Privacy Policy

The protection of your personal data is important to us. We therefore process your data exclusively on the basis of the applicable statutory provisions (in particular the EU General Data Protection Regulation – GDPR –, the Austrian Data Protection Act – DSG – in its current version, and the Austrian Telecommunications Act 2021 – TKG 2021).

1. Controller

The controller responsible for the processing of personal data is:
HERTON Digital GmbH
Vorlaufstraße 5/1
1010 Wien, Österreich
info@herton.eu
If you have any questions regarding the processing of personal data or wish to exercise your data protection rights, you can contact us using the contact details provided above.

2. Data processing in connection with our website

2.1 Cookies

Cookies are used on our website to enable certain basic functions (e.g. storing language preferences, recognising whether you have consented to the use of cookies). Technically necessary cookies are used on the basis of our legitimate interest in the proper and functional operation of the website. Where cookies are not technically necessary, they are only set on the basis of your consent, which you may withdraw at any time.

2.2 Legal basis

Depending on the type of cookie and the nature of the data processing, processing takes place on the following legal bases:
Art. 6(1)(a) GDPR (consent)
Art. 6(1)(f) GDPR (legitimate interest)
and the applicable provisions of the Austrian Telecommunications Act 2021 (in particular Section 165 TKG 2021).

3. Processing of personal data of customers, suppliers and potential business partners

3.1 Purpose limitation

The personal data you provide is required for establishing, managing and fulfilling business relationships and for carrying out pre-contractual measures. Without this data, it may not be possible to conclude or perform a contract. We process your personal data in particular for the following purposes:

  • establishing, managing and processing business relationships
  • communication in the context of business activities
  • compliance with statutory documentation and retention obligations

3.2 Legal basis

If you are our customer or supplier, your personal data is processed because this is necessary for the performance of a contract or for carrying out pre-contractual measures (Art. 6(1)(b) GDPR).
If you are a potential business partner, your personal data is processed on the basis of our overriding legitimate interest in initiating and maintaining business relationships (Art. 6(1)(f) GDPR).

For certain processing activities, we may engage processors in accordance with Art. 28 GDPR.

3.3 Recipients of data

We only disclose personal data where this is necessary for the performance of a contract, legally required or based on a corresponding legal basis. Possible recipients include in particular:

  • IT service providers (e.g. for handling e-mail communication)
  • contractual and business partners involved in contract performance
  • auditors/tax advisors for fulfilling statutory obligations
  • public authorities (e.g. tax authorities)
  • legal representatives, courts or collection agencies where required

Where there is a statutory obligation, additional public authorities may also be recipients of personal data.

3.4 Storage period

We store personal data for the duration of the business relationship and, beyond that, in accordance with statutory retention and limitation periods (in particular under the Austrian Commercial Code and the Federal Fiscal Code). In addition, data may be stored for the duration of any legal disputes.

4. Data transfers to third countries

Personal data is only transferred to countries outside the European Economic Area if there is a legal basis for such transfer and appropriate safeguards in accordance with the GDPR (e.g. Standard Contractual Clauses) are in place or if you have expressly consented to such transfer.

5. Your rights

Subject to the statutory requirements, you have the following rights:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure or restriction of processing (Art. 17 and 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object to certain processing activities (Art. 21 GDPR)
  • right to withdraw consent (Art. 7(3) GDPR)

You may exercise these rights at any time by contacting us using the contact details provided above.

If you believe that the processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is:
Austrian Data Protection Authority
Wickenburggasse 8–10
1080 Vienna
E-mail: dsb@dsb.gv.at

6. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy when necessary in order to reflect changes in legal requirements or in our processing activities. The version published on our website at any given time shall apply.

Last updated: December 22, 2025

In the event of any discrepancies between the German and the English version of this Privacy Policy, the German version shall prevail.