Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter referred to as “data”) we process, for what purposes, and to what extent.

This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences such as our social media profiles (collectively referred to as the “online offering”).

Table of Contents

1. Person Responsible
   
   

2. Overview of Processing Operations
   
   

3. Relevant Legal Bases
   
   

4. Security Measures
   
   

5. Transfer of Personal Data
   
   

6. International Data Transfers
   
   

7. Data Storage and Erasure
   
   

8. Rights of Data Subjects
   
   

9. Business Services
   
   

10. Business Processes and Procedures
    
    

11. Provision of Online Offering and Web Hosting
    
    

12. Use of Cookies
    
    

13. Contact and Request Management
    
    

14. Promotional Communication
    
    

15. Web Analysis and Optimization
    
    

16. Online Marketing
    
    

17. Social Media Presence
    
    

18. Plug-ins and Embedded Content
    
    

19. Employment Data Processing
    
    

20. Modifications and Updates
    
    

1. Overview of Processing

Types of Data Processed

• Inventory data
  
  

• Employee data
  
  

• Contact data
  
  

• Content data
  
  

• Contract data
  
  

• Usage data
  
  

• Meta, communication, and process data
  
  

• Log data
  
  

Categories of Data Subjects

• Beneficiaries and clients
  
  

• Employees
  
  

• Interested parties
  
  

• Communication partners
  
  

• Users
  
  

• Business and contractual partners
  
  

Purposes of Processing

• Provision and performance of contractual services
  
  

• Communication
  
  

• Security measures
  
  

• Direct marketing and outreach
  
  

• Measurement, tracking, and analytics
  
  

• Office and administrative procedures
  
  

• Conversion and target group measurement
  
  

• Marketing and public relations
  
  

• Provision of online services and user experience
  
  

• Employment relationship management
  
  

• IT infrastructure and data protection
  
  

• Business process and sales management
  
  

2. Relevant Legal Bases (GDPR)

Processing of personal data is based on:

• Consent (Art. 6(1)(a) GDPR) – where users have granted consent.
  
  

• Performance of Contract (Art. 6(1)(b) GDPR) – necessary to fulfill contractual or pre-contractual obligations.
  
  

• Legal Obligation (Art. 6(1)(c) GDPR) – compliance with legal duties.
  
  

• Legitimate Interests (Art. 6(1)(f) GDPR) – when processing is required for legitimate business purposes.
  
  

• Processing Special Categories (Art. 9(2)(h) GDPR) – data related to healthcare, employment, or social security.
  
  

National law in Austria: The Austrian Data Protection Act (DSG) also applies, including rights to information, rectification, erasure, and data transfer.

3. Security Measures

We implement appropriate technical and organizational measures according to legal requirements, considering the nature, scope, context, and purpose of data processing to ensure a level of protection appropriate to the risk.

Encryption

We secure online connections using TLS/SSL encryption (HTTPS) to protect user data from unauthorized access.

4. Transmission of Personal Data

Personal data may be transmitted to:

• IT service providers,
  
  

• Web content providers, or
  
  

• Other legally authorized recipients.
  
  

Transfers are performed only as legally permitted and based on contractual agreements ensuring data protection.

Intra-Company Data Transfers

We may share data within our corporate group for administrative purposes, based on legitimate interests or contractual necessity.

5. International Data Transfers

Data transfers outside the EU/EEA occur only under the following:

• Adequacy decision (Art. 45 GDPR)
  
  

• Standard contractual clauses (Art. 46 GDPR)
  
  

• Explicit consent (Art. 49 GDPR)
  
  

EU–US Data Privacy Framework (DPF): Certified U.S. companies are recognized as providing adequate protection.
See: https://www.dataprivacyframework.gov

6. Data Storage and Deletion

We delete personal data when:

• Consent is withdrawn,
  
  

• The original purpose no longer applies, or
  
  

• No other legal basis exists.
  
  

Exceptions include statutory retention periods (e.g., tax or commercial law). The longest applicable retention period takes precedence.

7. Rights of Data Subjects (GDPR Articles 15–21)

• Right to Object – to processing or direct marketing.
  
  

• Right to Withdraw Consent – at any time.
  
  

• Right of Access – to your personal data.
  
  

• Right to Rectification – of incorrect or incomplete data.
  
  

• Right to Erasure ("Right to be Forgotten") – under legal conditions.
  
  

• Right to Restrict Processing – under specific conditions.
  
  

• Right to Data Portability – to receive your data in a machine-readable format.
  
  

• Right to Lodge a Complaint – with a supervisory authority.
  
  

8. Business Services

We process client and partner data to fulfill contractual obligations, including service provision, billing, communication, and compliance.

Data is stored for the duration of the relationship and deleted after legal retention periods expire (generally 4–10 years).

9. Business Processes and Procedures

Processing supports business activities such as:

• Customer management
  
  

• Accounting
  
  

• Sales and project management
  
  

• Legal compliance
  
  

Economic analyses and market research are performed with pseudonymized or anonymized data where possible.

10. Provision of Online Offering and Web Hosting

We use IT infrastructure providers such as Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
Privacy Policy: https://www.hetzner.com/legal/privacy-policy/

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

11. Cookies

Cookies are used to improve usability and analyze usage.
Legal basis depends on consent or legitimate interests.

Consent Management

BorlabsCookie is used for managing cookie consents.
Website: https://de.borlabs.io/borlabs-cookie/

12. Contact

When you contact us (e.g. by email, phone, or contact form), your data is processed solely to respond to your inquiry or fulfill related obligations.

13. Advertising Communication

We process data for advertising via email, post, phone, or fax, in compliance with legal requirements.

You may withdraw consent or object to communication at any time.
After withdrawal, we retain minimal data to prevent future contact.

14. Web Analysis, Monitoring, and Optimization

We use web analytics to improve our online offerings, including pseudonymous reach measurement and usage tracking.

Google Analytics

Provider: Google Ireland Limited
Legal basis: Consent (Art. 6(1)(a) GDPR)
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout

Google Tag Manager

Used for managing analytics tags; does not store personal data.

Google reCAPTCHA 3

Used to verify human users and prevent spam.
Data may be processed by Google under EU–US DPF.

Google Ads & Conversion Tracking

Used for interest-based advertising and conversion measurement.

15. Online Marketing

We process data to deliver personalized advertising and measure campaign effectiveness.
User profiles are generally pseudonymized; cookies may store preferences.

Data is processed based on consent or legitimate interests.

16. Changes and Updates

We may update this privacy policy if processing changes require it.
Users are advised to review this policy regularly.

If cooperation or renewed consent is necessary, users will be notified.

© 2025 SAMINA
Imprint · Privacy · Jobs