Home Privacy Policy in Accordance with GDPR

Privacy Policy in Accordance with GDPR

Information on the processing of your personal data in accordance with GDPR.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

ITworx Solutions AT GmbH
Jodok-Stülz-Weg 17
6850 Dornbirn, Austria
Phone: +43 5577 21 707
E-mail: office@itworx-solutions.at
Web: www.itworx-solutions.at

2. Collection and Storage of Personal Data

2.1 Server Log Files

When you access our website, your browser automatically transmits information to our web server, which is temporarily stored in so-called server log files. The following information is collected without any action on your part:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the requested file
  • Website from which access was made (referrer URL)
  • Browser used and, where applicable, operating system

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the smooth operation of our website and improving our services. Server log files are automatically deleted after 14 days.

2.2 Contact Form

When you contact us via the contact form provided on our website, the following data is processed:

  • First and last name (required)
  • E-mail address (required)
  • Phone number (optional)
  • Company (optional)
  • Subject (required)
  • Message content (required)

The data is transmitted via e-mail (PHP mail() function) to our internal address. No data is stored in a database.

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures at the request of the data subject) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). The data will be deleted 6 months after your enquiry has been fully processed, unless statutory retention obligations apply. If an enquiry results in a contractual relationship or business order, the statutory retention periods under § 212 UGB (Austrian Commercial Code, 7 years for business correspondence) and § 132 BAO (Austrian Federal Fiscal Code, 7 years for tax-relevant records) apply.

2.3 E-mail Contact

If you contact us by e-mail, the data you provide (e.g. name, e-mail address, message content) will be stored by us in order to process your enquiry. The legal basis is the same as for the contact form (Art. 6(1)(b) or Art. 6(1)(f) GDPR). The same retention periods apply.

3. Hosting

Our website is hosted on servers located in Austria / the European Union. No personal data is transferred to third countries (countries outside the EEA) as part of the hosting.

4. SSL/TLS Encryption

For security reasons and to protect the transmission of personal data, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the lock icon in your browser's address bar and the address beginning with https://. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Cookies and Local Storage

5.1 Technically Necessary Cookies

This website uses the following technically necessary cookies:

  • Session cookie (PHPSESSID) – Required for session management and deleted when the browser is closed.
  • Language selection – Stores your preferred language (DE/EN) for the duration of the session.
  • CSRF token – Protects form submissions against cross-site request forgery attacks.
  • Cookie consent – Stores your cookie banner decision for the duration of the session.

In addition, your theme preference (dark/light mode) is stored in your browser's localStorage API. LocalStorage is not a cookie and is not transmitted to the server.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

5.2 Visitor Statistics (Web Analytics)

With your consent, we collect privacy-compliant visitor statistics. When a page is accessed, the following data is stored in our database (hosted in Austria / EU):

  • IP address of the requesting device (full)
  • Country of origin (determined via the external service ip-api.com, see below)
  • Browser type (e.g. Chrome, Firefox, Safari)
  • Operating system (e.g. Windows, macOS, Android)
  • Page visited (URL path)
  • Referrer URL (page you came from – if transmitted)
  • Anonymised session fingerprint (SHA-256 hash of the session ID, not plaintext)
  • Timestamp of the access

The data is used exclusively for internal analysis by ITworx Solutions AT GmbH and is not shared with third parties. No cross-site tracking or profiling takes place.

External service ip-api.com: To determine the country of origin, your IP address is transmitted once to the service ip-api.com (operator: HexiSoft Ltd., USA). The result (country and country code) is cached locally so that each IP address is only queried once. ip-api.com does not provide GDPR compliance guarantees; since only the country of origin (no sensitive data) is retrieved and you have given your explicit consent, this transfer is based on Art. 6(1)(a) GDPR.

Legal basis: Art. 6(1)(a) GDPR (consent). You give your consent by clicking "Accept" in the cookie banner. You may withdraw your consent at any time with effect for the future by contacting us at office@itworx-solutions.at or by clearing your browser session storage.

6. Toolbox / Network Tools

Our website provides network tools in the "Toolbox" section (e.g. Ping, Traceroute, DNS Lookup). When you use one of these tools, the hostname or IP address you enter is sent to an external API service (Globalping) for processing. No personal data about you (e.g. your IP address) is transmitted to the API service – only the target hostname you entered.

Legal basis: Art. 6(1)(a) GDPR (consent through active use of the tool). You may refrain from using the tools at any time.

7. Transfer of Data

Your personal data will generally not be transferred to third parties unless:

  • we are legally obliged to do so (e.g. by order of a public authority or court),
  • the transfer is necessary for the establishment, exercise or defence of legal claims,
  • you have given your express consent (Art. 6(1)(a) GDPR).

A transfer to third countries takes place solely in connection with the determination of the country of origin via the service ip-api.com (USA), as described in Section 5.2. No other personal data is transferred to third countries or international organisations.

8. Retention Periods

We store your personal data only for as long as is necessary for the respective purpose or as required by statutory retention obligations. Summary:

  • Server log files: 14 days
  • Contact form / e-mail enquiries: 6 months after completion of processing; if the enquiry results in a contractual relationship: 7 years pursuant to § 212 UGB / § 132 BAO
  • Session cookies: until the end of the browser session
  • localStorage (theme): until manually deleted by the user
  • Visitor analytics data: 12 months from the date of collection, then automatically deleted
  • IP country cache (ip-api.com): 30 days

9. Your Rights

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR) – You may request information about your personal data processed by us.
  • Right to rectification (Art. 16 GDPR) – You may request the correction of inaccurate or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR) – You may request the deletion of your personal data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR) – Under certain conditions, you may request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR) – You may request that we provide your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR) – You may object to the processing of your personal data at any time, insofar as the processing is based on Art. 6(1)(f) GDPR.

Right to withdraw consent (Art. 7(3) GDPR): If you have given consent to the processing of your data, you may withdraw that consent at any time with effect for the future. The lawfulness of any processing carried out prior to the withdrawal remains unaffected.

To exercise your rights, please contact: office@itworx-solutions.at

10. Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. The competent supervisory authority for us is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Web: www.dsb.gv.at

12. Currency and Amendment of this Privacy Policy

This privacy policy is currently valid as of April 2026. As our website evolves or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is always available on our website.