Download technical guide

Book a consultation

Privacy Policy

Last updated: May 2026

Privacy policy

I. Overview

If we have the pleasure of welcoming you as a customer or business partner, please read from Section III.

If you visit our website, please read from Section II.

II. What data do we process when you visit our website?

Welcome to our website! Please take a moment to learn how we process your personal data when you visit our website (Art. 13, Art. 14 GDPR; Section 165 para. 3 TKG).

The following data may be processed when you visit our website:

  • Browser type
  • Operating system
  • Country
  • Date
  • Time and duration of access
  • IP address[1] and pages visited on our website, including entry and exit pages
  • Contact page on the website
  • Device data: We may store personal data from your device. Such data includes geolocation data, IP address, unique identifiers (e.g. MAC address)
  • Newsletter
  • Email for the lead magnet

The processing of this data is necessary to ensure the security of the operation of the website and to guarantee the functionality of the website from a technical perspective. Some of this data is collected via technical cookies. These technical cookies are used only to the extent necessary (Section 165 para. 3 TKG). The processing of this data is justified by our legitimate interest in operating our website (Art. 6 para. 1 lit. f GDPR).

For the operation of our website, it may be necessary for us to disclose your data to the following recipients:

Hubspot Inc

Purpose of data processing:
CRM system and newsletter

Legal basis for data processing:
Predominantly legitimate interest in providing the website (Art. 6 para. 1 lit. f GDPR) and consent pursuant to Art. 6 para. 1 lit. a GDPR

Registered office:
USA

Secure third-country transfer:
HubSpot, Inc. is listed under the EU-US Data Privacy Framework

Google LLC (Google Analytics)

Purpose of data processing:
Statistical evaluation of website visits

Legal basis for data processing:
Consent pursuant to Art. 6 para. 1 lit. a GDPR

Registered office:
USA

Secure third-country transfer:
Google LLC is listed under the EU-US Data Privacy Framework

WordPress (Automattic Inc.)

Purpose of data processing:
Content management system

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

Registered office:
USA

Secure third-country transfer:
Automattic Inc. is listed under the EU-US Data Privacy Framework

WPEngine, Inc.

Purpose of data processing:
Hosting of the website

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing the website

Registered office:
USA

Secure third-country transfer:
WPEngine, Inc. is listed under the EU-US Data Privacy Framework

II.1. Overview of the “technical” cookies used

The above-mentioned data is stored using so-called cookies[2]. Cookies are text files that are stored on your computer and enable an analysis of the use of the website. They serve to recognize and store temporary data of website visitors. As a rule, we use cookies only to the extent necessary to communicate with you via the homepage.

These technical cookies are activated as soon as you visit our website.

II.2. Overview of the “advertising cookies” used

In addition to the “technical cookies” described above, we also use so-called advertising cookies (including “statistical cookies”). These advertising cookies enable us to better understand and evaluate your interests. With the help of advertising cookies, we can combine your “browsing behavior” across the boundaries of our website with data from other websites. This is intended to enable us to better understand the interests of our website visitors and to address them more specifically.

We respect that not every visitor to the website wishes this. Therefore, we process your data in connection with advertising cookies only if you consent to this (Art. 6 para. 1 lit. a GDPR). You may withdraw this consent at any time, whereby the data processing carried out until the time of withdrawal remains justified.

III. For what purposes do we process your data when you are our customer or in a business relationship with us?

In the course of our business relationship with customers and business partners, as well as in providing the software, we process data on the basis of contractual reasons (performance of the contractual relationship with you, pre-contractual obligations, billing of services, dispatch of documents, communication for the performance of the contract, provision of the software) and legal obligations (statutorily required retention within the meaning of Section 132 BAO) (Art. 6 para. 1 lit. b and c GDPR), as well as on the basis of our legitimate interests or the legitimate interests of third parties (Art. 6 para. 1 lit. f GDPR), namely:

  • for the purpose of internal administration and management of your business matter to the extent necessary (e.g. processing your matter, forwarding your matter to assistants, file storage, archiving purposes, correspondence with you)
  • in the course of software maintenance
  • due diligence review by potential investors
  • assertion and defense of legal claims

in each case to the extent necessary. The processing of your data serves the initiation, maintenance, and execution of our business relationships. If you do not provide us with this data, we unfortunately cannot process your business matter.

Where applicable, we process your data on the basis of your voluntary, explicit consent (Art. 6 para. 1 lit. a GDPR).

IV. How long will your data be stored?

We will store your data only for as long as is necessary for the purposes for which we collected your data. In this context, statutory retention obligations must be taken into account (for example, for tax law reasons, contracts and other documents from our contractual relationship must generally be retained for a period of seven years (Section 132 BAO)). In justified individual cases, for example for the assertion and defense of legal claims, we may also store your data for up to 30 years after the end of the business relationship.

We store data of prospective customers for up to one year from the time of the prospective customer’s last contact.

V. Who may receive your data?

In the course of our business relationship and the use of the software, it may be necessary for us to transfer your data to the following recipients:

Hubspot Inc

Purpose of data processing:
CRM system

Legal basis for data processing:
Predominantly legitimate interest in providing the website (Art. 6 para. 1 lit. f GDPR)

Registered office:
USA

Secure third-country transfer:
HubSpot, Inc. is listed under the EU-US Data Privacy Framework

Deloitte Graz

Purpose of data processing:
Tax advisory services and payroll accounting

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

Registered office:
Graz

Secure third-country transfer:
Within the EU

Steiermärkische Sparkasse

Purpose of data processing:
Bank

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

Registered office:
Austria

Secure third-country transfer:
Within the EU

AON Austria GmbH

Purpose of data processing:
Insurance

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

Registered office:
Austria

Secure third-country transfer:
Within the EU

easybill GmbH

Purpose of data processing:
Invoicing software

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR), data processing agreement pursuant to Art. 28 GDPR

Registered office:
Germany

Secure third-country transfer:
Within the EU

Microsoft Corporation

Purpose of data processing:
Office software

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

Registered office:
USA

Secure third-country transfer:
Microsoft Corporation is listed under the EU-US Data Privacy Framework

ChatGPT (OpenAI)

Purpose of data processing:
AI system

Legal basis for data processing:
Predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR) in efficient research. Note: No particularly sensitive data is entered into ChatGPT.

Registered office:
USA

Secure third-country transfer:
Standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Attorney based in Austria (Dr. Tobias Tretzmüller Rechtsanwalts GmbH)

Purpose of data processing:
Legal advice

Legal basis for data processing:
Predominant legitimate interest (Art. 6 para. 1 lit. f GDPR), assertion and defense of legal claims

Registered office:
Austria

Basis for transfer to a third country:
Within the EEA

VI. Collection of data from other sources (Art. 14 GDPR)

In the course of initiating business relationships, personal data may be obtained from the following sources:

LinkedIn (Sales Navigator)

Data concerned:
Name, job title, employer

Legal basis:
Initiation of business relationships; predominantly legitimate interest (Art. 6 para. 1 lit. f GDPR)

VII. Does automated decision-making or profiling take place (Art. 13 para. 2 lit. f GDPR)?

No automated decision-making or profiling takes place in our company.

VIII. What rights do you have regarding data processing?

We would like to inform you that, provided the legal requirements are met, you:

  • have the right to request information about which of your data we process (see in detail Art. 15 GDPR)
  • have the right to request the rectification or completion of incorrect or incomplete data concerning you (see in detail Art. 16 GDPR)
  • have the right to erasure of your data (see in detail Art. 17 GDPR)
  • have the right to object to processing of your data that is necessary to safeguard our legitimate interests or those of a third party (see in detail Art. 21 GDPR). This applies in particular to the processing of your data for advertising purposes
  • have the right to receive the transfer of the data you have provided in a structured, commonly used, and machine-readable format (see in detail Art. 20 GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time by email. This does not affect the lawfulness of data processing carried out up to that time (Art. 7 para. 3 GDPR).

IX. What rights of complaint do you have?

Should there, contrary to expectations, be a violation of your right to lawful processing of your data, please contact us by post or email. We will endeavor to deal with your concern without delay. However, you also have the right to lodge a complaint with the supervisory authority responsible for data protection matters.

The address of the Austrian Data Protection Authority is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Wien

X. How can you contact us?

If you have any further questions about the processing of your data, you are welcome to contact our data protection coordinator using the contact details below.

XI. Controller

The controller within the meaning of Art. 4 no. 7 GDPR is:

DEWINE Labs GmbH
Inffeldgasse 33
8010 Graz
Austria

Phone: +43 660 149 28 38
Email: info@dewinelabs.com

Author of this privacy policy: Attorney Dr. Tobias Tretzmüller, LL.M.; www.digital-recht.at

Any use of this privacy policy, or even parts of it, without the consent of the author constitutes a copyright infringement.