Home Privacy Policy in Accordance with GDPR

Privacy Policy in Accordance with GDPR

Information on the processing of your personal data in accordance with GDPR.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

ITworx Solutions AT GmbH
Jodok-Stülz-Weg 17
6850 Dornbirn, Austria
Phone: +43 5577 21 707
E-mail: office@itworx-solutions.at
Web: www.itworx-solutions.at

2. Collection and Storage of Personal Data

2.1 Server Log Files

When you access our website, your browser automatically transmits information to our web server, which is temporarily stored in so-called server log files. The following information is collected without any action on your part:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the requested file
  • Website from which access was made (referrer URL)
  • Browser used and, where applicable, operating system

The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in ensuring the smooth operation of our website and improving our services. Server log files are automatically deleted after 14 days.

2.2 Contact Form

When you contact us via the contact form provided on our website, the following data is processed:

  • First and last name (required)
  • E-mail address (required)
  • Phone number (optional)
  • Company (optional)
  • Subject (required)
  • Message content (required)

The data is transmitted via e-mail (PHP mail() function) to our internal address. No data is stored in a database.

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures at the request of the data subject) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). The data will be deleted 6 months after your enquiry has been fully processed, unless statutory retention obligations apply. If an enquiry results in a contractual relationship or business order, the statutory retention periods under § 212 UGB (Austrian Commercial Code, 7 years for business correspondence) and § 132 BAO (Austrian Federal Fiscal Code, 7 years for tax-relevant records) apply.

2.3 E-mail Contact

If you contact us by e-mail, the data you provide (e.g. name, e-mail address, message content) will be stored by us in order to process your enquiry. The legal basis is the same as for the contact form (Art. 6(1)(b) or Art. 6(1)(f) GDPR). The same retention periods apply.

3. Hosting

Our website is hosted on servers located in Austria / the European Union. No personal data is transferred to third countries (countries outside the EEA) as part of the hosting.

4. SSL/TLS Encryption

For security reasons and to protect the transmission of personal data, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the lock icon in your browser's address bar and the address beginning with https://. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Cookies and Local Storage

5.1 Technically Necessary Cookies

This website uses only technically necessary cookies:

  • Session cookie (PHPSESSID) – Required for session management and deleted when the browser is closed.
  • Language selection – Stores your preferred language (DE/EN) for the duration of the session.
  • CSRF token – Protects form submissions against cross-site request forgery attacks.

In addition, your theme preference (dark/light mode) is stored in your browser's localStorage API. LocalStorage is not a cookie and is not transmitted to the server.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Technically necessary cookies do not require consent. Marketing cookies (Google Ads conversion tracking, see Section 5.3) are only used with your consent via the cookie banner. Your consent decision is stored in your browser's localStorage.

5.2 Visitor Statistics (Web Analytics)

We operate our own privacy-compliant visitor statistics without using third-party tools (no Google Analytics, no Matomo, etc.). When a page is accessed, the following data is stored in our database (hosted in Austria / EU):

  • Anonymised IP address – The last octet is set to 0 before storage (e.g. 195.3.113.42 → 195.3.113.0). This makes it impossible to identify individual devices.
  • Hostname of the requesting device (via reverse DNS lookup, local DNS server)
  • Country of origin (determined via the external service ip-api.com, see below)
  • Browser type (e.g. Chrome, Firefox, Safari)
  • Operating system (e.g. Windows, macOS, Android)
  • Page visited (URL path)
  • Referrer domain (website you came from – if transmitted, external traffic only)
  • Anonymised session fingerprint (SHA-256 hash of the session ID, not plaintext)
  • Timestamp of the access

The visitor statistics do not set any additional cookies. Only the existing, technically necessary session cookie is used. The data is used exclusively for internal analysis by ITworx Solutions AT GmbH and is not shared with third parties. No cross-site tracking, fingerprinting or profiling takes place.

External service ip-api.com: To determine the country of origin, your IP address is transmitted once to the service ip-api.com (operator: HexiSoft Ltd., USA). The result (country and country code) is cached server-side so that each IP address is only queried once. Only geolocation data (country) is retrieved; identification of individual persons is not possible.

Temporary IP lookup cache: To avoid redundant DNS and API requests, IP addresses are stored with their lookup results (country, hostname) in a server-side cache. This cache is automatically deleted after 30 days and serves exclusively as a technical optimisation.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in analysing website usage to improve our services and in detecting technical issues. Due to IP anonymisation, the absence of third-party cookies and the short retention period, our interest does not outweigh your rights and freedoms. You may object to this processing at any time by contacting us at office@itworx-solutions.at.

5.3 Google Ads Conversion Tracking (Consent Only)

This website uses Google Ads conversion tracking ("Google tag" / gtag.js) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This allows us to measure whether visitors reached our website via one of our Google ads and whether a defined action (e.g. a contact enquiry) was carried out.

Tracking is only activated after your express consent via our cookie banner. Without consent, no Google script is loaded and no data is transmitted to Google (Google Consent Mode v2, default setting "denied"). If consent is given, Google sets cookies (e.g. _gcl_aw) with a retention period of generally up to 90 days and processes, among other things, your IP address, browser information and the page visited.

Personal data may be transferred to servers of Google LLC in the USA. Google is certified under the EU-US Data Privacy Framework; in addition, standard contractual clauses pursuant to Art. 46 GDPR are in place. For more information, see Google's privacy policy.

Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with § 165(3) of the Austrian Telecommunications Act (TKG 2021). Withdrawal: You may withdraw your consent at any time with effect for the future by clicking "Cookie Settings" in the website footer and selecting "Essential only". Your choice (granted/declined) is stored in your browser's localStorage.

6. Toolbox / Network Tools

Our website provides network tools in the "Toolbox" section (e.g. Ping, Traceroute, DNS Lookup). When you use one of these tools, the hostname or IP address you enter is sent to an external API service (Globalping) for processing. No personal data about you (e.g. your IP address) is transmitted to the API service – only the target hostname you entered.

Legal basis: Art. 6(1)(a) GDPR (consent through active use of the tool). You may refrain from using the tools at any time.

7. Transfer of Data

Your personal data will generally not be transferred to third parties unless:

  • we are legally obliged to do so (e.g. by order of a public authority or court),
  • the transfer is necessary for the establishment, exercise or defence of legal claims,
  • you have given your express consent (Art. 6(1)(a) GDPR).

A transfer to third countries takes place: (a) in connection with the determination of the country of origin via the service ip-api.com (USA), as described in Section 5.2 – based on Art. 6(1)(f) GDPR, whereby only geolocation data (country) is retrieved; and (b) if consent has been given, in connection with Google Ads conversion tracking to Google LLC (USA), as described in Section 5.3 – based on Art. 6(1)(a) GDPR and safeguarded by the EU-US Data Privacy Framework. No other personal data is transferred to third countries or international organisations.

8. Retention Periods

We store your personal data only for as long as is necessary for the respective purpose or as required by statutory retention obligations. Summary:

  • Server log files: 14 days
  • Contact form / e-mail enquiries: 6 months after completion of processing; if the enquiry results in a contractual relationship: 7 years pursuant to § 212 UGB / § 132 BAO
  • Session cookies: until the end of the browser session
  • localStorage (theme, cookie consent): until manually deleted or changed by the user
  • Google Ads cookies: generally up to 90 days (only if consent has been given)
  • Visitor analytics data: 30 days from the date of collection, then automatically deleted
  • IP lookup cache: 30 days

9. Your Rights

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR) – You may request information about your personal data processed by us.
  • Right to rectification (Art. 16 GDPR) – You may request the correction of inaccurate or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR) – You may request the deletion of your personal data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 GDPR) – Under certain conditions, you may request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR) – You may request that we provide your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR) – You may object to the processing of your personal data at any time, insofar as the processing is based on Art. 6(1)(f) GDPR.

To exercise your rights, please contact: office@itworx-solutions.at

10. Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. The competent supervisory authority for us is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Web: www.dsb.gv.at

12. Currency and Amendment of this Privacy Policy

This privacy policy is currently valid as of June 2026. As our website evolves or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is always available on our website.