Privacy Policy

I. Overview

If you are a customer or business partner of our company, or if you use our software, please refer to Section III.

If you are visiting our website, please refer to Section II.

II. What data do we process when you visit our website?

Welcome to our website! Please familiarize yourself with how we process your personal data when you visit our website (Art. 13, Art. 14 GDPR; Section 165(3) Austrian Telecommunications Act (TKG)).

When visiting our website, the following data may be processed:

• Browser type,
• Operating system,
• Country,
• Date,
• Time and duration of access,
• IP address ¹ and pages visited on our website, including entry and exit pages,
• Contact page on the website,
• Device data: We may store personal data from your device. Such data includes geolocation data, IP address, unique identifiers (e.g. MAC address),
• Data you enter in the course of scheduling an appointment,
• Email address,
• First and last name,
• Email in the course of newsletter distribution,
• Payment data (via Stripe)

The processing of this data is necessary to ensure the security of website operations and to maintain the functionality of the website from a technical perspective. Some of this data is collected through technical cookies. These technical cookies are used only to the extent necessary (Section 165(3) Austrian Telecommunications Act (TKG)). The processing of this data is justified by our legitimate interest in operating our website (Art. 6(1)(f) GDPR).

For the operation of our website, it may be necessary to disclose your data to the following recipients:

• Data recipient: Hosting provider based in Germany, IONOS SE
  Purpose of data processing: Website hosting;
  Legal basis of data processing: Legitimate interest (Art. 6(1)(f) GDPR)
  Registered office: Austria
  Secure third-country transfer: Within the EU
• Data recipient: Google LLC, Google Analytics
  Purpose of data processing: Analysis of visitor behavior on the website
  Legal basis of data processing: Consent (Art. 6(1)(a) GDPR)
  Registered office: USA
  Secure transfer to a third country: Google LLC is listed under the EU-US Data Privacy Framework (HR & Non-HR data)
• Data recipient: PostHog Inc (self-hosted analytics tool)
  Purpose: Analysis of user interaction in the app (e.g. clicks, feature usage, funnels)
  Data types: IP address, session history, browser data, anonymous user ID
  Legal basis: Consent (Art. 6(1)(a) GDPR)
  No third-country transfer or external processing
  No cross-site tracking functionality
  Registered office USA: PostHog Inc is listed under the EU-US Data Privacy Framework
• Data recipient: ELK Stack (logging & error analysis, self-hosted); Elasticsearch B.V
  Tools: Elasticsearch, Logstash, Kibana
  Purpose: Server logs & technical error analysis
  Data types: IP, timestamp, API requests, session ID where applicable
  Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
  Processing only internally by our development team
  Registered office: The Netherlands

II.1. Overview of technical cookies used

The above-mentioned data is stored using so-called "cookies" ². Cookies are text files stored on your computer that enable analysis of website usage. They serve to recognize and store temporary data of website visitors. We generally use cookies only to the extent necessary to communicate with you through our website.

These technical cookies are activated as soon as you visit our website.

The following cookies are used on the basis of our legitimate interest (Art. 6(1)(f) GDPR) on our platform:

An overview of the technical cookies used can be found in our Cookie Policy.

II.2. Overview of analytics cookies used

In addition to the technical cookies described above, we also use so-called analytics cookies (including "statistical cookies"). These analytics cookies allow us to better understand and evaluate your interests. Using analytics cookies, we can better understand how visitors use our website (e.g. pages visited, click behavior, visit duration). This information helps us continuously improve our website.

We respect that not every website visitor wants this. Therefore, we process your data through analytics cookies only if you consent to it (Art. 6(1)(a) GDPR). You may revoke this consent at any time, whereby data processing carried out up to the point of revocation remains lawful.

The following advertising cookies are currently used:

An overview of the analytics cookies used can be found in our Cookie Policy.

III. For what purposes do we process your data if you are a customer, in a business relationship with us, or use our application(s)?

In the course of our business relationship with customers and business partners, as well as the provision of the software to users, we process data on the basis of contractual obligations (execution of the contractual relationship with you, pre-contractual obligations, billing of services, dispatch of documents, communication for contract execution, provision of the application) and legal obligations (legally required retention pursuant to Section 132 Austrian Federal Fiscal Code (BAO)) (Art. 6(1)(b) and (c) GDPR) as well as on the basis of our legitimate interests or the legitimate interests of third parties (Art. 6(1)(f) GDPR), namely:

• for the purpose of internal administration and management of your business case to the extent necessary (e.g. handling your business case, due diligence review by potential investors, file management, archiving purposes, correspondence with you);
• for the purpose of providing the software;
• for the purpose of direct marketing (e.g. postal mail, email distribution, satisfaction surveys, congratulatory correspondence, statistical analyses);

We expressly inform you that you have the right to object to the processing of your data for the purpose of direct marketing.

• Assertion and defense of legal claims

in each case to the extent necessary. The processing of your data serves the initiation, maintenance, and execution of our business relationships. If you do not provide us with this data, we will unfortunately be unable to handle your business case.

Where applicable, we process your data based on your voluntary, express consent (Art. 6(1)(a) GDPR).

In connection with the provision of the application, we rely on:

• Data recipient: Stripe, Inc
  Purpose of data processing: Payment processing
  Legal basis of data processing: Contractual necessity (Art. 6(1)(b) GDPR)
  Registered office: USA
  Secure transfer to a third country: Stripe Inc is listed under the EU-US Data Privacy Framework

III.1. What data is processed when using the software?

In the course of using the software, the following personal data or categories of personal data are processed:

• Name (first and last name)
• Email
• Username
• Initials
• Company name
• Photos
• UID
• IP address
• Timestamp of access
• Passwords
• Voting results
• Actions taken
• Account status
• Communication via chat
• Team memberships
• Project memberships
• Push notifications
• Reactions (emojis)

IV. How long is your data stored?

We will only store your data for as long as is necessary for the purposes for which we collected it. In this context, statutory retention obligations must be taken into account (for example, for tax law reasons, contracts and other documents from our contractual relationship must generally be retained for a period of seven years (Section 132 Austrian Federal Fiscal Code (BAO))). In justified individual cases, for example to assert and defend legal claims, we may store your data for up to 30 years after the end of the business relationship.

Data of prospective customers is stored for up to one year from the date of last contact by the prospective customer.

V. Who may receive your data?

In the course of our business relationship and the use of the application, it may be necessary for us to transfer your data to the following recipients:

VI. Collection of data from other sources (Art. 14 GDPR)

We do not obtain data from third-party sources.

VII. Is automated decision-making or profiling carried out (Art. 13(2)(f) GDPR)?

Our company does not engage in automated decision-making or profiling.

VIII. What rights do you have regarding data processing?

We wish to inform you that, provided the legal requirements are met:

• You have the right to request information about what data of yours is processed by us (see Art. 15 GDPR for details).
• You have the right to request the rectification or completion of inaccurate or incomplete data relating to you (see Art. 16 GDPR for details).
• You have the right to erasure of your data (see Art. 17 GDPR for details).
• You have the right to object to processing of your data that is necessary for the purposes of our legitimate interests or those of a third party (see Art. 21 GDPR for details). This applies in particular to the processing of your data for advertising purposes.
• You have the right to receive the data you have provided in a structured, commonly used, and machine-readable format (data portability).

If we process your data on the basis of your consent, you have the right to revoke this consent at any time by email. This does not affect the lawfulness of data processing carried out up to that point (Art. 7(3) GDPR).

IX. What complaint rights do you have?

Should there be, contrary to expectations, a violation of your right to lawful processing of your data, please contact us by post or email. We will endeavor to address your concern promptly. You also have the right to lodge a complaint with the supervisory authority responsible for data protection matters.

The address of the Austrian Data Protection Authority is:

X. How can you contact us?

If you have any further questions about the processing of your data, please feel free to contact our data protection coordinator using the contact details provided below.

XI. Controller

The controller within the meaning of Art. 4(7) GDPR is:

Pondore GmbH
Brückengasse 8/6.4
1060 Vienna
Austria
Email: office@pondore.at

The telephone number will be added shortly.