This data privacy policy is intended to clarify the nature, extent and purpose of how personally identifiable information (hereinafter referred to as “data”) is processed within the scope of our online offer as well as related websites, functions and content, as well as within the framework of external online presences such as our social media profile etc. (hereinafter collectively referred to as “online offer”). With respect to other commonly used terms such as “processing” or “controller”, we refer you to definitions laid out within Art. 4 of the General Data Protection Regulation (GDPR).


Dario Costa
c/o Now Serviceplan GmbH
Gumpendorferstraße 87, Hof 3
1060 Wien


Types of data processed:

• basic data (e.g. name, addresses).

• contact data (e.g. email, telephone numbers).

• content data (e.g. text entries, photographs, video).

• usage data (e.g. websites visited, content interests, session times).

• meta-/communication data (e.g. hardware information, IP addresses).

Purpose of processing

• provide access to the online offer, its functions and content.

• respond to contact requests and communication from users.

• security measures.

• assessment of outreach/marketing

Definition of Terminology

“Personal Data” refers to all information pertaining to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is deemed identifiable if they may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” refers to any operation or set of operations that may be performed in connection with personal data either with or without automated means. This term has wide-ranging application and encompasses practically any kind of data processing.

The “Controller” is the natural or legal person, public authority, agency or other body which, either alone or in collaboration with others, determines the purposes for, and means by which the personal data is processed.

Applicable Legal Basis

As required by Art. 13 GDPR, we are providing you with the legal basis for our processing of data. Insofar as the legal basis is not explicitly cited within this data privacy policy, the following shall apply:

The legal basis for solicitation of consent is Art. 6 par. 1 lit. a and Art. 7 GDPR; for the processing of data in order to fulfill our services and contractual obligations as well as respond to inquiries, Art. 6 par. 1 lit. b GDPR; and for the processing of data in order to protect our vital interests, Art. 6 par. 1 lit. f GDPR. In the event that the vital interests of the person in question or of another natural person make it necessary to process personal data, Art. 6 par. 1 lit. d GDPR will serve as the legal basis.

Cooperation with data processors and third-parties

Insofar as our processing of data requires us to reveal, transmit or provide access to data to other persons and/or businesses (data processors and third-parties), this occurs only on the basis of legal consent (e.g. if transmission of data to third parties, such as a payment providers, is necessary according to Art. 6 par. 1 lit. b GDPR for the performance of the contract), if you have expressed your consent, there is a binding legal obligation to do so, or on the basis of our legitimate interests (e.g. in order to engage the services of agents, web hosts, etc.).

Insofar as we enter into a contract with a third-party in order to process data, we do so on the basis of Art. 28 GDPR.

Transmission of Data to Foreign Countries

Insofar as we process data in a foreign country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this occurs in order to take advantage of third-party services or in order to provide or transmit data to third-parties, this happens only if it is necessary in order to fulfill our (pre-) contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we only process data or have data processed in a foreign country if all of the special provisions are met according to Art. 44 ff. GDPR. That is to say, data is processed e.g. subject to special guarantees, such as an officially sanctioned level of data privacy protection equivalent to that of the EU (e.g. the “Privacy Shield” in the USA) or in compliance with officially accepted special contractual obligations (so-called “standard contractual clauses”.

Rights of the Affected Persons

You have the right to demand a confirmation as to whether or not data pertaining to you is being processed, to be provided with information about said data, about pertinent additional information as well as copies of said data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to have incomplete data completed or to demand that inaccurate data pertaining to you be corrected.

As stipulated under Art. 17 GDPR, you have the right to demand that applicable data be deleted without delay and/or alternatively demand that the processing of data be restricted as required by Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive any data pertaining to you which you had previously provided as well as to transfer said data to other controllers.

Furthermore, in accordance with Art. 77 GDPR, you have the right to submit a complaint with the competent supervisory authority.

Withdrawal Right

In accordance with Art. 7 par. 3 GDPR, you have the right to withdraw your consent with future effect.

Right to Object

You have the right to object at any time to the future processing of data pertaining to you consistent with Art. 21 GDPR. In particular, this objection may pertain to the processing of data for the purposes of direct advertising.

Cookies and the Right to Object to Direct Advertising

The term “cookies” refers to small files that are stored on the user’s computers. These cookies can be used to store a variety of data. A cookie is primarily used to store information about a user (and/or the equipment upon which the cookie has been stored) during or after the user’s visit to a particular online offer. Temporary cookies, known as “session cookies” or “transient cookies”, are those cookies which are deleted once the user has left an online offer and has closed their browser. Such a cookie may include, for example, the content of a shopping basket for an online shop or their login status. “Permanent” or “persistent” cookies are those cookies that remain stored even after the browser has been closed. For example, the login status may be stored for the eventuality that the user returns after several days. Similarly, such a cookie may store the interests of the user, which may in turn be used to assess audience reach or for other marketing purposes. “Third-party cookies” are those cookies supplied by providers other than the controller who operates the online offer (in the latter instance, the cookies are referred to as” first-party cookies”).

We may make use of temporary as well as permanent cookies, clarifying the use thereof within the scope of our data privacy declaration.

If users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option within the system settings of their browser. Cookies which have previously been stored on a computer may be deleted by means of the browser’s system settings. By blocking cookies, the user may potentially restrict the functionality of this online offer.

An across-the-board objection to the use of cookies for the purposes of online marketing, especially for tracking purposes, may be expressed by means of the US website or the EU website . Furthermore, you can prevent cookies being stored on your computer by changing the appropriate browser settings. Please note that, should you choose to do so, you might not be able to take advantage of the full functionality of this online offer.

Deletion of Data

The data which we process is deleted or the processing thereof restricted in accordance with Art. 17 and 18 GDPR. Insofar as not expressly addressed within the framework of this data privacy declaration, the data we have stored will be deleted as soon as it is no longer required for its intended purpose and as soon as this data is no longer subject to statutory retention requirements. Insofar as data is not deleted because it is required for other legally permissible purposes, the processing thereof will be restricted. This means that the data will be blocked and not used for any other purposes. This applies, for example, to data which must be retained in order to comply with commercial or taxation statutes.

In accordance with the German legal code, data is retained for 10 years in compliance with §§ 147 par. 1 AO, 257 par. 1 Nos. 1 and 4, par. 4 HGB (books, records, summaries, accounting records, trading books, taxation-related documentation, etc.) and 6 years in compliance with § 257 par. 1 Nos. 2 and 3, par. 4 HGB (commercial correspondence).

In accordance with the Austrian legal code, data is retained for 7 years in compliance with § 132 par. 1 BAO (accounting records, receipts/invoices, accounts, records, commercial documents, income and expense statements, etc.), 22 years if pertaining to real estate and for 10 years if pertaining to electronic, telecommunication, radio and television services provided to noncommercial entities in EU member states within the scope of the Mini-One-Stop-Shop (MOSS).


The hosting services used by us serve to provide the following benefits: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical support to facilitate our online offer.

In doing so, we and/or our hosting providers process basic data, contact data, content data, contractual data, usage data, meta- and communication data of customers, of interested persons as well as visitors to this online offer on the basis of our legitimate interest in providing an efficient and secure online offer in accordance with Art. 6 par. 1 lit. f GDPR with particular reference to Art. 28 GDPR (contract for the provision of processing services).

Collection of Access Data and Log Files

We and/or our hosting providers pursuant to our legitimate interests consistent with Art. 6 par. 1 lit. f. GDPR collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the webpage accessed, the date and time of day of access, the volume of data transferred, notification of successful request, browser type and version, the user’s operating system, referrer URL (the website which had been visited immediately prior), the IP address as well as the requesting provider.

For security reasons (e.g. to provide evidence of attempted abuse or fraud), log file information is stored for a maximum of 7 days after which it is deleted. Data which needs to be stored longer for evidentiary purposes will not be subject to deletion until such point as the case to which it pertains has been resolved completely.

Contact Procedures and Policies

Upon establishing contact with us (e.g. by means of contact form, email, telephone or social media), the information provided by the user will be used in order to process the contact request in accordance with Art. 6 par. 1 lit. b) GDPR. The information provided by the user may be stored in a Customer Relationship Management System (“CRM System”) or in a comparable inquiry management system.

We delete inquiries insofar as these are no longer required. We review the necessity of storing such inquiries every two years; Furthermore, this policy is subject to statutory archiving obligations.

Google Analytics

Pursuant to our legitimate interests (such as our interest in analyzing, optimizing and commercially operating our online offer within the scope of Art. 6 par. 1 lit. f. GDPR), we utilize Google Analytics, a web analysis service provided by Google LLC (“Google”). Google uses cookies. In general, the information generated by the cookie about use of our online offer is transmitted to a Google server in the USA, where it is also stored. Google is certified under the Privacy Shield agreement, thus guaranteeing it will adhere to European data privacy legislation ( ).

Google will use this information at our request in order to evaluate use of our online offer by users, in order to compile reports about activities within the scope of our online offer, and in order to provide us with other services pertaining to use of our online offer as well as of the Internet in general. In the process, the data which is processed may be used to create a pseudonymous profile of the user.

We only utilize Google Analytics with activated IP anonymization. This means that, within member states of the European Union as well as within other states that are signatories to the charter establishing the European Economic Area, the IP addresses of users are truncated by Google. Only in exceptional cases is the full IP address transmitted to a Google server in the USA, where it is then truncated. The IP address transmitted by the user’s browser is not linked to other data gathered by Google. Users may prevent cookies being stored on their devices by changing the applicable settings of their browser software; furthermore, users may prevent the collection of any data generated by the cookie pertaining to their use of our online offer as well as any further processing thereof by Google, simply by clicking on the following link, then downloading and installing the browser plug-in which is available: .

With one click, you can also prevent tracking by Google Analytics (=opt-out): here

Current setting:

Further information about data usage by Google as well as your settings and blocking options, can be found in Google’s own data privacy policy ( ) as well as in Google’s ad settings ( ).

Personally identifiable data about users is either deleted or anonymized after 14 months.

Online Presence in Social Media

We maintain an online presence within social networks and platforms in order to communicate with customers, interested persons and users who are active there, and to provide them with information about our services. When you visit the various networks and platforms, the respective terms of business and data processing policies of the operator in question will apply.

Unless otherwise stipulated within the framework of our data privacy policy, we process the data of users to the extent that they choose to communicate with us within social networks and platforms, e.g. by writing comments on our online platforms or sending us messages.

Integration of Third-Party Services and Content

On the basis of our legitimate interests (that is to say, in order to analyze, optimize and commercially operate our online offer pursuant to Art. 6 par. 1 lit. f. GDPR), we utilize the content and/or services of third-party providers in order to integrate said content and services, including videos and/or fonts (hereinafter uniformly referred to as “content”).

This always assumes that the third-party provider of such content is aware of the user’s IP address since, without the IP address, the content cannot be sent to your browser. That said, the IP address is required in order to display such content. We make every effort to only use content whose providers use the IP address solely for the delivery of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical and marketing purposes. These pixel tags make it possible to analyze information, such as visitor traffic on the pages of this website. Pseudonymous information may also be stored on the user’s device in the form of cookies, containing technical information such as the type of browser and operating system, linking websites, session times as well as other information pertaining to use of our online offer. Such data may also be linked with other data sources.


We integrate videos from the Internet platform “YouTube” operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy policy: , opt-out: .

Google Fonts

We utilize fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy policy: , opt-out: .

Integration of third-party services and content

Based upon our legitimate interests (i.e. in the analysis, optimization and commercial operation of our online offer consistent with Art. 6 par. 1 lit. f. GDPR), we utilize content and services from third-party providers in order to integrate their content and services, such as videos and fonts (hereinafter referred to collectively as “content”).

This requires the third-party provider of said content be able to detect the IP address of the user, since, without this IP address, they would not be able to send the contact to the user’s browser. That said, the IP address is essential in order to present the aforementioned content. We make every effort only to use content whose provider utilizes the IP address solely in order to deliver that content. Furthermore, third-party providers may use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags may be used to analyze information such as visitor traffic on the pages of this website. Pseudonymic information may also be stored on the user’s device in the form of cookies, potentially containing technical information about the browser and operating system, referring websites, session time as well as other details about use of the online offer, and may also be linked to similar information from other sources.


Our online offer may integrate functions and content of the service Facebook, available from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). This may include content such as pictures, videos and texts, as well as buttons, with which the user can express whether or not they like specific content as well as subscribe to authors of content as well as to our own articles.

Facebook is certified under the Privacy Shield agreement, thereby guaranteeing compliance with European data privacy laws ( ).

If a user activates a function of this online offer that contains such a plug-in, the user’s device will establish a direct connection with the servers of Facebook. The content will be delivered by Facebook directly to the user’s device and integrated into the online offer. Simultaneously, the data processed may be used to create user profiles. Bearing this in mind, we hereby declare that we have no influence on the scope of data that Facebook collects by means of such a plug-in and are only able to inform the user to the extent of our own knowledge.

By incorporating a plug-in, Facebook receives information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook may also collate the visit with the user’s Facebook account. If the user is not a member of Facebook, it is still possible that Facebook will collect and store their IP address. According to Facebook, only an anonymized IP address will be stored in Germany.

The purpose and scope of data collection as well as how said data is further processed and used by Facebook, as well as the user’s rights and settings options with respect to protection of their private sphere, can be read in Facebook’s own data privacy policy: .

If the user is a Facebook member and does not wish for Facebook to collect data about him/her or link this to the member’s own data stored by Facebook by means of this online offer, the user must first log out of their Facebook account before making use of our online offer and also delete their cookies. Additional settings and means of blocking use of data for advertising purposes may be found within the user’s Facebook profile settings , or via the US website or using the EU site . These settings are platform-independent, meaning they are adopted by all equipment, including desktop computers as well as mobile devices.


Our online offer may integrate functions and content from the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as pictures, videos and texts, as well as buttons with which the user can express whether or not they like specific content as well as subscribe to authors of content as well as to our own articles. Insofar as users are members of the platform Instagram, Instagram may collate user access to such content and functions with the user’s existing Instagram profile. Instagram’s own data privacy policy may be found at: .

Created with the aid of from RA Dr. Thomas Schwenke