Which cookies does this website use and why?

We use essential cookies for basic operation and security (for example the session cookie _fivo_it_session and the security cookie _GRECAPTCHA), optional functional cookies such as remember_user_token for the "keep me signed in" feature, and—if you consent—analytics cookies like _ga/_gid/_gat for anonymized usage statistics. You can change your choices in the cookie settings at any time or reset your consent.

How does Google Consent Mode work on this website?

By default, storage for analytics and marketing is set to "denied". Only after you accept the relevant cookie categories in the banner do we switch Google Consent Mode to "granted" for analytics/ads. Essential/security cookies (including reCAPTCHA) remain active so we can operate the site securely. This means you can use the site without analytics tracking if you prefer.

What rights do I have with regard to my data?

Under the GDPR you have rights of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing, in particular where based on legitimate interests. Where we rely on your consent (for example for analytics/marketing), you can withdraw it at any time with effect for the future. You also have the right to lodge a complaint with the Austrian Data Protection Authority.

Privacy Information for Website Visitors

3.12.2025

Controller and Contact

These privacy notes explain how we process personal data when you use our website. We aim for clarity and transparency so you can understand what we do and why. Controller: FIVO e.U., Beingasse 30, 1150 Vienna, Austria E‑mail: support@fivo-it.at You can contact us at any time regarding privacy matters using the above address. Note: No Data Protection Officer is currently appointed.

Purposes of processing

We process personal data to provide a secure and reliable website. This includes the technical delivery of page content, stability and security monitoring (for example, abuse prevention with reCAPTCHA v2), performance optimization, and—if you submit a form—handling your request. With your consent, we may also conduct anonymized usage analytics to continually improve content and usability. For Google services we use Google Consent Mode: storage for analytics/marketing is set to denied by default and only enabled after your consent.

Legal bases

Art. 6(1)(f) GDPR (legitimate interests) for operation/security/analytics
Art. 6(1)(b) GDPR (pre-contractual steps) for contact forms
Art. 6(1)(a) GDPR (consent) for optional services/tracking

Categories of data

Server logs (IP, timestamp, user agent, referrer)
Form contents (e.g., contact/lead, subject, message, contact details provided)
Technical identifiers (session ID, consent/analytics IDs – if enabled)
Device/usage information (e.g., browser type, operating system, approximate screen resolution)

Recipients / processors

Depending on configuration, technical service providers (hosting/cloud infrastructure, content delivery networks), maintenance and IT security providers, and—where enabled—web analytics/tag manager providers may receive access to the necessary data. We conclude data processing agreements (Art. 28 GDPR) with all processors that require strict confidentiality and security standards. In summary, our main processor categories for website visitors are: hosting and cloud infrastructure, content delivery/network services, IT security/monitoring, and (where activated) Google services for analytics, tag management and reCAPTCHA.

International transfers

Where services outside the EU/EEA are used (e.g., Google services such as Tag Manager/Analytics/reCAPTCHA), we safeguard transfers via EU Standard Contractual Clauses (SCCs) and, where necessary, additional technical/organizational measures. We prefer EU regions where available.

Retention

Server logs are typically retained for 14–30 days to ensure availability and security, and then deleted. We retain form contents only for as long as needed to handle and document your request in line with the lead/support process. Cookies are stored according to their category and purpose and can be adjusted at any time in the settings.

Google services (Analytics, Tag Manager, reCAPTCHA & Consent Mode)

We use Google services to operate and analyse our website: • Google Analytics (currently GA4 or successor) for anonymized usage analytics • Google Tag Manager to manage tags and scripts centrally • Google reCAPTCHA (v2/v3) to protect forms from abuse and bots For security and abuse prevention (e.g. reCAPTCHA) we rely on Art. 6(1)(f) GDPR (legitimate interests in secure operation). For analytics/marketing we only process data on the basis of your consent (Art. 6(1)(a) GDPR). We implement Google Consent Mode so that storage for analytics/ads is set to "denied" by default. Only if you consent via the cookie banner do we switch analytics/marketing storage to "granted". IP addresses are truncated and additional safeguards (SCCs, EU regions where available) apply to transfers to Google.

Cookies & consent management

Essential cookies are necessary for technical operation and security (including abuse prevention with services such as Google reCAPTCHA) and cannot be disabled. We use analytics, marketing, and functional cookies only with your consent. We use Google Consent Mode so analytics/marketing storage is set to "denied" by default and only enabled after your consent. Examples of cookies/services used: • Necessary: _fivo_it_session (session, first‑party), _GRECAPTCHA (security/bot protection, third‑party) • Functional: remember_user_token ("keep me signed in") • Analytics: _ga, _gid, _gat (Google Analytics) You can change your choices in the cookie settings at any time or reset your consent.

Cookie and service overview (summary)

Cookie/service	Purpose	Provider	Retention
`_fivo_it_session`	Essential session cookie for providing the website and handling forms (e.g. lead/contact).	FIVO e.U. (first‑party)	Session
`remember_user_token`	Optional login convenience cookie when you choose to stay signed in (remember me).	FIVO e.U. (first‑party)	Up to 2 weeks (or until you log out/remove cookies).
`_ga / _gid / _gat`	Anonymized usage analytics (page views, basic device information) to improve our services.	Google Ireland Limited / Google LLC	Typically 14–24 months depending on cookie type.
`_GRECAPTCHA`	Essential security cookie for spam/bot protection on forms via Google reCAPTCHA.	Google Ireland Limited / Google LLC	Up to 6 months

Data subject rights

You have the rights of access, rectification, erasure, restriction of processing, data portability, and to object to processing (in particular where based on legitimate interests). You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with the Austrian Data Protection Authority. To process your request, we may need to verify your identity; we generally respond within one month.

Security

We use end‑to‑end TLS encryption, strict security headers (e.g., CSP/HSTS), rate limiting, and hardened server configurations. Access is role‑based and logs are kept to a minimum. Regular updates and backups support the resilience of our systems.

Updates

This information is updated as needed.

Privacy – Overview