We have drafted this privacy policy (version 16.12.2023-122688162) to inform you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national laws, about which personal data (short: data) we process as controllers, as well as which processors (e.g., providers) commissioned by us process, will process in the future, and what rights you have. All terms used are intended to be gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies typically sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important aspects as simply and transparently as possible. Where it is helpful, technical terms are explained in a user-friendly way, links to further information are provided, and graphics may be used. We aim to make it clear and easy to understand that we only process personal data within the scope of our business activities when there is a corresponding legal basis. This is certainly not possible with the kind of brief, vague, and legal-technical explanations often standard on the internet regarding privacy. We hope you find the following explanations interesting and informative and perhaps discover information you were not previously aware of.
If you still have questions, please contact the responsible entity listed below or in the legal notice, follow the provided links, and consult further information on third-party sites. You will find our contact details in the legal notice.
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can provide and bill for our services and products, whether online or offline. The scope of this privacy policy covers:
In short: The privacy policy applies to all areas in which personal data is processed in the company via the mentioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation (GDPR), which allow us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation), which you can read online at EUR-Lex, the gateway to EU law.
We only process your data if at least one of the following conditions is met:
Other grounds, such as processing in the public interest or the exercise of official authority, or the protection of vital interests, generally do not apply to us. If such a legal basis does apply, it will be specified at the relevant point.
In addition to the EU Regulation, national laws also apply:
If further regional or national laws apply, we will inform you in the following sections.
If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible entity below:
RocFortis Group Holding GmbH
Hietzinger Hauptstraße 100/20
1130 Vienna
Austria
Email: office@rocfortis.com
As a general rule, we store personal data only for as long as is absolutely necessary to provide our services and products. This means we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, for example for accounting purposes.
If you request the deletion of your data or withdraw your consent for data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.
Where applicable, we provide specific information about the duration of individual data processing operations further below.
According to Articles 13 and 14 of the GDPR, you have the following rights to ensure fair and transparent data processing:
In Austria, the relevant authority is:
Austrian Data Protection Authority
Director: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40–42, 1030 Vienna
Phone: +43 1 52 152-0
Website: https://www.dsb.gv.at/
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have given your consent, if there is a legal obligation, or if the transfer is necessary to fulfill a contractual relationship. This is particularly relevant if service providers or tools are based in the United States or other non-EU countries.
We explicitly point out that, according to the European Court of Justice, an adequate level of protection for data transfers to the USA only exists when the U.S. company participates in the EU-U.S. Data Privacy Framework. More information can be found at the official EU website.
Data processing by U.S. services that are not part of the framework may result in data being processed without anonymization and accessible to U.S. authorities. Where possible, we strive to use EU-based servers.
To protect personal data, we have implemented technical and organizational measures. Where possible, data is encrypted or pseudonymized to make it difficult for third parties to identify individuals.
Article 25 GDPR refers to „data protection by design and by default.“ This means privacy must be considered from the outset, whether in software (e.g., forms) or hardware (e.g., server access).
We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the internet. This ensures that data is encrypted during transmission and protected from unauthorized access.
You can recognize secure HTTPS use by the padlock symbol in your browser’s address bar and the use of „https://“ in our URL.
If you contact us via telephone, email, or an online form, personal data may be processed.
The data is processed to handle and respond to your inquiry and any resulting business transaction. The data is stored for as long as necessary for the purpose or as required by law.
All persons who contact us via the communication channels provided are affected by the data processing.
If you call us, call data may be stored pseudonymously on the device used and at the telecommunications provider. Additionally, data such as name and telephone number may be sent via email and stored for inquiry processing. The data is deleted as soon as the matter is resolved and legal retention periods allow.
If you communicate with us via email, data may be stored on the respective device and on the email server. The data is deleted once the business case is closed and legal requirements allow.
If you contact us using an online form, data is stored on our web server and may be forwarded to our email inbox. The data is deleted once the inquiry is resolved and legal requirements allow.
The processing of this data is based on the following legal bases:
Our website uses HTTP cookies to store user-specific data. When you browse the web, your browser stores small text files called cookies. These files contain information such as your preferred language or personal page settings. When you revisit our site, your browser sends this information back to the site, allowing us to provide a personalized user experience.
Cookies are very useful and are used on nearly every website. HTTP cookies are the most common type and are stored in your browser’s cookie folder. Each cookie typically contains a name, a value, and one or more attributes.
Name: _ga
Value: GA1.2.1326744211.152122688162-9
Purpose: Distinguishes website visitors
Expiration: after 2 years
Most browsers support the following minimum cookie sizes:
The specific cookies we use depend on the services and tools implemented on our website. Generally, cookies can be categorized as follows:
The specific purpose and types of data stored vary by cookie. These are generally outlined in the tool or software provider’s privacy policies. Cookies may store data such as IP address, device information, browser type, and behavior on our website.
The storage duration of cookies depends on their purpose. Some expire within minutes, others after several years. You can delete cookies manually at any time via your browser settings.
You can choose whether to allow cookies. Most browsers offer settings to disable or delete cookies. You can also block third-party cookies while allowing others.
For browser-specific instructions, search terms like “delete cookies Chrome” or “disable cookies Firefox” can help.
According to the “Cookie Directive” (EU), storing cookies requires your consent (Art. 6(1)(a) GDPR), unless the cookie is strictly necessary. In Austria, this is regulated by § 96(3) of the Telecommunications Act (TKG); in Germany, it falls under § 15(3) of the Telemedia Act (TMG).
For strictly necessary cookies, we rely on our legitimate interest (Art. 6(1)(f) GDPR) to provide a user-friendly and secure website experience.
When you visit websites today, certain information — including personal data — is automatically created and stored. This also applies to our website. Hosting refers to storing and running our website on a server, typically managed by a third-party provider. Whenever you visit a webpage, your browser connects to this server to retrieve the page content.
During this process, personal data may be processed. For example, your IP address is temporarily stored to ensure the website is delivered correctly. Our hosting provider ensures that this process is secure, reliable, and complies with data protection laws.
Even while you are browsing our website, our web server typically logs the following information (web server log files):
This data is usually stored for two weeks and then automatically deleted. We do not share this data, but cannot rule out that it may be accessed by authorities in the event of illegal activity.
In short: Your visit is logged by our hosting provider, but we do not share your personal data without your consent.
The processing of personal data in the context of web hosting is based on our legitimate interest under Article 6(1)(f) GDPR. It is essential for operating a secure and user-friendly online presence.
A data processing agreement (DPA) in accordance with Article 28 GDPR is in place with our hosting provider to ensure compliance and security.
We use web analytics tools on our website to analyze the behavior of visitors. These tools collect and process data that is used to generate reports about website usage. These reports help us understand which content is well received and how we can improve our services.
Most analytics tools use cookies to store information about user interactions. Some also support A/B testing and user profiling to evaluate the effectiveness of different website versions or marketing strategies.
Our goal is to offer the best possible online experience. By analyzing visitor behavior, we can identify what works well and what doesn’t. This enables us to optimize content, improve usability, and tailor our offerings to your needs.
Depending on the analytics tool, the following data may be collected:
The use of analytics tools requires your consent under Article 6(1)(a) GDPR. We obtain this via our cookie consent banner. Additionally, we have a legitimate interest (Article 6(1)(f) GDPR) in analyzing user behavior to improve our website technically and economically — but only if you have granted consent.
We use Google Analytics 4 (GA4), a web analysis service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). GA4 helps us understand how users interact with our website through event-based tracking (e.g., clicks, scrolls, form submissions).
Data is collected using cookies and stored on Google servers. GA4 anonymizes IP addresses and uses machine learning to fill in missing data and predict user trends.
Data retention can be configured. Standard periods are 2, 14, or 26 months, or until manually deleted.
You can install a browser add-on to disable Google Analytics: GA Opt-out.
Google Analytics is used based on your consent (Article 6(1)(a) GDPR). Additionally, we may rely on our legitimate interest under Article 6(1)(f) GDPR to analyze user behavior — but only with your consent.
Google may process data in the USA. Google is a certified participant of the EU-US Data Privacy Framework and uses Standard Contractual Clauses (SCCs) to ensure compliance with GDPR when transferring data to third countries.
We maintain official profiles on various social media platforms to communicate with users and present our services. When you interact with us through these platforms (e.g., by commenting or messaging), your personal data may be processed by us and the platform provider.
Additionally, social networks may analyze your usage behavior and create comprehensive user profiles, even outside the platforms. This happens particularly when you are logged in to your social media account while visiting our pages.
Social media is an essential part of modern communication. Our presence helps us stay visible, share information, and offer support to users via platforms they already use.
Data processed may include:
We only store user data as long as necessary to fulfill the purpose of communication and support. Platform providers may store your data according to their own policies.
You can exercise your rights regarding data processing directly with the platform provider. For example, you can request data access or deletion. If you need help enforcing your rights, feel free to contact us.
Social media usage is based on our legitimate interest in public communication and branding (Article 6(1)(f) GDPR). If the platform requests your consent, data processing is based on your agreement (Article 6(1)(a) GDPR).
According to Article 26 GDPR, we may be jointly responsible for data processing on social media platforms. However, the core infrastructure and user tracking are primarily controlled by the platform provider.
We may update this privacy policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons.
We recommend that you review this privacy policy regularly to stay informed about how we are protecting your data. The date of the most recent revision will be indicated at the top of the policy.
This privacy policy is valid for all pages under the domain thenestcircle.com, unless otherwise stated on a specific page.
Should you have any questions or concerns regarding this privacy policy or the processing of your personal data, please do not hesitate to contact us using the contact details provided in the legal notice.
This privacy policy informs you about the most important aspects of data processing on our website. We collect and process personal data exclusively in accordance with the applicable legal provisions (General Data Protection Regulation, Telecommunications Act 2003).
As soon as you, as a user, access or visit our website, your IP address, the start, and end of the session are recorded. This is technically necessary and thus constitutes a legitimate interest according to Article 6(1)(f) GDPR.
If you contact us either through the contact form on our website or via email, the data you provide will be stored for six months for the purpose of processing your inquiry and in case of follow-up questions. This data will not be disclosed without your consent.
Our website uses so-called cookies. These are small text files that are stored on your device with the help of your browser. They do not cause any harm. We use cookies to make our offering user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser the next time you visit.
If you do not wish this, you can set your browser to inform you about the use of cookies and only allow this in individual cases. If cookies are deactivated, the functionality of our website may be limited.
Our website uses features of the web mapping service “Google Maps.” The service provider is:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Tel: +353 1 543 1000
When using Google Maps, it is necessary to store and process your IP address. Google typically transmits the data to a server in the USA and stores it there. This processing is carried out by the service provider listed above. The operator of this website has no influence on this data transmission.
Data processing is carried out based on the legal provisions of § 96(3) TKG and Article 6(1)(f) GDPR (legitimate interest). The use of Google Maps improves the discoverability of the locations presented on our website.
More information on how Google handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy
Google also processes data in the USA but is certified under the EU-US Privacy Shield Framework: https://www.privacyshield.gov/EU-US-Framework
Our website uses fonts provided by “Google Fonts.” The service provider is:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Tel: +353 1 543 1000
When visiting our website, your browser loads these fonts and stores them in its cache. As a result, Google may set or analyze cookies on your device.
The use of “Google Fonts” serves to optimize our service and ensure consistent presentation of content. This constitutes a legitimate interest under Article 6(1)(f) GDPR.
For more information, visit: https://developers.google.com/fonts/faq
Google’s Privacy Policy: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
This website and its associated hosting provider automatically collect data as part of server log files. This includes:
This information is not used to personally identify users or combined with personal data. However, the website operator reserves the right to review this data in case of suspected unlawful activity.
As a data subject, you have the following rights concerning your data stored by us:
If you believe that the processing of your data violates data protection law, or if your data protection rights have otherwise been violated in any way, you can contact us or file a complaint with the data protection authority.
Website Operator: RocFortis Group Holding GmbH
Phone: +43 664 9124848
Email: office@rocfortis.com