Privacy Policy

Data Controller Information

The data controller for the purposes of GDPR is:

Data Collection

We collect personal data that you provide to us directly and information that is automatically collected when you use our website. The data we collect includes:

Information You Provide

• Contact information (name, email address, phone number)
• Company or organisation details
• Messages and communications you send to us
• Information provided when requesting services or support
• Preferences and settings you configure

Automatically Collected Information

• IP address and location data
• Browser type and version
• Device information and operating system
• Pages visited and time spent on our website
• Referral sources and website navigation patterns
• Cookies and similar tracking technologies

How We Use Your Information

We use your personal data for legitimate business purposes and with your consent where required. How we use your information includes:

• Providing and improving our board management software services
• Responding to your enquiries and providing customer support
• Communicating important updates about our services
• Processing service requests and managing client relationships
• Analysing website usage to improve user experience
• Ensuring website security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Marketing our services (with your consent where required)

The legal basis for processing your data includes contract performance, legitimate interests, legal compliance, and consent where applicable.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

• With trusted service providers who assist in operating our website and services
• When required by law or to comply with legal processes
• To protect our rights, property, or safety, or that of our users
• In connection with business transfers or mergers
• With your explicit consent for specific purposes

All third-party service providers are contractually bound to protect your data and use it only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our data retention periods include:

• Contact form submissions: 3 years from submission
• Website analytics data: 26 months
• Customer service communications: 5 years
• Legal and compliance records: As required by applicable law
• Marketing data: Until consent is withdrawn or 3 years of inactivity

When data is no longer needed, we securely delete or anonymise it in accordance with our data retention policy.

Your Rights

Under GDPR and other applicable privacy laws, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data we hold
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of data processing
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for data processing

To exercise these rights, please contact us at privacy@openvastorium.world or +43 7328113370. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

While we strive to protect your personal data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest standards of data protection.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Your explicit consent for specific transfers

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) if you believe your data protection rights have been violated.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your data.