Privacy Policy

1. Data Controller

2. Personal Data We Collect

We collect personal data only when necessary to provide our services and to communicate with you. This may include:

• Name and surname
• Email address
• Company name and position
• Phone number (if provided)
• Message content submitted via the contact form
• Technical data: IP address, browser type, pages visited, access timestamps (server logs)
• Billing and payment information (if you engage our services)

We do not collect sensitive personal data (health data, biometric data, political opinions, etc.) unless explicitly necessary and consented to.

3. Purpose of Processing

Personal data is processed for the following purposes:

• Responding to inquiries and providing customer support
• Providing and managing contracted software and IT services
• Managing user accounts and access credentials
• Billing, invoicing and payment processing
• Sending service-related communications (not marketing without consent)
• Improving the security and performance of our services
• Compliance with legal obligations

4. Legal Basis for Processing

Processing of personal data is carried out on the following legal bases under the GDPR:

• Article 6(1)(b) GDPR — Processing necessary for the performance of a contract or for pre-contractual measures
• Article 6(1)(c) GDPR — Processing necessary for compliance with a legal obligation
• Article 6(1)(f) GDPR — Processing based on legitimate interests (e.g., website security, fraud prevention)
• Article 6(1)(a) GDPR — Based on your explicit consent (e.g., newsletter, cookies)

5. Data Retention

Personal data will only be stored for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable legal obligations:

• Contact form inquiries: up to 3 years from the date of last communication
• Client service data: for the duration of the contractual relationship and up to 7 years thereafter (tax/accounting obligations under Austrian law)
• Server logs: up to 30 days, unless required longer for security investigations

After the retention period expires, personal data is securely deleted or anonymised.

6. Data Sharing

We do not sell, trade or rent your personal data to third parties. Data may be shared with:

• Hosting providers — for operating the website and services (EU-based servers where possible)
• Payment processors — for billing and invoice management
• Legal and accounting advisors — bound by confidentiality obligations
• Authorities — where required by Austrian or EU law

Any data processors we engage are required to comply with GDPR and are bound by data processing agreements.

7. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of access — You may request a copy of the personal data we hold about you (Art. 15 GDPR)
• Right to rectification — You may request correction of inaccurate data (Art. 16 GDPR)
• Right to erasure — You may request deletion of your personal data ("right to be forgotten") where applicable (Art. 17 GDPR)
• Right to restriction — You may request restriction of processing in certain circumstances (Art. 18 GDPR)
• Right to data portability — You may receive your data in a machine-readable format (Art. 20 GDPR)
• Right to object — You may object to processing based on legitimate interests (Art. 21 GDPR)
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at contact@cyphersys.at. You also have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at).

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include:

• HTTPS/TLS encryption for all data in transit
• Access controls and authentication requirements
• Regular security assessments and updates
• Data minimisation practices
• Physical and logical security at hosting facilities

Despite these measures, no system can guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant authorities and affected individuals in accordance with GDPR requirements.

9. Cookies & Tracking

Our website may use the following types of cookies and similar technologies:

• Strictly necessary cookies — Required for the website to function correctly. These cannot be disabled.
• Analytics cookies — Used to understand how visitors interact with our website. We prefer privacy-focused analytics tools that do not share data with third parties.

We do not use advertising or tracking cookies. We do not share data with social media platforms. You can disable cookies in your browser settings, though this may affect website functionality.

10. Hosting & Server Location

This website is hosted on servers in the European Union. Server access logs may be collected automatically and include IP addresses, request timestamps and HTTP headers. These logs are used solely for security monitoring and technical operations.

11. Policy Updates

We reserve the right to update this Privacy Policy to reflect changes in our practices or applicable law. The updated version will be published on this page with a revised "Last updated" date. We recommend reviewing this policy periodically.

Continued use of our website after an update constitutes acceptance of the revised policy.

12. Contact for Privacy Matters