Privacy Information for Website Visitors

Last updated: 2025-11-13

---

Controller and Contact

These privacy notes explain how we process personal data when you use our website. We aim for clarity and transparency so you can understand what we do and why. Controller: FIVO e.U., Beingasse 30, 1150 Vienna, Austria E‑mail: support@fivo-it.at You can contact us at any time regarding privacy matters using the above address. Note: No Data Protection Officer is currently appointed.

Purposes of processing

We process personal data to provide a secure and reliable website. This includes the technical delivery of page content, stability and security monitoring (for example, abuse prevention with reCAPTCHA v2), performance optimization, and—if you submit a form—handling your request. With your consent, we may also conduct anonymized usage analytics to continually improve content and usability. For Google services we use Google Consent Mode: storage for analytics/marketing is set to denied by default and only enabled after your consent.

Legal bases

• Art. 6(1)(f) GDPR (legitimate interests) for operation/security/analytics
• Art. 6(1)(b) GDPR (pre-contractual steps) for contact forms
• Art. 6(1)(a) GDPR (consent) for optional services/tracking

Categories of data

• Server logs (IP, timestamp, user agent, referrer)
• Form contents (e.g., contact/lead, subject, message, contact details provided)
• Technical identifiers (session ID, consent/analytics IDs – if enabled)
• Device/usage information (e.g., browser type, operating system, approximate screen resolution)

Recipients / processors

Depending on configuration, technical service providers (hosting/cloud infrastructure, content delivery networks), maintenance and IT security providers, and—where enabled—web analytics/tag manager providers may receive access to the necessary data. We conclude data processing agreements (Art. 28 GDPR) with all processors that require strict confidentiality and security standards.

International transfers

Where services outside the EU/EEA are used (e.g., Google services such as Tag Manager/Analytics/reCAPTCHA), we safeguard transfers via EU Standard Contractual Clauses (SCCs) and, where necessary, additional technical/organizational measures. We prefer EU regions where available.

Retention

Server logs are typically retained for 14–30 days to ensure availability and security, and then deleted. We retain form contents only for as long as needed to handle and document your request in line with the lead/support process. Cookies are stored according to their category and purpose and can be adjusted at any time in the settings.

Cookies & consent management

Essential cookies are necessary for technical operation and cannot be disabled. We use analytics, marketing, and functional cookies only with your consent. We use Google Consent Mode so analytics/marketing storage is set to "denied" by default and only enabled after your consent. Examples of cookies/services used: • Necessary: _fivo_it_session (session, first‑party), _GRECAPTCHA (security/bot protection, third‑party) • Functional: remember_user_token ("keep me signed in") • Analytics: _ga, _gid, _gat (Google Analytics) You can change your choices in the cookie settings at any time or reset your consent.

Data subject rights

You have the rights of access, rectification, erasure, restriction of processing, data portability, and to object to processing (in particular where based on legitimate interests). You may withdraw consent at any time with effect for the future. You also have the right to lodge a complaint with the Austrian Data Protection Authority. To process your request, we may need to verify your identity; we generally respond within one month.

Security

We use end‑to‑end TLS encryption, strict security headers (e.g., CSP/HSTS), rate limiting, and hardened server configurations. Access is role‑based and logs are kept to a minimum. Regular updates and backups support the resilience of our systems.

Updates

This information is updated as needed.