Privacy Policy

Datenschutzerklärung — Last updated: June 2025

1. Controller

SocialWerk GmbH
Musterstraße 12/3
1010 Wien, Austria
Email: datenschutz@socialwerk.at
Phone: +43 660 123 4567

Responsible for the processing of personal data on this website as defined by the EU General Data Protection Regulation (GDPR) and the Austrian Datenschutzgesetz (DSG).

2. Data We Collect

When you use our website or contact us, we may collect the following personal data:

  • Contact form submissions: name, email address, phone number, message content, selected package, promo code
  • Technical data: IP address (anonymized), browser type, operating system, referral source, pages visited, time of access
  • Cookie data: based on your consent preferences (see Cookie Policy)
  • UTM parameters: campaign tracking data from URLs (utm_source, utm_medium, utm_campaign)

3. Legal Basis for Processing

We process your data based on the following legal grounds under Art. 6 GDPR:

  • Consent (Art. 6(1)(a)): when you submit a form or accept cookies
  • Contract performance (Art. 6(1)(b)): when processing is necessary for a service you requested
  • Legitimate interest (Art. 6(1)(f)): for website analytics and security

4. How We Use Your Data

  • To respond to your inquiries and provide consultations
  • To send you information about our services (only with consent)
  • To process payments via Stripe (data is handled by Stripe Inc. under their own privacy policy)
  • To improve our website and services
  • To comply with legal obligations

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above, or as required by law. Specifically:

  • Contact form submissions: up to 2 years after last interaction
  • Invoicing data: 7 years (Austrian tax law — BAO §132)
  • Cookie consent records: 1 year from consent date
  • Analytics data: anonymized, no personal data retained

6. Third-Party Services

We may share data with the following third-party services, all of which are GDPR-compliant:

  • Stripe Inc. — payment processing (US, EU Standard Contractual Clauses)
  • Google Fonts — web fonts served from Google (no cookies, no tracking)
  • Plausible Analytics — privacy-first analytics, no cookies, EU-hosted
  • Telegram Bot API — internal notifications only (no user data shared publicly)

7. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten", Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise any of these rights, contact us at datenschutz@socialwerk.at.

8. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Wien
Website: www.dsb.gv.at

9. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted database storage (SSL/TLS), secure authentication for admin access, and regular security reviews.

10. Changes to This Policy

We may update this policy from time to time. The latest version will always be available on this page with the updated date.