A single red line loops and curves smoothly on a light gray background, forming a large loop near the center before continuing off the right edge.

Privacy policy

Status: 30.11.2025

The protection of your personal data is important to us. In this privacy policy, we inform you about how we process your data in connection with the use of our website and special applications of Kreativwirtschaft Austria.

For all other processing of personal data, the privacy policy of the Austrian Federal Economic Chamber (WKÖ) applies. Privacy policy – WKO

Responsible persons

Kreativwirtschaft Austria
Wiedner Hauptstraße 63
A-1045 Vienna, Austria
Imprint: www.kreativwirtschaft.at/impressum-offenlegung/

Authorized representatives:
Gerin Trautenberger, BA (hons), MSSc
Michaela Gutmann LL.M.,
You can reach us at the following contact details:
E-mail kreativwirtschaft@wko.at
Phone +43 (0) 590900 4000

Our data protection officer

You can reach our data protection officer Ing. Florian Kössler at the following contact
E-Mail florian.koessler@inhouse.wko.at

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a full IP address is not required, the IP address is truncated (also known as “IP masking”). The last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it significantly more difficult to identify a person by their IP address.

TLS encryption (https): We use TLS encryption to protect your data transmitted via our online offering. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of personal data

As part of our processing of personal data, data may be transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data include public bodies, in particular on the basis of funding agreements in which Kreativwirtschaft Austria is the funding recipient, and may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: We may transfer personal data to other bodies within the Economic Chamber organization or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate interests or takes place if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or a legal permission exists.

Storage duration

We only store your data for as long as is necessary due to statutory or contractual retention periods, until the end of relevant limitation periods, in order to investigate any attacks on our website or any legal disputes in which the data is required as evidence.

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other permissions cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Our data protection notices may also contain further information on the storage and deletion of data, which apply primarily to the respective processing.

Use of cookies

We use cookies to provide and optimize our website. Cookies are small files that are stored on your device. Some are technically necessary, others are used for analysis or marketing purposes. The legal basis is either your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR), provided that the cookies are necessary for operation. You can withdraw your consent at any time or deactivate cookies via your browser settings.

We use session cookies, which are deleted when the browser is closed, and permanent cookies, which remain stored for up to 2 years, unless otherwise stated.

You can revoke your consent at any time via our cookie consent tool (Borlabs) or via the browser settings. Further opt-out options: https://optout.aboutads.info or https://www.your onlinechoices.com

  • Cookie consent management with Borlabs

We use the BorlabsCookie tool to manage your consent to the use of cookies. Your consent is stored so that we do not have to ask for it again each time you visit our website and to fulfill legal obligations to provide evidence.

The data is stored locally on our server and/or in an opt-in cookie on your device. A pseudonymous user ID, language, type of consent and time are stored. The data will not be passed on to third parties.

BorlabsCookie: Cookie consent management;
Service provider: Hosted locally on our server, no data transfer to third parties;
Website: https://de.borlabs.io/borlabs-cookie/;
Further information: An individual user ID, language and types of consent and the time they were given are stored on the server and in the cookie on the user’s device.

Overview table for cookies

Provider / ServicePurposeCookie typeStorage durationLegal basis
Hetzner (Server)Technically necessary server cookiesSessionSessionArt. 6 para. 1 lit. f GDPR
Borlabs CookieSaving the consentFunctional1 yearArt. 6 para. 1 lit. c GDPR
MailChimpNewsletter trackingMarketingup to 1 yearConsent
Google Tag ManagerTag managementFunctionalup to 1 yearLegitimate interest
MatomoReach analysis (anonymized)Analysisup to 13 monthsConsent
Meta / Facebook PixelConversion tracking, retargetingMarketingup to 3 monthsConsent
HotjarUser behavior analysisAnalysisup to 1 yearConsent
LinkedIn Insight TagConversion trackingMarketingup to 6 monthsConsent
Google Maps / APIMap displayFunctionalup to 6 monthsConsent
YouTubeVideo embedding, trackingMarketingup to 6 monthsConsent
AI chatbotChat function with AI system MyGPTFunctionalSessionLegitimate interest
BugsnagError analysisFunctionalup to 1 yearLegitimate interest
Google AdsConversion trackingMarketingup to 3 monthsConsent
UTM parametersBasic function for campaign trackingFunctionalSessionLegitimate interest
Social media linksLinking to external platformsFunctionalSessionLegitimate interest
Google FontsFont provisionFunctionalup to 1 yearLegitimate interest

Web hosting and e-mail services

We use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, to host our website and to send and receive emails. Hetzner provides us with storage space, computing capacity and the technical infrastructure. As part of these services, Hetzner processes personal data that is collected when you visit our website or communicate with us by email. This includes in particular

Server log files (e.g. IP address, date and time of access, requested page, browser information), content that you transmit via our website and data from e-mail traffic.

for Hetzner: services in the field of provision of information technology infrastructure and related services (e.g. storage space and/or computing capacity);
Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: https://www.hetzner.com
Privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz
Order processing contract: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

Registration for events and applications for services

We offer registration forms on our website for participation in events and for applications for our services. In doing so, we collect personal data that is required for registration or application. This includes in particular

  • Name,
  • Contact details (e.g. e-mail address, telephone number)
  • Further information required for the conditions of participation or a selection procedure

Purpose of the processing: Carrying out the registration or application, fulfillment of contractual or pre-contractual obligations and, if applicable, legal requirements.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract fulfillment or pre-contractual measures) and Art. 6 para. 1 lit. c GDPR (legal obligations).
Storage period: The data is stored in a database on our website and additionally transmitted by email to kreativwirtschaft@wko.at. We retain the data for as long as necessary to fulfil our legal or contractual obligations.
Recipients: Kreativwirtschaft Austria (WKO), internal processing by authorized employees.
Security: We have taken technical and organizational measures to protect your data.

Contact and inquiry management

When contacting us (e.g. by contact form, email, telephone or via social media) and in the context of existing user and business relationships, the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Affected persons: Communication partner.
Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability.
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR); contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b) GDPR).
Further information on processing operations, procedures and services:
Contact form: When users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request;
Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers’ data is only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. In addition, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of contractual services and customer support; feedback (e.g. collecting feedback via online form); provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Newsletter and electronic notifications

We only send newsletters, emails and other electronic notifications (hereinafter “newsletter”) with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter is always carried out in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.

Deletion and restriction of processing: We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose.

The registration process is logged on the basis of our legitimate interests for the purpose of verifying that it is carried out properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Newsletter dispatch via Mailchimp

We use the services of Mailchimp to send our newsletter. Mailchimp enables us to create, send and manage newsletters. This involves processing personal data that you provide to us when you register for the newsletter (e.g. name, email address). In addition, technical data such as IP address, time of retrieval and interactions with the newsletter (e.g. opening and click rates) may be processed.

Contents:
Information about us, our services, campaigns and offers.

Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times).
Affected persons: Communication partner.
Purposes of processing: direct marketing (e.g. by email or post); reach measurement (e.g. access statistics, recognition of returning visitors).
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR).
Option to object (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably e-mail.
Measurement of opening and click rates: The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.the measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users.a separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted;

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR).

Further information on processing operations, procedures and services

  • Mailchimp

Email marketing and newsletter management services;
Service provider: Intuit Inc, 2700 Coast Ave, Mountain View, California 94043, USA;
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR) for sending newsletters; legitimate interests (Art. 6 para. 1 lit. f GDPR) for statistical evaluations;
Website: https://www.mailchimp.com;
Privacy Policy: https://mailchimp.com/legal/privacy/;
Data transfer to the USA: takes place on the basis of the EU-US Data Privacy Framework (DPF);
Data processing agreement: concluded in accordance with Art. 28 GDPR.

Web analysis, monitoring and optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used or invite reuse. We can also understand which areas require optimization.

In addition to web analysis, we may also use test procedures, e.g. to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in an end device and read out from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles); Tracking (e.g. profiling based on interests and behavior). interest/behavioral profiling, use of cookies); click tracking; A/B tests; heatmaps (mouse movements by users that are combined to create an overall picture); provision of our online services and user-friendliness.
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR).
Further information on processing operations, procedures and services:

  • Google Tag Manager

Google Tag Manager is a solution with which we can manage website tags via an interface and thus integrate other services into our online offering (please refer to further information in this privacy policy). The Tag Manager itself, which implements the tags, does not create user profiles or store cookies. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager;

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);
Website: https://marketingplatform.google.com;
Privacy Policy: https://policies.google.com/privacy;
Data processing agreement: https://business.safety.google/adsprocessorterms;
Standard contractual clauses (ensuring the level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms.

  • Hotjar Observe

Software for the analysis and optimization of online offers on the basis of pseudonymous measurements and analyses of user behavior, which may include in particular A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement of click paths and interaction with content and functions of the online offer (so-called heat maps and recordings);

Service provider: Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta ;
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);j
Website: www.hotjar.com;
Privacy Policy: www.hotjar.com/legal/policies/privacy;
Deletion of data: The cookies that Hotjar uses have a different “lifespan”; some remain valid for up to 365 days, some only during the current visit; cookie policy: www.hotjar.com/legal/policies/cookie-information;
OptOut: www.hotjar.com/legal/compliance/opt-out.

  • Matomo

Matomo is software that is used for the purposes of web analysis and reach measurement. When Matomo is used, cookies are generated and stored on the user’s device. The user data collected through the use of Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/;

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);
Deletion of data: The cookies have a maximum storage period of 13 months.

  • UTM parameters

We use so-called UTM parameters (Urchin Tracking Module) in links to analyze the effectiveness of our marketing measures. UTM parameters are short text modules that are appended to the URL and contain information such as campaign name, source, medium or content. These parameters help us to recognize which campaign or platform brought you to our website. If UTM parameters are listed in the URL, they have no function on their own. However, other tracking tools use the UTM parameters to store which campaigns, for example, you used to access our website. These tracking tools are listed in the privacy policy for web analytics tools and must be approved by you in advance.

Processed data types:
URL parameters (e.g. campaign name, source, medium)
Usage data (e.g. pages visited, click paths)
Meta data (e.g. time information, browser information)
The UTM parameters themselves do not contain any personal data such as names or email addresses. They are used in conjunction with web analysis tools (e.g. Google Analytics) to carry out statistical evaluations.
Service provider: Depending on the analysis tool used (e.g. Google LLC for Google Analytics)
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR) in the analysis and optimization of our online offer; if tracking cookies are set, this will only be done with your consent (Art. 6 para. 1 lit. a GDPR).
Storage duration: UTM parameters are only processed temporarily and are not stored permanently. The evaluation is anonymized or pseudonymized.
Opt-out: You can prevent processing by the tracking tools by making the appropriate settings in our consent tool or by deactivating cookies in your browser. You can find more information in our privacy policy on web analysis tools.

  • Bugsnag

Error and performance monitoring. Bugsnag helps us to identify and rectify technical problems in order to ensure the stability and security of our online offering.

Processed data types: IP address, technical information about your device and browser, usage data (e.g. time and type of error), and pseudonymized identifiers. No clear data such as name or e-mail address is stored.
Purpose of processing: Error analysis, stability and security of our website and apps.
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR) in a secure and functional website.
Service provider: SmartBear Software Inc, 450 Artisan Way, Somerville, MA 02145, USA
Website: https://www.bugsnag.com
Privacy policy: https://smartbear.com/privacy/
Data transfer to the USA: SmartBear is a participant in the EU-US Data Privacy Framework, which guarantees secure data transfer. In addition, standard contractual clauses (Art. 46 (2) and (3) GDPR) are used to ensure a

Online marketing

We process personal data using the following tools for online marketing purposes, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness.

Further information on processing operations, procedures and services:

  • Facebook pixel and target group formation (custom audiences)

With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information by means of interfaces in apps), Facebook is able to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network ” www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion measurement”);

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);
Website https://ww.facebook.com;
Privacy policy: https://ww.facebook.com/about/privacy;
Further information: Users’ event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and targeting on the basis of the Joint Controller Agreement (“Controller Addendum”, https://ww.facebook.com/legal/controller_addendum). Joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
Consent and revocation: Facebook Pixel will only be activated after you have given your consent via our consent management tool. You can revoke your consent at any time via the consent tool.

  • LinkedIn Insight: Insights Tag / Conversion measurement;

Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR);
Website: https://ww.linkedin.com;
Privacy policy: https://www.linkedin.com/legal/privacy-policy,
CookiePolicy: https://www.linkedin.com/legal/cookie_policy;
Standard contractual clauses (guaranteeing the level of data protection for processing in third countries): https://legal.linkedin.com/dpa;
Consent and revocation: LinkedIn Insight will only be activated after you have given your consent via our consent management tool. You can revoke your consent at any time via the consent tool. Further opt-out options (opt-out) https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

  • Google Ads

We use Google Ads to advertise our products and services online. Google Ads enables us to display targeted ads and measure the effectiveness of our campaigns. Cookies are set to store information about your interactions with our ads.
Processed data types: IP address, location data, device information, search queries, interactions with ads, cookies. This data can be used to create pseudonymous user profiles. Personal identification does not take place.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR) for tracking and remarketing; legitimate interests (Art. 6 para. 1 lit. f GDPR) for statistical evaluations
Website: https://ads.google.com
Privacy policy: https://policies.google.com/privacy
Further information: Data is transferred to Google LLC in the USA on the basis of the EU-US Data Privacy Framework (DPF) and the standard contractual clauses. We have concluded an order processing contract with Google (Art. 28 GDPR).
Consent and revocation: Google Ads will only be activated after you have given your consent via our consent management tool. You can withdraw your consent at any time via the consent tool.
Opt-out options: https://www.google.com/settings/ads Global: https://optout.aboutads.info

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
Legal basis: Legitimate interests (Art. 6(1) lit. f GDPR).
Further information about processing operations, procedures and services:

  • Instagram

Social network

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: https://www.instagram.com;
Privacy Policy: https://instagram.com/about/legal/privacy.

  • Facebook pages

Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things you and others do and provide” in the Facebook Data Policy: www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights”(www.facebook.com/legal/terms/information_about_page_insights_data);

Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: www.facebook.com;
Privacy policy: www.facebook.com/about/privacy;
Standard contractual clauses (guaranteeing the level of data protection for processing in third countries): www.facebook.com/legal/EU_data_transfer_addendum;
Further information: Agreement on joint controllership: www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)

LinkedIn: Social network;
Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: www.linkedin.com;
Privacy policy: www.linkedin.com/legal/privacy-policy;
Data processing agreement: https://legal.linkedin.com/dpa;
Standard contractual clauses (guaranteeing the level of data protection for processing in third countries): https://legal.linkedin.com/dpa;
Option to object (opt-out): www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube: Social network and video platform;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Privacy policy: https://policies.google.com/privacy;
Option to object (opt out): https://adssettings.google.com/authenticated.

Plugins and embedded functions and content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Location data (Information on the geographical position of a device or person).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

  • Google Maps

We integrate the maps of the “Google Maps” service provided by Google. The processed data may include, in particular, IP addresses and location data of users;
Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: https://mapsplatform.google.com/;
Privacy policy: https://policies.google.com/privacy.

  • Google Maps APIs and SDKs:

Interfaces to Google’s map and location services, which allow, for example, the addition of address entries, location determination, distance calculations or the provision of additional information on locations and other places;
Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: https://mapsplatform.google.com/;
Privacy policy: https://policies.google.com/privacy.YouTube-Videos: Video content;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: www.youtube.com;
Privacy policy: https://policies.google.com/privacy;
Option to object (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de,
Settings for the display of advertisements: https://adssettings.google.com/authenticated.

  • YouTube videos

Video content; YouTube videos are integrated via a special domain (recognizable by the component “youtube-nocookie”) in the so-called “extended data protection mode”, whereby no cookies are collected on user activities in order to personalize the video playback. Nevertheless, information about the user’s interaction with the video (e.g. remembering the last playback location) may be stored;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR);
Website: https://www.youtube.com;
Privacy policy: https://policies.google.com/privacy.

  • CLUEVO LMS

We use the WordPress plugin CLUEVO LMS to add a Learning Management System (LMS) to our website. CLUEVO LMS enables the provision of learning modules in the SCORM standard.
Data protection information: CLUEVO LMS does not set any cookies.
Cookies are neither sent from the web server to the browser nor generated by scripts (e.g. JavaScript).
If you start a CLUEVO learning module as a guest user (without login), your IP address is neither stored nor transmitted to third parties.
No personal data is collected, so that no conclusions can be drawn about your identity.

Service provider: CLUEVO; Eichenstrasse 45c, 6922 Wolfurt, AUSTRIA
Website: https://cluevo.at/;
Privacy Policy: https://cluevo.at/datenschutzerklaerung/.

Chatbot with AI system MyGPT

KreativKarl is an AI-supported chatbot, a service of Kreativwirtschaft Austria, based on the AI system MyGPT. When you use the chat, your input (e.g. inquiries, project ideas, feedback) is processed to provide you with suitable recommendations and briefings.
Data processing: When you describe your request or project idea to KreativKarl, this information is used to understand your project, develop proposals for creative implementations and select suitable creative professionals.
Technical processing: KreativKarl uses modern AI methods to analyze your input, including language-based models (LLM) and semantic search. Processed data: Chat content, technical log data. No additional trackers or analysis tools.
Storage location: All data is processed exclusively in the EU (Azure region “Western Europe”).
Protection of your data: Your data will not be used for the training of AI models. It will not be passed on to third parties. All data will only be used to process your specific request.
Improvement of the service: To optimize the service, anonymized usage data can be evaluated (e.g. frequently requested topics). These evaluations do not allow any conclusions to be drawn about individual persons.
Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract if you use the service), Art. 6 para. 1 lit. f GDPR (legitimate interest in improving the offer).
Storage period: Personal data will only be stored for as long as is necessary to process your request. Anonymized usage data may be stored for longer.

Amendment and updating of the privacy policy

We reserve the right to adapt this privacy policy as soon as changes to our data processing or legal requirements make this necessary. The current version is always available on our website. Please inform yourself regularly about the content of our privacy policy.

If a change requires your cooperation (e.g. a new consent) or an individual notification is required by law, we will inform you accordingly.

If we provide addresses or contact information of companies or organizations in this privacy policy, please note that this information may change over time. Therefore, please check the data before contacting us.

Your rights with regard to personal data

Under applicable law, you have the right (subject to applicable law) to (i) verify whether and what personal data we hold about you and obtain copies of such data, (ii) request the rectification, completion or erasure of your personal data that is inaccurate or not processed in accordance with the law, (iii) request that we restrict the processing of your personal data, (iv) under certain circumstances, to object to the processing of your personal data or to withdraw any consent previously given for the processing, whereby such withdrawal shall not affect the lawfulness of the processing until the withdrawal (v) to request data portability, (vi) to know the identity of third parties to whom your personal data is transferred and (vii) to lodge a complaint with the data protection authority.

Supervisory authority responsible for us:

Austrian Data Protection Authority
Barichgasse 40-42,
1030 Vienna