Privacy Policy

Data Protection Declaration | Last update: September 2021

Disclosure of information by Epoona GmbH (“we“) pursuant to Art 13 General Data Protection Regulation (EU) 2016/679 (“GDPR“) concerning data processing in the course of accessing and using the website (“Website“).

Thank you for your interest in our Website. The protection of your privacy is very important to us. Consequently, we process your data strictly in accordance with the GDPR in conjunction with the Austrian Data Protection Act (“DSG“), the Austrian Telecommunications Act 2003 (“TKG“) and other relevant legal provisions.

Data protection regulations primarily concern the processing of personal data. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. Thus, the term “processing” of personal data essentially includes any handling of such data. Insofar as data processed by us are human-related and make you identifiable as a person, they are to be considered personal data and you are to be considered a data subject in the sense of Art 4 item 1 GDPR.

You are not obligated to provide us with any of your data. Any data automatically processed due to merely accessing the Website are either of non personal nature or only stored for short periods (see, in particular, point 2).

1. Controller regarding the processing of user data; contact options

Controller in the sense of Art 4 item 7 GDPR: Contact:
Epoona GmbH
Schätzgasse 4/3, 1190 Vienna, Austria
Telephone: +43 660 1132440

2. Processing of access data when visiting our Website

When accessing our Website, certain access data are processed automatically in so called server log files for the purposes of technical security, improvement of website quality and statistical purposes; this processing is based on our legitimate interest (Art 6 para 1 lit f GDPR), which consists in achieving the aforementioned purposes.
In particular, the following data are processed in this context: (i) name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used in anonymised form).
This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. The server log files are, in general, automatically deleted after fourteen (14) days, at the latest.

3. Contacting

When contacting us via a contact form provided on our Website, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request as we would otherwise not be able to contact you. Details whose indication is mandatory are marked as “required”; certain additional information may be provided voluntarily. Moreover, the respective elucidations of this point apply accordingly to the processing of data being entailed by direct contact requests executed via contact details provided on our Website respectively in this Data Protection Declaration, without making use of the contact form. Purpose of the data processing is to enable us an exchange with users. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system.
We delete your requests as well as your contact data, if the request has been answered conclusively. Your data are, in general, stored for a period of up to twelve (12) months and deleted afterwards as long as we do not receive any follow-up requests in the meantime.

4. Links to third party sites

On our Website, we use links to the websites of third parties. These are, in particular, links to our presences in social networks (e.g. LinkedIn, Facebook, etc.) or to specialist articles with respect to our field of business. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you, in general, to the separate data protection declarations of these websites.

5. Data transfer

In general, your data are transferred to third parties only in exceptional cases (as long as you are not notified separately):

  • We transfer your data to other controllers in case we are legally obligated to do so; recipients may primarily be authorities or courts fulfilling their statutory duties;
  • We transfer your data to processors in the sense of Art 28 GDPR if expressly identified and designated in this Data Protection Declaration when outlining a respective data processing operation;
  • A transfer of your data to third countries does not take place unless expressly depicted in the course of this Data Protection Declaration.

6. Rights of the data subject

You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 1; we shall then answer your request as soon as possible and within one month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):

  • Access and further information concerning your individual data processed by us (right of access, Art 15 GDPR);
  • Rectification of wrongly recorded data or data that have become inaccurate or incomplete (right to rectification, Art 16 GDPR);
  • Erasure of data which (i) are not necessary in light of the purpose of data processing, (ii) are processed unlawfully, (iii) must be erased due to a legal obligation or an objection to the processing (right to erasure, Art 17 GDPR);
  • Temporary restriction of processing under certain circumstances (right to restriction of processing, Art 18 GDPR).
  • Objection to any processing of your data being based on our legitimate interest (Art 6 para 1 lit f GDPR) on grounds relating to your particular situation (right to object; Art 21 para 1 GDPR);
  • Right to lodge a complaint with a national supervisory authority in respect of our processing of your data; in Austria, such complaint follows the requirements and stipulations of § 24 DSG and has to be directed to the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, (email), (phone) +43 1 52 152-0 (to simplify the processes involved, the Austrian Data Protection Authority provides templates and forms in this regard: