Skip to Content

Privacy Policy

Data Protection

Introduction and Overview 

We have drafted this privacy policy to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as the data controller – and the processors we engage (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.

In short:We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, aims to describe the most important things as simply and transparently as possible. As far as it promotes transparency, technical terms are explained in a reader-friendly manner and links to further information are provided. We inform you in clear and simple language that we only process personal data in the context of our business activities when there is a corresponding legal basis. This is certainly not possible when one provides as brief, unclear, and legally technical explanations as are often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you did not know.

If you still have questions, we kindly ask you to contact the responsible party mentioned below or in the imprint, follow the existing links, and view additional information on third-party sites. Our contact details can also be found in the imprint.

Scope of Application 

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short:The privacy policy applies to all areas where personal data is structured and processed within the company through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, that is, the legal bases of the General Data Protection Regulation, which allow us to process personal data. Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, athttps://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679this link.

We only process your data if at least one of the following conditions is met:

  • Consent (Article 6(1)(a) GDPR):You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
  • Contract (Article 6(1)(b) GDPR):To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase agreement with you, we need personal information in advance.
  • Legal obligation (Article 6(1)(c) GDPR):If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
  • Legitimate interests (Article 6(1)(f) GDPR):In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of tasks in the public interest and the exercise of public authority as well as the protection of vital interests do not usually apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • InAustriathis is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

Contact details of the responsible party 

If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible person or entity below:

SolXrepresented by: Christian Straka 50% and Thomas Haberhauer 50% (Management)

Address: 2130 Mistelbach, Franz Josef-Straße 16
Email:office@solx.co.at
Phone:+43 2572 40501
Imprint:Imprint

Storage duration

That we only store personal data as long as it is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing is no longer present. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, for example, for accounting purposes. If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and as long as there is no obligation to retain it. We will inform you below about the specific duration of the respective data processing, if we have further information on this.

Rights under the General Data Protection Regulation

According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you are entitled to, in order to ensure fair and transparent data processing:

  • You have the right to information under Article 15 of the GDPR regarding whether we process data about you. If that is the case, you have the right to receive a copy of the data.
  • You have the right to rectification of data under Article 16 of the GDPR, which means that we must correct data if you find errors.
  • You have the right to erasure under Article 17 of the GDPR ("right to be forgotten"), which specifically means that you may request the deletion of your data.
  • You have the right to restriction of processing under Article 18 of the GDPR, which means that we may only store the data but not further use it.
  • According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide your data in a commonly used format upon request.
  • According to Article 21 of the GDPR, you have the right to object, which may result in a change in processing after enforcement.
  • According to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing (such as profiling) under certain circumstances.
  • According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short:You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For our company, this is the:

Austrian Data Protection Authority (DSB)Head: Dr. Matthias Schmidl Address: Barichgasse 40-42, 1030 Vienna Phone number: +43 1 52 152-0 Email address: dsb@dsb.gv.at Website:https://www.dsb.gv.at/

Data transfer to third countries 

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if it is legally required, or if it is contractually necessary, and in any case only to the extent that it is generally permitted. Your consent is, in most cases, the primary reason we process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have your server locations, may mean that personal data is processed and stored in unexpected ways. We explicitly point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA for certain US services without an appropriate adequacy decision (e.g., Data Privacy Framework). The data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Whenever possible, we try to use server locations within the EU, if offered.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to draw personal information from our data. Article 25 of the GDPR refers to "data protection by design and by default" here.

TLS encryption with https

We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data securely over the Internet. This means that the entire transmission of all data from your browser to our web server is secured – no one can "eavesdrop". This fulfills our data protection obligations through technology design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small padlock symbol in the upper left corner of the browser.

Objection to advertising emails

The use of contact data published in the context of the legal notice obligation for sending unsolicited advertising and informational materials is hereby objected to. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam emails.

Communication

If you contact us and communicate via phone, email, or online form, it may involve the processing of personal data (e.g., phone number, name, email address). The data will be processed for the handling and processing of your inquiry and the related business transaction. Legal bases:

  • Art. 6 para. 1 lit. a GDPR (Consent): You give us consent to store your data.
  • Art. 6 para. 1 lit. b GDPR (Contract): Fulfillment of a contract or for pre-contractual activities (offer).
  • Art. 6 para. 1 lit. f GDPR (Legitimate Interests): Professional and efficient business communication.

Data Processing Agreement (DPA)

Like most companies, we do not operate alone, but also utilize services from other companies. By involving various companies or service providers, we may share personal data for processing. These partners act as data processors with whom we enter into a contract, known as the Data Processing Agreement (DPA). The processing of your personal data is carried out solely according to our instructions.


Cookies

What are cookies?Our website uses HTTP cookies to store user-specific data. Cookies are small text files that are stored on your computer by our website. Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the "user-related" information back to our site. There are both first-party cookies and third-party cookies.

Types of cookies:

  1. Essential cookies (for basic functions)
  2. Functional cookies (for loading time and user behavior)
  3. Targeted cookies (for better user experience)
  4. Advertising cookies (for personalized advertising)

Right to object – how can I delete cookies? 

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or partially allow cookies.

Legal basis 

The storage of non-essential cookies requires your consent (Article 6(1)(a) GDPR). In Austria, the national implementation of the European Cookie Directive was made in§ 165(3) of the Telecommunications Act 2021 (TKG 2021). For strictly necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1)(f) GDPR), which are mostly of an economic and technical nature. We aim to provide visitors to the website with a smooth user experience, and certain cookies are often strictly necessary for this. Non-essential cookies will only be used with your consent.


Web Hosting

When you visit our website, data such as IP address, browser and browser version, operating system, date, and time are automatically stored in so-called web server log files. This serves the professional hosting of the website, maintaining security, and the anonymous evaluation of access behavior. Typically, the data is stored for two weeks and then automatically deleted. Legal basis: Art. 6(1)(f) GDPR (protection of legitimate interests).


Social Media

In addition to our website, we are also active on various social media platforms. User data may be processed in this context. The data that is stored and processed through your use of a social media channel primarily serves the purpose of conducting web analytics. If you have consented to the processing and storage of your data by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR).


Security & Anti-Spam

With security and anti-spam software, we can protect ourselves from various spam or phishing emails and possible other cyberattacks. Certain processes, especially the use of cookies and the utilization of security features, require your consent (Art. 6 para. 1 lit. a GDPR). Otherwise, we use these services based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in having a good security system.

Cloudflare Turnstile 

We use Cloudflare Turnstile from Cloudflare Inc. (or Cloudflare Germany GmbH, Rosental 7, 80331 Munich). Turnstile is intended to verify whether the data entry on this website is performed by a human or by an automated program. To do this, Turnstile analyzes the behavior of the website visitor based on various characteristics (e.g., IP address, mouse movements). The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in protection against SPAM). If corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and§ 165 para. 3 TKG 2021, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the Austrian Telecommunications Act. Data processing is based on standard contractual clauses.


Payment Providers

We use online payment systems on our website. This may involve sending and processing personal data (name, bank details, IP address) to the respective payment provider. We offer this for the processing of contractual or legal relationships (Art. 6 para. 1 lit. b GDPR).

Duration of data processing 

Über die Dauer der Datenverarbeitung informieren wir Sie weiter unten, sofern wir weitere Informationen dazu haben. Generell verarbeiten wir personenbezogene Daten nur so lange, wie es für die Bereitstellung unserer Dienstleistungen und Produkte unbedingt notwendig ist. Wenn es wie zum Beispiel im Fall von Buchhaltung gesetzlich vorgeschrieben ist, wird diese Speicherdauer entsprechend der rechtlichen Vorgaben verlängert. In Österreich bewahren wir zu einem Vertrag gehörige Buchungsbelege (Rechnungen, Vertragsurkunden, Kontoauszüge u.a.) sowie sonstige relevante Geschäftsunterlagen gemäß den gesetzlichen Aufbewahrungsfristen nach § 132 BAO (Bundesabgabenordnung) und § 212 UGB (Unternehmensgesetzbuch) für in der Regel 7 Jahre auf.


Explanation of terms used

  • Processor:A natural or legal person, authority, institution, or other entity that processes personal data on behalf of the controller.
  • Consent:Any freely given, informed, and unambiguous indication of the data subject's wishes, by which they signify agreement to the processing of personal data.
  • Personal data:Any information relating to an identified or identifiable natural person (name, IP address, email, etc.).
  • Profiling:Any form of automated processing of personal data to evaluate personal aspects.
  • Controller:The natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (here: SolX GmbH).
  • Processing:Any operation performed with or without the help of automated processes in relation to personal data (collection, storage, deletion, etc.).