Privacy Policy

Introduction:

We place great importance on the protection of personal data and process such data exclusively in accordance with the General Data Protection Regulation (GDPR) and all applicable national data protection laws. This Privacy Policy explains, in clear and understandable terms, which personal data we process on our website and within the scope of our business activities, for what purposes this occurs, and what rights you have.

Controller:

  • DI David Martin
  • E-mail: office@embinova.at
  • The controller is responsible for all data processing activities carried out via this website or in connection with our services

Scope of Application

This Privacy Policy applies to: all sections of our website

  • the technical operation of the site (hosting, security, CMS)
  • online forms and communication
  • tools and services integrated into the website (e.g., Cloudflare, Google)
  • our social media presence
  • data processing by processors acting on our behalf

It covers all personal data collected through our online services or processed as part of our business processes.

Legal Bases for Data Processing

We only process personal data when a legal basis under Article 6 GDPR exists:

  • Consent (Art. 6(1)(a) GDPR): e.g., for non-essential cookies or analytics tools
  • Contract / Pre-contractual Measures (Art. 6(1)(b) GDPR): e.g., for contact requests or business relationships
  • Legal Obligation (Art. 6(1)(c) GDPR): retention obligations and documentation
  • Legitimate Interests (Art. 6(1)(f) GDPR): security, technical operation, business efficiency, optimization of our website

Storage Period

We store personal data only for as long as necessary for the specific purpose or as required by statutory retention obligations. If the purpose ceases to apply or consent is withdrawn, data will be deleted without delay unless legal requirements prevent deletion.

Your Rights

Under the GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing (particularly where based on legitimate interests)
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna.

Data Transfers to Third Countries

Personal data is transferred to countries outside the EU/EEA only if:

  • an adequacy decision exists (e.g., EU–US Data Privacy Framework)
  • Standard Contractual Clauses (SCCs) are used
  • you have expressly consented

We ensure that we only use service providers offering an adequate level of data protection.

Communication

When you contact us, we process the data you provide solely for handling your inquiry. Processed data may include:

  • Name
  • E-mail address
  • Telephone number
  • Content of your message

Legal bases: Art. 6(1)(a), (b), (f) GDPR. Data is deleted once the inquiry is completed and no statutory retention obligations exist.

Data Processing by Processors

We work with service providers who process personal data on our behalf (e.g., hosting providers, security services, analytics tools). These processors are contractually obliged to:

  • process data solely according to our instructions
  • implement appropriate security measures
  • use subprocessors only with our approval

Cookies & Consent Management

Our website uses cookies:

  • technically necessary cookies (for functionality, security, essential operations)
  • optional cookies (e.g., analytics), which are only placed with your consent

You may change or withdraw your cookie preferences at any time via the consent banner.

Legal bases:

  • Art. 6(1)(f) GDPR (necessary cookies)
  • Art. 6(1)(a) GDPR (optional cookies)

Web Hosting

Our website is hosted by World4You Internet Services GmbH. During use, server log files are automatically generated, including:

  • IP address
  • Date and time of access
  • Pages accessed
  • Browser type and operating system
  • Referrer URL
  • Technical protocol information

Log files are typically stored for 14 days for system security. Legal basis: Art. 6(1)(f) GDPR.

CMS & Page Builder (WordPress & Elementor)

Our website is built using WordPress and the Elementor page builder. Technical data such as browser information, device information, language settings, and user interactions may be processed to ensure proper website display. Legal basis: Art. 6(1)(f) GDPR.

Security & Anti-Spam (Cloudflare Turnstile)

We use Cloudflare Turnstile to protect our forms and website from bots and automated attacks. Turnstile evaluates technical parameters (e.g., browser, IP address, device information) without using trackers or interactive CAPTCHAs. Purpose: security and proper functioning of forms Legal basis: Art. 6(1)(f) GDPR

Web Analytics (Google Analytics, if enabled)

With your consent, we use Google Analytics 4 to analyze user behavior on our website. Processed data may include:

  • Page views
  • Click behavior
  • Scroll behavior
  • Device information
  • Pseudonymized IDs
  • Approximate location (IP anonymized)

IP addresses are anonymized according to Google standards. Retention period: 2–14 months, depending on configuration Legal basis: Art. 6(1)(a) GDPR. You may withdraw your consent at any time.

Social Media (including LinkedIn)

Our website contains links to our social media profiles, particularly LinkedIn.

Important:

  • No data is transmitted to LinkedIn when you merely visit our website.
  • Data is only processed once you actively click an external social media link.

The privacy policies of the respective platform apply after clicking.

Content Delivery & Performance (Cloudflare CDN, if active)

If Cloudflare is used as a Content Delivery Network (CDN), technical data such as IP addresses, data packets, and website performance data may be routed through Cloudflare servers to ensure fast and secure delivery of our website. Legal basis: Art. 6(1)(f) GDPR

Definitions

Terms such as “personal data,” “processing,” “consent,” “controller,” and “processor” follow the definitions set out in Article 4 GDPR.

Final Provisions

We update this Privacy Policy whenever technical developments or legal requirements make this necessary.