Unternehmensberatung
InsightsProductsAbout usContact

UA

EN

DE

Legal

Privacy Policy

Stand: January 2025

NEXORA Unternehmensberatung GmbH (hereinafter "NEXORA", "we", "us" or "our") takes the protection of your personal data very seriously. This Privacy Policy informs you about which personal data we collect, how we use it, and what rights you have regarding your data.

1. Controller and Contact

Controller within the meaning of the GDPR:

NEXORA Unternehmensberatung GmbH
Franz-Josefs-Kai 27/DG/9, 1010 Vienna, Austria
FN 663874 k · UID ATU82669239
Email: office@nexora-consulting.at
Phone: +43 690 200 210 14

2. Principles of Data Processing

We process personal data in accordance with the following principles:

  • Lawfulness, fairness and transparency
  • Purpose limitation — data is collected only for specified, explicit and legitimate purposes
  • Data minimisation — only data necessary for the respective purpose is processed
  • Accuracy — we keep data up to date and correct inaccurate data without delay
  • Storage limitation — data is not retained longer than necessary
  • Integrity and confidentiality — appropriate technical and organisational protective measures

3. Categories of Personal Data Processed

3.1 Contact and Communication Data

Name, first name, company name, position, address, phone number, email address, communication content (e.g. enquiries, messages, emails).

3.2 Contractual and Billing Data

Contract data, service descriptions, fee agreements, invoice data, payment information (bank details, payment history).

3.3 Data from Consulting Projects

In the course of our consulting services, we process personal data provided to us by clients or affected third parties, in particular in connection with corporate structuring, tax advisory, compliance or registration procedures.

3.4 Website Usage Data

When you visit our website, our servers automatically collect technical data: IP address, date and time of access, pages visited, browser type, operating system, referrer URL. This data is not combined with other data sources and is deleted after 7 days.

4. Purposes of Processing and Legal Bases

4.1 Initiation, Conclusion and Performance of Contracts

Purpose: responding to enquiries, preparing offers, concluding contracts, providing consulting services, billing and payment processing.
Legal basis: Art. 6(1)(b) GDPR (contractual performance or pre-contractual measures).

4.2 Compliance with Legal Obligations

Purpose: compliance with statutory retention and documentation obligations (e.g. Austrian Commercial Code, Federal Tax Procedure Act), fulfilment of tax and accounting requirements, AML/KYC checks.
Legal basis: Art. 6(1)(c) GDPR (legal obligation).

4.3 Legitimate Interests

Purpose: IT security, network security, defence against cyberattacks, evidence preservation, assertion and defence of legal claims.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Marketing communications, newsletters and analytics tools are only used with your express consent. Legal basis: Art. 6(1)(a) GDPR.

5. Recipients and Categories of Recipients

Your personal data is only shared with third parties to the extent necessary for contract performance, fulfilment of legal obligations, or on the basis of legitimate interests:

  • IT service providers and hosting providers (e.g. Vercel, Cloudflare)
  • Email delivery services (Postmark / Wildbit LLC)
  • Tax advisors, lawyers and notarial offices (where required)
  • Authorities and government bodies (where legally required)
  • Cooperation partners (only within specific projects, with separate agreement)

6. Transfers to Third Countries

In principle, we process your data within the European Union (EU) or the European Economic Area (EEA). When using certain services (e.g. Cloudflare), data may be transferred to the USA. In such cases, we rely on Standard Contractual Clauses of the European Commission (Art. 46(2)(c) GDPR) or existing adequacy decisions. For information about specific third-country transfers, please contact office@nexora-consulting.at.

7. Retention Periods

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations:

  • Tax and accounting records: 7 years (§ 132 Federal Tax Procedure Act)
  • Contract documents: 7 years after contract end
  • Contact form data without contract conclusion: 6 months
  • Server log files: 7 days

After the retention period expires, data is deleted or anonymised.

8. Your Rights as a Data Subject

8.1 Right of Access (Art. 15 GDPR)

You have the right to request information about whether and which personal data we process about you, including a copy of the data stored and information about its purpose, legal basis, recipients and retention period.

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate or the completion of incomplete personal data.

8.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data, provided one of the grounds listed in Art. 17 GDPR applies (e.g. data no longer necessary, withdrawal of consent).

8.4 Right to Restriction of Processing (Art. 18 GDPR)

Under certain conditions, you may request the restriction of processing your data, e.g. if you contest the accuracy of the data or the processing is unlawful.

8.5 Right to Data Portability (Art. 20 GDPR)

Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used and machine-readable format.

8.6 Right to Object (Art. 21 GDPR)

Where processing is based on legitimate interests, you have the right to object at any time on grounds relating to your particular situation. We will no longer process your data unless we can demonstrate compelling legitimate grounds.

You have the right to object at any time to the processing of your personal data for direct marketing purposes.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw it at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal is not affected.

8.8 Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with the data protection supervisory authority:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
Email: dsb@dsb.gv.at · www.dsb.gv.at

8.9 Exercising Your Rights

To exercise your rights, please contact us in writing (by post or email): office@nexora-consulting.at. We will respond to your request without undue delay and at the latest within one month.

9. Cookies and Similar Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We distinguish between technically necessary cookies (no consent required) and optional cookies (analytics, marketing — consent required).

9.2 Use of Cookies on Our Website

  • Necessary cookies: Language preference, cookie consent — technically required, no consent needed
  • Analytics cookies: Google Analytics 4 — only with your consent (Art. 6(1)(a) GDPR)
  • Security cookies: Cloudflare Turnstile — protection against automated requests (Art. 6(1)(f) GDPR)

9.3 Cookie Management and Objection

You can withdraw or change your consent to optional cookies at any time via our cookie banner, or manage cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

9.4 Web Analytics and Tracking Tools

Google Analytics 4 (GA4): Used only with your express consent. We have entered into a data processing agreement with Google and activated IP anonymisation. Google Privacy Policy

Cloudflare Turnstile: Our forms are protected against automated requests by Cloudflare Turnstile. Data is transferred to Cloudflare Inc. (USA). Legal basis: Art. 6(1)(f) GDPR.

10. Data Security

This website uses SSL/TLS encryption. You can identify an encrypted connection by the padlock symbol in your browser's address bar and the HTTPS protocol. We additionally implement technical and organisational measures to protect your data against loss, destruction, manipulation and unauthorised access.

11. Note on Data Processing Agreements

Where we engage service providers who process personal data on our behalf (data processors), we have concluded data processing agreements with them pursuant to Art. 28 GDPR. Data processors process your data exclusively in accordance with our instructions.

12. Links to External Websites

Our website contains links to external third-party websites. We are not responsible for the content or data protection practices of linked sites. The respective operators are responsible for the data protection on external sites.

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to keep it in line with current legal requirements. The current version is always available on this page. We recommend reviewing this Privacy Policy regularly.

14. Contact for Privacy Enquiries

NEXORA Unternehmensberatung GmbH
Franz-Josefs-Kai 27/DG/9, 1010 Vienna
Email: office@nexora-consulting.at

← Zur Startseite