en

Privacy Policy

Last updated: February 2026

Staud’s GmbH, as the operator of this website, endeavours to carefully review the content offered and to present it in a manner that is, to the best of our knowledge and belief, up-to-date, complete and accurate. The protection of your personal data is of particular concern to us. Staud’s GmbH therefore processes your data exclusively on the basis of applicable legal regulations, in particular the Austrian Data Protection Act (DSG), the European General Data Protection Regulation (GDPR), and the Austrian Telecommunications Act 2003 (TKG 2003).
This Privacy Policy informs you about the personal data we process and about your rights as a data subject.

1. Our Contact Details
Staud’s GmbH, FN 256051x
Represented by Managing Directors: Stefan Schauer and Jürgen Hagenauer
Hubergasse 3, 1160 Vienna
Phone: +43 1 406 88050
E-Mail: office@stauds.com

2. Data Protection Agreement in the Context of Business Activities
2.1 What is Personal Data?
Personal data refers to information relating to an identified or identifiable natural person.
If you contact us by e-mail or via the contact form on our website, the personal data you voluntarily provide will be stored depending on the reason for contacting us. In addition to master data such as your name, e-mail address, telephone number, and any other contact details you provide, this may also include application documents, reasons for complaints, or other communications.

If an active business relationship exists or if we have entered into contact to initiate such a relationship, we collect and process the personal data you provide as well as personal data arising in the course of business transactions. This includes, among others: professional contact details, the position and/or function of contact persons, bank details, VAT number, agreements, revenue data, correspondence, etc.

If you participate in one of our competitions, we generally require your name, address, telephone number, and e-mail address. These personal data will be processed by us or by the cooperating partner commissioned to handle the competition.

2.2 For What Purpose Do We Process Your Data?
We process your data for the purpose of handling your request, fulfilling contractual or legal obligations, initiating and managing business relationships, handling competitions if you participate, managing supplier and customer relationships, informing business partners about new products or activities, and for the defense or enforcement of legal claims.

3. Legal Bases for Data Processing

  • We process the personal data that you, as a user of the website and/or as a potential or existing business partner, provide to us. Data processing for the purposes described above is carried out on the legal basis of contract fulfillment or pre-contractual measures according to Art. 6(1)(a) GDPR.
  • When processing personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures.
  • Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR applies.
  • If processing is necessary to protect vital interests of the data subject or another natural person, Art. 6(1)(d) GDPR applies.
  • Data processing for the operation and optimization of this website is based on legitimate interests pursuant to Art. 6(1)(f) GDPR, namely our legitimate interest in operating and optimizing the website and marketing. IP addresses are only partially recorded (except in cases such as newsletter registration or event registrations). Website usage analysis does not involve personal attribution.
  • Data processing for marketing purposes is based on your consent according to Art. 6(1)(a) GDPR as well as on our legitimate interest according to Art. 6(1)(f) GDPR, namely interest in marketing activities.

4. Duration of Data Storage
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also occur if required by European or national legislation in regulations, laws, or other provisions to which the controller is subject. Data will also be deleted or blocked once a legally mandated retention period expires, unless longer storage is necessary for contract purposes.

5. Your Rights
As a data subject under data protection law, you have in particular the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

If you receive our newsletter, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

You also have the right to lodge a complaint with a supervisory authority.
In Austria, this is the:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
Phone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Protection Officer Contact Details:
Peter Oskar Miller
c/o HXS GmbH
Ungargasse 37, 1030 Vienna
E-Mail: stauds@datenschutzbeauftragter.at

6. Data Security
The security of your data is very important to us. To make your visit and use of our website as secure as possible, we comply with Art. 32 GDPR, ensuring the confidentiality and security of your personal data. We apply appropriate technical and organizational security measures, reviewed regularly and adapted to technological developments.

Despite careful compliance with security requirements, information transmitted over the internet may be accessed by unauthorized persons outside our control.

We therefore assume no liability for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties (e.g., hacker attacks, intercepted faxes or emails).

TLS Encryption via HTTPS
We use HTTPS (“Hypertext Transfer Protocol Secure”) for secure and encrypted data transmission on the internet. Using TLS (Transport Layer Security), we ensure the highest possible protection of confidential data.

Web Server Logs
Our web server stores only anonymized data, unless you register for our newsletter or events via the website. In such cases, the personal data entered as well as IP address and user agent are stored.

This information is stored due to our legitimate interest in usability, functionality, system security and stability, content optimization, advertising, administrative purposes, and provision to law enforcement authorities in case of cyberattacks. These data are not used to identify individuals, unless required for investigating unauthorized attacks on our IT systems.

Cookies
Our website uses HTTP cookies to store user-specific data. With your consent via the cookie banner, our website may use functions of web analytics services. Cookies used for this purpose enable analysis of website usage. The information generated is transferred to the provider’s server and stored there.

  • Statistical/marketing cookies require your consent under Art. 6(1)(a) GDPR.
  • Essential cookies rely on our legitimate interest under Art. 6(1)(f) GDPR.

Matomo Analytics
This website uses the open-source web analytics service Matomo.
We use Matomo to collect and analyze data on website usage (e.g., page visits, regional origin, IP address, referrer, browser type, operating system, user actions).

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in website optimization)
  • If consent is requested: Art. 6(1)(a) GDPR and §25(1) TDDDG.

Consent can be withdrawn at any time.

Hosting
Matomo is hosted by:
typo-wimmer GmbH
Schlossstraße 38
5023 Salzburg
Austria
+43 662 43 16 58
office@typo-wimmer.at
Data Processing Agreement (DPA)
A DPA has been concluded with the above-mentioned provider to ensure GDPR-compliant processing

Deacitivate Matomo Tracking

7. Data Processing Notice for the Use of the INCERT Voucher Shop
Our website integrates a voucher module from INCERT eTourismus GmbH & Co KG. When accessing or using the voucher shop, your personal data (e.g., technical connection data, order and payment data, contact details) are transmitted to INCERT and processed under INCERT’s sole responsibility.

Legal bases:

  • Art. 6(1)(b) GDPR (contract performance and pre-contractual measures)
  • Art. 6(1)(f) GDPR (legitimate interest in operating a secure and functional voucher system)

Details on INCERT’s processing can be found in their privacy policy in the voucher shop.
Information on data processing for integrated third-party services is provided in the relevant sections of this Privacy Policy.

8. Disclosure of Personal Data
Your personal data are transmitted to third parties only when necessary for the processing purpose, for fulfilling legal obligations, or for the enforcement of legal claims, and only where legally permissible.

Data may be transmitted to:

  • external service providers (e.g., IT providers)
  • third parties involved in business transactions (e.g., shipping companies, insurers, legal advisors)
  • courts and authorities

Your data are never sold or commercially exploited.

9. Links to Other Websites
Our website contains hyperlinks to third-party websites. When activating these links, you are redirected away from our website. You can identify this, among other things, by the change of URL.
We assume no responsibility for the confidential handling of your data on third-party websites.
Please consult the privacy policies of these providers directly.

10. Changes to This Privacy Policy
As our business evolves, updates to this Privacy Policy may become necessary. Staud’s GmbH reserves the right to amend this Privacy Policy at any time with effect for the future.
We recommend checking this Privacy Policy regularly to stay informed about the current version.