy Policy of every website You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

9.  Rights of data subjects

You have at any time the following rights of data subjects pursuant to Art 7 para 3, Art 15 – 21 and Art 77 GDPR:

• In accordance with Art 7 para 3 of the GDPR, You may at any time revoke Your consent to Us. As a result, We may no longer continue the Processing of Your Personal Data based on this consent in the future. The revocation of consent shall not affect the lawfulness of the Processing carried out on the basis of the consent until the revocation.
  Among other things, You also have the option of revoking Your consent to the use of cookies on Our Website with effect for the future by calling up Our cookie settings.
  
  

• In accordance with Art 15 of the GDPR, to request information about Your Personal Data processed by Us. In particular, You may request information on the purposes of Processing, the category of Personal Data, the categories of recipients to whom Your Personal Data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of Your Personal Data, if not collected by Us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof.
  
  

• In accordance with Art 16 of the GDPR, to demand without delay the correction of incorrect or incomplete Personal Data stored by Us.
  
  

• In accordance with Art 17 of the GDPR, under specific circumstances  to demand the deletion of Your Personal Data stored with Us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  
  

• In accordance with Art 18 of the GDPR, to demand the (temporary) restriction of the processing of Your Personal Data, insofar as (i) the accuracy of the Personal Data is disputed by You, (ii) the processing is unlawful and You oppose the erasure of Your Personal Data and request the restriction of their use instead, (iii) We no longer need Your Personal Data for the purposes of the Processing, but they are required by You for the establishment, exercise or defence of legal claims, or (iv) You have lodged an objection to the processing in accordance with Art 21 para 1 of the GDPR.
  
  

• In accordance with Art 20 of the GDPR, to receive Your Personal Data that You have provided to Us in a structured, common and machine-readable format or to request that it be transferred to another controller. However, this only covers those of Your Personal Data that We process with the help of automated processes after Your consent or on the basis of a contract with You.
  
  

• In accordance with Art 21 of the GDPR, if Your Personal Data are processed on the basis of Our legitimate interest, to object to the Processing of Your Personal Data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, You have a general right of objection, which We will implement without indicating a specific situation.
  
  

• In accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of Your Personal Data by Us. As a rule, You can contact the data protection authority at Your usual place of residence or workplace or at the Place of the alleged infringement. In Vienna, where Our headquarters are located, the competent supervisory authority is: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

To exercise Your rights as described above, You can contact Us at any time using the contact details provided in section 1. This also applies if You wish to receive copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, We will comply with Your data protection request.

Your requests to assert data protection rights and Our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims, even beyond that. The legal basis is Art 6 para 1 lit f GDPR, based on Our interest in defending against any civil claims under Art 82 GDPR, avoiding administrative fines under Art 83 GDPR and fulfilling Our accountability under Art 5 para 2 GDPR.

10. Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via e-mail and/or a prominent notice on Our Website, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on Our Website.