PRIVACY POLICY



Last updated: June 2, 2025

1. Introduction

artac GmbH (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or otherwise interact with us. By accessing or using our services, you acknowledge that you have read, understood, and agree to the practices described below.

2. Data Controllerartac GmbHLortzinggasse 148041 GrazAustriaE-mail: hello@artac.at

The Data Protection Officer (DPO), if appointed, can be contacted at hello@artac.at.

3. Types of Personal Data We CollectWe collect and process the following categories of personal data:

  1. Identity Data

    • Full name, title, job title, and company (if you contact us for business inquiries).

  2. Contact Data

    • E-mail address, telephone number, postal address.

  3. Technical Data

    • IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

  4. Usage Data

    • Information about how you use our website, products, and services (e.g., pages visited, links clicked, date/time stamps).

  5. Marketing and Communications Data

    • Your preferences in receiving marketing from us, and your communication preferences.

Note: We do not collect any “Special Categories” of sensitive personal data (e.g., race, religion, health data).

4. How We Collect Your Data

  • Directly from You

    • When you fill in forms on our website (e.g., “Contact Us” forms, newsletter sign-ups, job applications).

    • When you correspond with us by phone, e-mail, or otherwise.

  • Automatically

    • Via cookies and similar tracking technologies when you visit our website.

  • From Third Parties

    • Business partners, service providers (e.g., CRM tools), or publicly available sources (e.g., professional social networks).

5. Purpose and Legal Basis for Processing

We will only use your personal data when there is a lawful basis to do so. Below are the purposes for which we use your data and the corresponding legal bases under the EU General Data Protection Regulation (GDPR):

Purpose Data Categories Used Legal Basis

To respond to inquiries and provide supportIdentity, Contact, UsagePerformance of a contract; Legitimate interest (responding to customer requests)To operate, maintain, and improve our websiteTechnical, UsageLegitimate interest (ensuring website functionality and improving user experience)To send you newsletters, marketing communications, or promotional materialsIdentity, Contact, Marketing & CommunicationsConsent (where required); Legitimate interest (with opt-out option)For recruitment processes (e.g., handling job applications)Identity, Contact, Job Application DataPerformance of a contract (pre-employment screening); Legitimate interest (staff planning)To comply with legal and regulatory obligationsIdentity, Contact, Technical, UsageLegal obligationTo protect our rights, property, or safety (including fraud prevention)Identity, Contact, Technical, UsageLegitimate interest (ensuring security, preventing fraud)

6. Cookies and Similar Technologies

We use cookies, web beacons, and similar technologies to collect information about your browsing behavior on our website. This helps us:

  • Ensure the website functions correctly.

  • Tailor content and advertisements to your interests.

  • Analyze traffic and usage patterns (e.g., via Google Analytics or other analytics tools).

When you first visit our site, you will be presented with a cookie banner allowing you to accept or decline non-essential cookies. You may adjust your browser settings to refuse all cookies or to indicate when a cookie is being sent. However, disabling cookies may result in limited functionality on our website.

7. Third-Party Disclosure and Sharing

We may share your personal data with:

  1. Service Providers and Subprocessors

    • Companies that provide IT, hosting, email delivery, CRM, marketing automation, analytics, or other business services.

  2. Professional Advisors

    • Lawyers, auditors, and consultants who assist us with legal, regulatory, tax, or business matters.

  3. Regulatory and Law Enforcement Authorities

    • When required by applicable law, regulation, legal process, or binding governmental request.

  4. Business Partners

    • Where you have opted in to receive joint offerings (e.g., co-branded newsletters).

We will not sell, rent, or trade your personal data to third parties for their marketing purposes without your explicit consent.

8. International Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we do so, we will ensure one of the following safeguards is in place:

  • The European Commission has issued an adequacy decision for the country.

  • We have implemented Standard Contractual Clauses (SCCs) approved by the European Commission.

  • Other appropriate safeguards as permitted by applicable law.

A copy of any transfer mechanism used can be obtained by contacting us at hello@artac.at.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. In particular:

  • Prospective Customers / Inquiries: 

  • Data is retained for up to 2 years after the last contact, unless a longer retention period is required or permitted by law.

  • Job Applicants: 

  • Data is retained for up to 6 months after the recruitment process concludes, unless consent is obtained to retain for future vacancies or if local law requires a longer period.

  • Newsletter Subscribers: 

  • Data is retained until you opt out or unsubscribe.

  • Analytics / Usage Data: 

  • Retained for up to 24 months, in aggregated or anonymized form whenever feasible.

After these retention periods, data will be securely deleted or anonymized so that it can no longer be associated with you.

10. Your Rights Under the GDPRIf you are located in the EEA, you have the following rights regarding your personal data:

  1. Right of Access

    • You may request confirmation of whether we process your personal data and obtain a copy.

  2. Right to Rectification

    • You may ask us to correct or update inaccurate or incomplete data.

  3. Right to Erasure (“Right to be Forgotten”)

    • You may request deletion of your personal data under certain circumstances (e.g., data no longer necessary, consent withdrawn).

  4. Right to Restrict Processing

    • You may request that we limit how we use your personal data under certain conditions.

  5. Right to Data Portability

    • You may request to receive your personal data in a structured, commonly used, machine-readable format (where the processing is based on consent or contract).

  6. Right to Object

    • You may object to processing based on legitimate interests or direct marketing.

  7. Right to Withdraw Consent

    • If processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact our DPO at hello@artac.at. We will respond within one month of receipt of your request, unless a more complex case warrants an extension (up to two additional months, with notice).

If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with an EU supervisory authority, e.g., the Data Protection Authority (Datenschutzbehörde) in Austria:

Österreichische DatenschutzbehördeWickenburggasse 81080 Vienna, AustriaPhone: +43 1 52 152-0E-mail: dsb@dsb.gv.at

11. Security Measures

We implement appropriate technical and organizational measures designed to protect your personal data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit (TLS/SSL).

  • Access controls limiting employee access to personal data on a “need-to-know” basis.

  • Regular security audits and vulnerability assessments.

  • Secure data storage on EU-based servers (or in countries with adequate safeguards).

Despite our efforts, no method of transmission or electronic storage is 100 % secure. Accordingly, we cannot guarantee absolute security but strive to continuously improve and adapt our practices.

12. Links to Other Websites

Our website may contain links to third-party websites, plug-ins, or applications. Clicking on these links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy statements. We encourage you to read the privacy policies of any website you visit.

13. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected information about a child under 16, please contact us at hello@artac.at so that we may delete the information.

14. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal or regulatory requirements, or for operational reasons. When we post changes, we will revise the “Last updated” date at the top. If changes are material, we may provide more prominent notice (e.g., banner notification on our website or e-mail to subscribers).

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer or the general privacy address:

artac GmbH – Data Protection InquiryLortzinggasse 148041 GrazAustriaE-mail: hello@artac.at

16. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.

  • “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or erasure.

  • “Consent” means a freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

  • “Data Subject” means an identified or identifiable natural person whose personal data is processed.

  • “Data Controller” means the entity that determines the purposes and means of processing personal data (in this case, artac GmbH).

  • “Data Processor” means an entity that processes personal data on behalf of the Controller.

17. Acknowledgment and Acceptance

By using our website or providing your personal data to us, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with any part of this policy, please do not use our website or provide us with your personal data.