Privacy Policy

Privacy Policy

General Information

This section provides you with a concise overview of what happens to your personal data when you visit our website. Personal data is any information that can be used to identify you as an individual. Detailed information regarding data protection can be found in the following privacy policy. The protection of your personal data is of particular importance to us. Therefore, we process your data exclusively on the basis of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

This privacy policy informs you about what data we collect, how we use it, and what rights you have.

Data Controller

LumeSec Technologies e.U.
Rissach 10 / 12
6092 Birgitz, Tirol
Austria

Email: privacy@lumesec.ai

Processing of Access Data During Your Visit to Our Website

We only collect the absolutely necessary user data to ensure the most data-sparing and private user experience.

When accessing our website, certain access data are automatically recorded in server log files for technical security reasons, quality improvement, and statistical purposes. This processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Access data collected:

  • Visited page (URL)
  • Browser type and version, operating system used (User-Agent)
  • Previously visited website (Referrer URL)
  • Time of the server request
  • IP address of the requesting device

These data do not allow a direct identification of your person. However, the IP address is considered personal data within the meaning of the GDPR. Server log files are usually automatically deleted after 30 days.

Hosting

External Hosting

This website is hosted by an external service provider. Personal data collected on this website are stored on the servers of the hosting provider. This includes, among other things, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access information, and further information generated through the use of the website.

The external hosting is carried out for the fulfillment of contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and serves our legitimate interest in providing our online offering securely, quickly, and efficiently through a professional provider (Art. 6 para. 1 lit. f GDPR). Should corresponding consent be requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR as well as § 25 para. 1 TTDSG, insofar as this includes the storage of cookies or the access to information on the user's device (e.g. device fingerprinting). The consent given can be withdrawn at any time.

Our hosting provider processes your data only to the extent necessary to fulfill its contractual obligations and strictly in accordance with our instructions.

Our Hosting Provider:

Vultr Holdings, LLC
319 Clematis Street, Suite 900, West Palm Beach, FL 33401, USA
https://www.vultr.com

We have concluded a data processing agreement (DPA) with Vultr Holdings, LLC. This ensures that Vultr processes the personal data of our users exclusively in accordance with our instructions and in compliance with the GDPR.

Contact

If you contact us using the contact options provided in the imprint, we use your details solely for processing and responding to your inquiry. Without this data, communication with you would not be possible.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as we wish to ensure efficient and effective communication with our users.

Retention Period:
Your inquiries and contact data will be stored for a period of six (6) months and then deleted, provided that no further inquiries have been received in the meantime.

Job Postings on the Website

If we have open positions, we publish the relevant information in the "Jobs" section on our website. Applications can be submitted according to the instructions provided there or via email.

When you apply, we process your data for the purpose of conducting the selection process in accordance with Art. 6 para. 1 lit. b GDPR. Should we consider your documents, we will invite you to an interview.

Retention Period:

  • Application data will be stored for up to seven (7) months after the conclusion of the application process.
  • Unsolicited applications without a specific job posting will be kept for a maximum of two (2) years if no suitable vacancy is available.
  • Should an employment contract be concluded, your data will be further processed for the fulfillment of legal employment obligations.

Longer Retention Periods

If no specific retention period is mentioned in this privacy policy, your personal data will remain with us until the purpose of processing ceases to exist. Should you request deletion or withdraw your consent, your data will be deleted, unless statutory retention periods require longer storage. In such cases, deletion will take place after the statutory periods have expired.

In certain cases (e.g. statutory requirements under the Federal Fiscal Code or the Corporate Code), we are obliged to retain certain data for up to seven (7) years (Art. 6 para. 1 lit. c GDPR).

Cookies and Storage Technologies

We only use technically necessary cookies that are required for the basic function of our website. These are used based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Note:
You can disable cookies in your browser; however, this may result in restrictions on the functionality of the website.

We do not use tracking technologies or targeted advertising cookies. We do not sell data to third parties.

Links to Third-Party Websites

Our website may contain links to external websites of third parties, e.g. our social media profiles. When clicking on such a link, you will leave our website.

For the processing of your data on these external pages, the respective operator is solely responsible. Please refer to the privacy policies of the third-party providers.

Notifications & Marketing Emails

If you register for our services or provide us with your email address, we may occasionally send you marketing and product information regarding LumeSec Technologies e.U.

You can unsubscribe from marketing emails at any time by clicking on the “unsubscribe” link in the email.

Data Transfer to Third Parties

Your personal data will only be transferred in the following cases:

  • Necessary transfer to authorities or courts for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR).
  • Transmission to banks or payment service providers, if necessary for the processing of payments.
  • Commissioning of data processors in accordance with Art. 28 GDPR, which are expressly named in this privacy policy.
  • No transfer to third countries, except where explicitly stated.

Disclosure of Personal Data

Your data will only be disclosed to third parties if it is necessary for the fulfillment of a contract, if there is a legal obligation, or if we have a legitimate interest. When working with data processors, we enter into appropriate agreements to ensure data protection.

Right to Withdraw Your Consent

You have the right to withdraw any consent you have given for the processing of your data at any time. Processing carried out up to the withdrawal remains lawful.

Providers of Payment Services

For credit card payments, we use the payment service provider Stripe Payments Europe, Ltd. (513174), The One Building, 1 Lower Grand Canal Street, Dublin 2, Ireland (“Stripe”).

For the execution of transactions, the following personal data may be processed:

  • Name
  • Email address
  • Billing address
  • Payment information

Stripe processes data both as a data processor and as an independent controller. Details can be found in Stripe’s privacy policy: https://stripe.com/privacy

Providers of AI Services

If we use tools based on artificial intelligence (AI), the processing of personal data is carried out exclusively for the respective use (e.g. processing of email drafts).

AI Services Used:

  • OpenAI Ireland Limited (Privacy Policy)
  • DeepL SE (Privacy Policy)

If no AI tools are used, no data is transferred to external AI providers.

Data Protection in Other Countries

We process and store data within the EU. In certain cases, data may be transferred to third countries, provided that we always ensure an adequate level of data protection in accordance with applicable regulations.

Your Rights as a Data Subject

You have the right to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data at any time. In addition, you can request correction or deletion of this data. If you have given consent for data processing, you may withdraw it at any time with future effect. Under certain conditions, you also have the right to restrict the processing of your data. Furthermore, you have the right to lodge a complaint with the competent data protection authority.

Your rights under the GDPR include:

  • Right to access your stored data (Art. 15 GDPR)
  • Right to rectify incorrect data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)

Please direct inquiries to:
Email: privacy@lumesec.ai

If you believe that the processing of your data is not in accordance with the GDPR, you have the right to lodge a complaint with the data protection authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
www.dsb.gv.at

Right to Object to Data Processing in Special Cases as well as to Direct Marketing (Art. 21 GDPR)

If the processing of your personal data is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object, for personal reasons, to the processing. In this case, your data will not be further processed unless there are overriding legitimate grounds for the processing.

If your data is used for direct marketing, you may object to the processing at any time. In this case, your data will no longer be used for marketing purposes.

Right to Data Portability

You have the right to receive your data, which we process automatically on the basis of your consent or a contract, in a commonly used machine-readable format, or to have it transmitted to another controller upon request.

Right to Access, Rectification, and Deletion

You have the right to obtain free information about the data stored about you as well as to request its rectification or deletion at any time.

Right to Restriction of Processing

You may request the restriction of processing of your personal data if:

  • You dispute the accuracy of the data (for the duration of verification),
  • The processing is unlawful, but you do not want deletion,
  • We no longer require your data, but you need it for legal claims,
  • You have objected to processing and it is still being determined whether your interests prevail.

During restricted processing, your data – aside from storage – may only be processed with your consent or for specific legal reasons.

SSL or TLS Encryption

This website uses SSL or TLS encryption for security reasons in order to protect the transmission of confidential content.

eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal data of our customers as far as it is necessary for the establishment, execution, or termination of a contractual relationship. We also process usage data that is required for the provision or billing of our service. The legal basis for this is Art. 6 para. 1 lit. b GDPR.

Customer data collected will be deleted after the conclusion of the contract or termination of the business relationship, unless statutory retention periods apply. Statutory retention obligations remain unaffected.

Audio and Video Conferences

Data Processing

For communication with customers, business partners, and other third parties, we use online conferencing tools. When you communicate with us via video or audio conference, your personal data is processed both by us and by the provider of the respective conferencing tool.

In particular, the following is collected:

  • Data provided by you (e.g. name, email address, telephone number)
  • Metadata (e.g. duration of the meeting, time of participation, number of participants)
  • Technical data (e.g. IP address, device type, operating system, client version, camera and microphone settings)
  • Shared content (e.g. chat messages, files, shared screens)

Since data processing is partly carried out by external providers, we have only limited influence on how these companies further process the data. Further information on processing by the respective providers can be found in their privacy policies.

Purpose and Legal Basis

The use of online conferencing tools is carried out for the fulfillment of contracts or for the conduct of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). In addition, we have a legitimate interest in efficient and uncomplicated communication (Art. 6 para. 1 lit. f GDPR). Should consent be required, processing is carried out exclusively on the basis of that consent (Art. 6 para. 1 lit. a GDPR), which may be withdrawn at any time.

Retention Period

The data collected via the conferencing tools will be deleted by us as soon as the purpose for storage ceases to exist or if you request deletion. Should statutory retention periods exist, these remain unaffected.

We have no influence on the retention period of the data stored by the providers of the conferencing tools. You can obtain information on this directly from the respective provider.

Conferencing Tool Used: Microsoft Teams

We use Microsoft Teams for online meetings, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Further information on data processing by Microsoft Teams can be found in Microsoft’s privacy statement:
Microsoft Privacy Statement

Data Transfer to the USA

Microsoft is certified under the EU-US Data Privacy Framework (DPF). This certification is intended to ensure that European data protection standards are maintained when data is processed in the USA. More information on the certification can be found here:
🔗 EU-US Data Privacy Framework – Microsoft

Data Processing Agreement

We have concluded a data processing agreement (DPA) with Microsoft. This ensures that Microsoft processes our users’ personal data exclusively in accordance with our instructions and in compliance with the GDPR.

Cal.com (Online Appointment Scheduling)

For online appointment scheduling, we use Cal.com, a service provided by Cal.com, Inc., 2261 Market Street #4385, San Francisco, CA 94114, USA.

Through Cal.com, you can book appointments directly on our website. In doing so, personal data such as name, email address, telephone number, and appointment preferences are collected and processed.

Further information on data processing by Cal.com can be found in their privacy policy:
Cal.com Privacy Policy

Data Transfer to the USA

Cal.com may transfer personal data to the USA. The processing is carried out on the basis of the EU Commission’s Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

Use of Google Fonts

Our website uses Google Fonts for a uniform display of fonts. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Local Integration of Google Fonts

To best protect your personal data, we have integrated Google Fonts locally on our server. As a result, no connection to Google’s servers is established when you visit our website, and no data is transmitted to Google.

Legal Basis

Since Google Fonts is hosted locally, its use is based on our legitimate interest in a uniform and attractive presentation of the website pursuant to Art. 6 para. 1 lit. f GDPR.

Analytics and Third-Party Tools

Detailed information on the analytics tools used can be found in the following privacy policy.

What Data Do We Collect?

Automatically Collected Data (Server Logs)

When you visit our website, the following technical data is automatically stored:

  • IP address (anonymized)
  • Date and time of access
  • Pages visited
  • Browser type and version
  • Operating system
  • Referrer URL (the previously visited page)

This data is used for the security and optimization of our website and is not used to identify individuals.

Personal Data You Transmit to Us

If you use our contact form or send us an email, we store the data you provide, e.g.:

  • Name
  • Email address
  • Message

These data are used exclusively for processing your inquiry and will not be shared with third parties without your consent.

Data Security

We implement technical and organizational measures to protect your data, including:

  • SSL encryption for secure data transmission
  • Regular updates and security measures
  • Access controls and limitation of data processing

Nevertheless, 100% security on the Internet cannot be guaranteed.

Changes to These Privacy Notices

This privacy policy may be updated at any time to meet legal requirements or to improve our services. Changes will be published on this page. The version available at the time of your visit applies.

Last Updated: 18.3.2025