The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In the following data protection information, we inform you about the most important aspects of data processing on our website.

The type, scope and purposes of data processing as well as its legal basis and the rights of the persons concerned are described below.

COMMUNICATION AND CONTACT

Personal data that you transmit to us electronically on this website, e.g. name, e-mail address, telephone number, will only be used by us to process your request, will be stored securely and will not be passed on to third parties.

The categories of data that may be collected are as follows: Surname, first name, title and/or function(s), if applicable, as well as data on availability for postal mailings (address), electronic contacts (e-mail) and telephone contacts (telephone number(s) for landlines and cell phones). If further data should/must be collected in detail, this can be seen from the respective input forms.

PERSON RESPONSIBLE

Unless explicitly stated otherwise in this document, the controller responsible for the processing of your personal data under data protection law is

nox ventures e.U.

FN 602843i

Breitenfeldergasse 1A/4

1080 Vienna

contact@nox-ventures.com

COLLECTION OF DATA WHEN VISITING OUR WEBSITE

When you visit our website, we process your personal data for the following purposes and on the following legal bases:

When you visit our website, we process your personal data that is technically necessary for us to be able to display our website to you and to ensure stability and security when you visit our website. For this purpose, we process the following – possibly – personal data

• IP address
• Browser type and version
• Operating system and platform
• the complete Uniform Resource Locator (URL)

The aforementioned data is stored in server log files for security purposes, which are automatically deleted after a few days.

This data processing is necessary to provide our website (legal basis: Art. 6 para. 1 lit. b GDPR) and to safeguard our legitimate interest in ensuring IT security (legal basis: Art. 6 para. 1 lit. f GDPR).

When you visit our website, we also process (possibly personal) data such as your language setting in the browser in order to automatically display a localized version of our website, i.e. in particular a version adapted to your language. This data is stored for several months.

This data processing is necessary to safeguard our legitimate interest in the automated, needs-based provision of our website (legal basis: Art. 6 para. 1 lit. f GDPR).

WEB ANALYTICS

We use the following services of Google Ireland Ltd or Google LLC (“Google”). The following applies to these services with regard to legality under Chapter V of the GDPR:

Even if the transfer and data traffic mainly takes place with Google Ireland Ltd, data is also transferred to the United States of America. The transfer of data to Google LLC is therefore a transfer of data to a third country. Due to the EU-US Data Privacy Framework and the certification of Google LLC (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active), there is an adequate level of data protection within the meaning of Art 45 (1) GDPR.

You can find out more about the EU-US Data Privacy Framework and the rights of data subjects under this agreement at this link: https://www.dataprivacyframework.gov/s/european-individuals.

1. Google Analytics

We use Google Analytics, a web analysis service, on our websites for analysis purposes. Google Analytics uses cookies that enable us to analyze the use of our website. The information generated by the cookie about the use of our website is transmitted to a Google server and stored there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, analyzing the effectiveness of our digital advertising and improving its customization, and providing other services relating to website activity and internet usage.

You can find more information on terms of use and data protection at https://policies.google.com/terms https://policies.google.com/privacy

This data processing is carried out on the basis of your consent, which we obtain via our cookie banner that is displayed to you when you first visit the website (legal basis: Art. 6 para. 1 lit. a GDPR).

This consent can be revoked at any time with effect for the future. Please click this link to deactivate Google Analytics for our website: [Link]

You can also generally prevent Google from processing your usage data on other websites by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

2. Google Search Console

We use Google Search Console, a service provided by Google LLC (“Google”), to analyze our websites. This tool enables us to monitor the presence of our website in Google search results and to correct any errors. No personal data is processed through the use of the Google Search Console tool. It is not possible for us to access user data. Instead, Google Search Console offers the opportunity to improve the website without using our own tracking. We only provide information about its use for reasons of transparency.

3. Google Maps

We use the “Maps” map plug-in from Google LLC (“Google”) to make it easier to find our location. If you consent to the use of the tool by means of the “two-click solution” implemented on our website, your data will be transferred to servers in the USA to Google. No data will be transferred to Google without your (express) consent.

This data processing is carried out on the basis of your consent (legal basis: Art. 6 para. 1 lit. a GDPR).

This consent can be revoked at any time with effect for the future. Please click this link to deactivate Google Analytics for our website: [Link]

4. Google Ads

Our company uses the services of Google Ads Conversion to advertise our appealing offers on external websites with the help of advertising material (also known as Google Ads). We strive to analyze the performance of individual advertising measures based on campaign data. Our aim is to present you with advertising that arouses your interest, to make our website more attractive for you and to calculate the advertising costs fairly.

Google uses so-called “ad servers” to deliver these advertisements. In this context, we use ad server cookies to record certain parameters for measuring success, for example the display of advertisements or clicks by users. As soon as you access our website via a Google ad, Google Ads places a cookie on your end device. This cookie usually stores the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (to indicate that a user does not want any more ads).

By using these technologies, Google is able to uniquely identify your individual internet browser. If an anonymous visitor visits specific pages of the website of our advertising partners and the technical element stored on their device is still valid, both Google and our advertising partners can understand that a prospective customer has clicked on a specific ad and was subsequently redirected to the linked page. Each of our partners is assigned an individual recognition element. However, these special technical elements cannot be used to track the anonymous visitor’s movements on other websites. Our company does not collect or analyze any personal information in connection with these advertising measures. We only receive general evaluations and statistics from Google. Thanks to these anonymous evaluations, we can find out which of our advertising measures are particularly effective. We do not receive any other data or information that could enable us to identify our visitors in this context.

This data processing is carried out on the basis of your consent (legal basis: Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future. Please click this link to deactivate Google Analytics for our website: [Link]

SOCIAL MEDIA

We use social media offerings. We have created corresponding presences on the social networks Facebook and Instagram (both operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin), hereinafter referred to as “Meta”, which we link to on this page.

Meta’s data protection information can be found at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

Social media presences are merely linked by us on the website and are not actively integrated. Data processing only takes place if you access these pages and visit our profiles there.

If you contact us via Meta services, we offer you the option of switching to a more secure communication channel. Depending on your request, this may be e-mail or an even more secure communication channel. Our privacy policy can only supplement, but not replace, the information provided by Meta Ireland Ltd and LinkedIn Ireland Unlimited Company in connection with the use of these networks.

We would also like to point out that in connection with social media channels, we are also to be regarded as joint controllers with these companies to a very limited extent in accordance with Art. 26 GDPR. This applies in particular to certain insights regarding statistical evaluations of visitors to our pages there. Personal data is not directly accessed. However, this is already sufficient for joint responsibility. For this reason, we conclude corresponding agreements with the providers.

The agreement with Meta can be found at the following link: https://web.facebook.com/legal/controller_addendum?_rdc=1&_rdr

PURPOSE OF PROCESSING

As explained above, as part of our social media presence, we also receive very limited access to statistics that Meta compiles based on visits to the presence. Below we inform you about the analysis options that we receive as a result.

Firstly, the use of this information aims to offer network operators the opportunity to optimize their advertising systems that are distributed via their networks. Secondly, it enables us, as operators of the social media platforms, to compile statistics generated from visits to our social media pages. The aim of this measure is to support the management of our marketing activities. For example, it allows us to gain insights into the trends of visitor profiles that like our social media pages or use the pages’ functions. This enables us to provide more relevant content and develop features that may be of greater interest to them.

In order to gain a better understanding of how we can advance our business goals through our social media pages, demographic and geographic analyses are also created and made available based on the information collected. We can use these findings, for example, to place targeted, interest-based advertisements. However, we do not receive any direct information about the identity of visitors. If visitors use social media services on different end devices, the collection and analysis may also take place across devices and possibly platforms, provided that the visitors are registered and logged into their own profile.

The statistics compiled on visitors are provided to us exclusively in anonymous form and we have no access to the underlying data.

In addition, we use our social media presences to get in touch with our customers, interested parties and users and to provide information about our services. In this context, we may receive additional information, for example through user comments, private messages or by you following us or sharing our content. The processing serves the sole purpose of communicating and interacting with you.

LEGAL BASIS FOR THE OPERATION OF SOCIAL MEDIA PRESENCES

We use our presence on social media to introduce ourselves to users of these platforms and other interested parties who visit our social media pages and to get in touch with them. The processing of users’ personal data is based on our legitimate interests in improving the presentation of our company and our products (Art. 6 (1) (f) GDPR).

RESPONSIBILITY WITH META

Through the agreement concluded with Meta with regard to our presence on these platforms, the operators recognize the joint responsibility under data protection law for so-called insight data and assume important obligations under data protection law with regard to informing data subjects, data security and reporting data breaches. In addition, the agreement with Meta stipulates that Meta acts as the primary point of contact for exercising the rights of data subjects (Art. 15 – 22 GDPR). As the provider of the social network, Meta alone has direct access to the required information and can also take the necessary measures and provide information immediately. However, if our support is required, we are available at any time.

TRANSFER OF DATA BY META

Meta processes data throughout the Group, which may also result in data processing in the USA by Meta Platforms, Inc. and its subsidiaries. Since the conclusion of the EU-US Privacy Framework, US companies can voluntarily submit to this program, whereby the data transfer to the USA is to be regarded as a data transfer to a secure third country. Meta Platforms. Inc is certified under the EU-US Data Privacy Framework.

QUICKBOOKS

We use the accounting software Quickbooks from the American company Intuit, Inc 2700 Coast Ave, Mountain View, CA 94043, USA.

The data we enter is also processed in the USA. Intuit is an active participant in the EU-US Data Privacy Framework, which regulates the specific and secure transfer of personal data from EU citizens to the USA. You can find more information at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Quickbooks uses standard contractual clauses in accordance with Art 46 GDPR. These are templates provided by the EU Commission to ensure that data processing complies with European data protection standards. The basis of our customer relationship with Intuit under data protection law is order processing in accordance with Section 28 GDPR.

Intuit’s data protection information can be found at: https://www.intuit.com/privacy/statement/?tid=331704633932

LINKS

This website contains links to websites of third parties and partners for whose content we are not responsible. We accept no liability for the content of external links.The operators of linked external sites are solely responsible for their content.

CONTACT FORM

We offer you the opportunity to get in touch with us using the contact form.We collect your name and e-mail address when you use the contact form.In addition, personal data may be transmitted via the contact form itself. This can be any possible personal data that you provide yourself. We will only process the data that we need for your specific request. We will delete any other data.

The legal basis for the transfer is either the performance of a contract with or constitutes a pre-contractual measure (legal basis: Art. 6 para. 1 lit. b GDPR), otherwise the transfer is based on your consent (Art. 6 para. 1 lit. a GDPR).

DATA TRANSMISSION BY EMAIL

You have the option of contacting us by e-mail or telephone. In this case, the data that you communicate to us in this way will be processed. Depending on the purpose of your contact, we delete the associated data in most cases after the purpose has been achieved or in any case after the end of a statutory retention obligation.

This data processing is necessary for the performance of a contract with you and constitutes a pre-contractual measure (legal basis: Art. 6 para. 1 lit. b GDPR) or serves to answer a contact request made for other reasons, which we answer on the basis of our legitimate interest (legal basis: Art. 6 para. 1 lit. f GDPR).

RETENTION PERIODS

We retain your personal data for the duration of our business relationship – from the beginning to the end of a contractual relationship. In addition, we store it in accordance with the legal requirements for the storage of documents and for the defense against possible legal claims. The length of the retention period depends on the applicable legal requirements, including limitation periods. These are generally 7 years in accordance with with the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO) and six months in accordance with the Equal Treatment Act (GIBG).the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO) and six months in accordance with the Equal Treatment Act (GIBG).

However, in special cases it may be necessary to consider a longer retention period due to legal limitation periods.

YOUR RIGHTS

You have the following rights vis-à-vis us with regard to your personal data:

Right of access by the data subject (Article 15 GDPR):

You have the right to request information from us at any time about the data we have stored about you. This information includes, among other things, the categories of data that we process, the purposes for which they are processed, the source of the data if they were not collected directly from you and, if applicable, the recipients to whom we have disclosed your data. You can obtain a copy of your data from us free of charge. Should you require additional copies, we reserve the right to charge you for these copies.

Right to rectification (Article 16, GDPR):

You have the right to request that we rectify inaccurate data concerning you. We will take reasonable steps to keep the data we hold and process accurate, complete and up-to-date on an ongoing basis, based on the most recent information available.

Right to erasure (Article 17, GDPR):

You have the right to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing (Article 18, GDPR):

You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, if the processing is unlawful but you oppose its erasure and we no longer need the data but you require it for the establishment, exercise or defense of legal claims or if you object to the processing pursuant to Article 21, GDPR.

Right to data portability (Article 20, GDPR):

You have the right to request that we transfer your data to another controller, where technically feasible. However, you can only assert this right if the data processing is based on your consent or is necessary for the performance of a contract. Instead of receiving a copy of your data, you can also request that we transfer the data directly to another controller named by you.

Right to object (Article 21, GDPR):

You have the right to object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will stop processing your data. This does not apply if we can demonstrate compelling legitimate grounds for the processing which override your interests or if we need your data for the establishment, exercise or defense of legal claims.

Right to withdraw consent (Article 7(3), GDPR):

You have the right to withdraw your consent to us at any time. The consequence of this is that we may not continue the data processing based on this consent in the future.