Privacy policy

Your privacy is important to us.

Protecting your personal data is very important to us. We therefore process your data only in accordance with the law, especially the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). This privacy policy explains the key aspects of data processing for our website and business.

1. Responsible body

The controller (the entity responsible for how your data is used) for data processing on this website is: Eko Consulting GmbH, Kornstraße 10, 4060 Leonding, Austria.

Telephone: +43 732 931642
‍Email datenschutz@ekoconsult.at

The management is responsible for data protection within the company.

2. Your rights

You have the following rights with regard to your personal data:

• Right to access (Art. 15 GDPR): You can request information about the origin, recipients and purpose of your personal data stored at any time, free of charge.
• Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate data.
• Right to erasure (Art. 17 GDPR): You may request the erasure of your data, provided that there are no legal retention obligations to the contrary.
• Right to restriction of processing (Art. 18 GDPR): Under certain conditions, you may request the restriction of the processing of your data.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a commonly used, machine-readable format or to have it transferred to another controller.
• Right to object (Art. 21 GDPR): You may object to the processing at any time for reasons arising from your particular situation.
• Right to withdraw consent (Art. 7(3) GDPR): You may withdraw your consent at any time with effect for the future.

To exercise your rights, please contact us using the details above.

Additionally, you have the following option:

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority
‍Barichgasse 40-42
1030 Vienna, Austria

Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at
‍Website: https://www.dsb.gv.at

3. Data security

Our website uses SSL or TLS encryption, which means the information sent between your browser and the website is protected in an encrypted format. You can recognise an encrypted connection by the address line in your browser changing from "http://" to "https://" and by the lock symbol in the address bar.

Please note that data transmission over the Internet, such as via e-mail, may pose security risks. Complete protection of data from third-party access is not possible.

4. Hosting

Web hosting

Our website is hosted by the following provider:

Vultr Holdings LLC‍

Data centre: Germany

The host collects the following data in so-called server log files (automatically generated records of activities on a computer system), which your browser automatically transmits:

• Browser type and browser version
• Operating system used
• Referrer URL (previously visited page)
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not merged with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest, meaning our justified reason under law, lies in the technically error-free presentation and optimisation of our website, as well as in ensuring system security.

Storage period: The server log files are automatically deleted after 12 months.

Order processing: We have concluded an order processing agreement (a contract ensuring the processor adheres to data protection standards) with the host in accordance with Art. 28 GDPR.

5. Cookies

Our website uses cookies, which are small text files that your browser saves on your device to help websites function and track certain usage information. They do not cause any damage and do not contain viruses.

Technically necessary cookies

Some cookies are technically necessary for the website to operate. These are stored on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the technically error-free provision of our website.

Analysis cookies

Analysis cookies are only set with your express consent in accordance with Art. 6 (1) (a) GDPR. No tracking takes place without your consent.

Manage cookie settings

You can change your cookie settings at any time via the "Privacy preferences" link in our website footer. You can also set your browser to notify you about cookie use, allow cookies only in certain cases, or block them completely.

6. Web analysis with Matomo

This website uses the web analytics service Matomo to analyse visitor behaviour.

Processing only with consent

Matomo only processes your data if you give express consent, in accordance with Art. 6(1)(a) GDPR. Without your consent, no analysis cookies are set, and no personal data is collected for analysis.

Self-hosted solution

We operate Matomo on our own server. Your data is not transferred to third parties. It remains entirely with us.

IP anonymisation

We have configured Matomo to anonymise IP addresses. This prevents any direct personal references.

Data collected

If consent is activated, the following data is collected:

• Two bytes of the IP address (anonymised)
• Date and time of access
• Title and URL of the page accessed
• URL of the previously visited page (referrer)
• Screen resolution
• Time zone
• Browser type and version
• Operating system
• Language settings

Storage period

Matomo data is automatically deleted after 13 months.

Cookie duration

The cookies set by Matomo are valid for 13 months.

Withdrawal of consent

You can withdraw your consent at any time, with effect from the future, by changing your cookie settings via the »Privacy preferences« link in the footer of this website.

7. Contact

Contact form

If you contact us via the contact form on our website, the data you provide (name, email address, message, and any other information) will be stored by us to process your enquiry.

Legal basis: Art. 6 (1) (b) GDPR (contract initiation or contract fulfilment) or Art. 6 (1) (f) GDPR (legitimate interest in responding to your enquiry).

We delete your data after 12 months unless there are legal retention requirements. Further processing may be required to fulfil the contract.

Email contact

If you contact us by email, your personal data, including the contact details you provide, will be stored by us to process your enquiry and to follow up on any questions.

Legal basis: Art. 6 para. 1 lit. b GDPR (contract initiation or contract fulfilment) or Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to your enquiry).

Storage period: Your data will be deleted after 12 months, provided that there are no legal retention obligations (in particular tax and commercial law retention periods of up to 7 years).

Telephone contact

When you contact us by telephone, the data you provide will be processed to handle your enquiry.

Legal basis: Art. 6(1)(b) GDPR (contract initiation or contract fulfilment) or Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry).

8. Business data processing

Customer and contract data

We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship (inventory data).

Data collected: name, address, contact details, contract data, payment data, correspondence, and project documents.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (legal obligation, e.g. tax retention obligations).

Storage period: We store the data until the expiry of the statutory retention obligations (usually 7 years after the end of the calendar year in which the last entry was made). Storage beyond this period occurs only if there is a legitimate interest, e.g., to assert or defend legal claims.

9. Processors and third-party providers

Microsoft 365

We use Microsoft 365 for email communication, document management (OneDrive and SharePoint), and internal collaboration. This may also involve the processing of personal data such as correspondence, contracts and project documents.

Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in efficient business processing).

Data processing: Microsoft processes the data within the EU Data Boundary exclusively in data centres within the European Union. No transfer to third countries takes place.

Order processing: A data processing agreement (DPA) has been concluded with Microsoft in accordance with Art. 28 GDPR.

Further information: https://privacy.microsoft.com/de-de/privacystatement

10. Objection to advertising

We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example, through spam emails.

11. Right to object pursuant to Art. 21 GDPR

Objection to data processing in cases of legitimate interest: If data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Objection to direct marketing: If your personal data is processed for direct marketing purposes, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, your data will no longer be processed for these purposes.

12. Up-to-dateness and changes to this privacy policy

This privacy policy is currently valid and was last updated in January 2026.

Due to the further development of our website and offers, or to changes in legal or official requirements, it may be necessary to update this privacy policy. The current privacy policy can be accessed at any time on this website.

If you have any questions about data protection, please contact: datenschutz@ekoconsult.at