The protection of your privacy is important to us. We process personal data only to the extent necessary and in accordance with the applicable legal provisions. In the following, we will inform you about which data we process for specific purposes in the context of your business relationship with CRYPTAS, as well as about your rights in this regard.

 

---

 

1. Scope of data collection when using our website

 

1.1 Hosting

Our website is hosted by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. HubSpot provides the technical infrastructure for hosting and processing website data. In doing so, HubSpot processes personal data that is automatically transmitted when you visit our website. This includes, in particular:

• IP address of the requesting device

• Date and time of access

• Name and URL of the retrieved file

• Website from which access was made (referrer URL)

• Browser used and, if applicable, the operating system of your device, as well as the name of your access provider

The above data is processed for the following purposes:

• To ensure a smooth connection to the website

• To ensure convenient use of our website

• To evaluate system security and stability

The legal basis for the data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest derives from the purposes for data collection listed above. If additional services (e.g. tracking or analysis tools) are used, their processing is carried out exclusively on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR.

Personal data is only stored for as long as is necessary to achieve the stated purposes or as required by statutory retention periods.

The data of our website is stored on HubSpot servers located in the European Union, in particular in Germany. This ensures that your data is processed in compliance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Since HubSpot is headquartered in the United States, it cannot be ruled out that personal data may also be processed there. HubSpot uses the EU Commission’s Standard Contractual Clauses to ensure an adequate level of data protection.

Further information on data processing by HubSpot can be found in HubSpot’s privacy policy at: https://legal.hubspot.com/privacy-policy

1.2 Cookies

Our website uses cookies. These are small data files that are stored on your device via your web browser when you visit our website. Cookies do not contain program code and do not transmit malware. We use technically necessary cookies and analytics cookies. These serve to ensure website functionality and statistical analysis and are either deleted at the end of a session or remain on your device for a defined period unless you delete them yourself.

Where cookies are strictly necessary for the operation of the website, they are used on the basis of Art. 6 (1) lit. f GDPR (legitimate interest in a stable and secure online presence). All other cookies, in particular those used for analytics purposes, are set exclusively on the basis of your explicit consent in accordance with Art. 6 (1) lit. a GDPR.

The transfer of data collected via cookies only takes place if this is explicitly stated in this privacy policy or if external service providers (e.g. analytics or marketing tools) are used. You can find more information in the relevant sections on the services used (see section 1.3).

We use the integrated cookie consent tool provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, to manage the legally required consents for the use of cookies and similar technologies. Technically necessary cookies cannot be deactivated via this tool, as this would impair the functionality of the website. However, you can delete or block cookies at any time in whole or in part via your browser settings. Please note that in this case, not all functions of the website may be fully available.

1.3 Services Used

 

1.3.1 Cloudflare

Our website uses the service Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA, to ensure the security and performance of the website. Cloudflare uses cookies such as _cf_bm and _cfuvid, which are necessary to detect malicious access and distinguish legitimate users. Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in the security and functionality of the website).

When using Cloudflare, data may be transmitted to the United States. Data transfers to the U.S. are based on the Standard Contractual Clauses approved by the EU. Further information can be found at: https://www.cloudflare.com/privacypolicy/

1.3.2 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics helps us analyze user behavior on our website and improve our offerings. In doing so, information about the use of this website may be processed and stored, such as accessed pages, length of stay, devices used, or anonymized IP addresses.

The data collected by Google Analytics is usually transferred to Google servers and stored there. In certain cases, processing in the United States cannot be ruled out. However, Google undertakes to take appropriate safeguards to ensure an adequate level of protection and compliance with the GDPR. Data collected by Google Analytics is stored only for as long as necessary for the stated purposes or as required by law.

Data processing is carried out exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. You may revoke your consent at any time by:

• adjusting your cookie settings on our website, or

• deleting stored cookies in your browser.

Further information on data processing by Google can be found at: https://policies.google.com/privacy

1.3.3 HubSpot Tracking Code

Our website has activated the HubSpot Tracking Code, a service provided by HubSpot Inc., USA, for analyzing website usage and optimizing our marketing activities. Personal data (e.g. IP address, usage data, device information) may be processed. HubSpot also sets cookies to analyze user behavior.

Data processing is carried out exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR. You may revoke your consent at any time by:

• adjusting your cookie settings on our website, or

• deleting stored cookies in your browser.

Since HubSpot is based in the USA, it cannot be ruled out that data may also be processed there. HubSpot uses the EU Commission’s Standard Contractual Clauses to ensure an adequate level of data protection.

Further information on data processing by HubSpot can be found in HubSpot’s privacy policy at: https://legal.hubspot.com/privacy-policy

 

---

 

3. Scope of data collection for CRYPTAS group webinars

CRYPTAS collects, processes, and uses the following personal data from participants who register for a webinar of the CRYPTAS group:

• First name
• Last name
• Email
• Optional: Organization
• IP address
• Connection data
• Registration data

We process this data to plan, run, and follow up on the webinar. This includes:

• Registration and administration of participants
• Technical provision and implementation of the webinar
• Communication in connection with the event (e.g., sending access links, reminders, or follow-up documents)
• Sending follow-up emails, provided that consent has been given

The legal basis is Art. 6 (1) b GDPR (performance of a contract) and, where applicable, your consent pursuant to Art. 6 (1) a GDPR.

If a webinar is recorded, we will clearly inform participants of this in advance. Webinars are generally recorded in a way that ensures no personal data of participants is identifiable. The recordings will be used exclusively for the specified purposes (e.g., provision to participants, internal documentation).

Participants can revoke their consent (e.g., to receive follow-up emails) at any time with future effect—for example, by email (see Section 9) or via the unsubscribe link in the emails.

Your data will be deleted as soon as it is no longer required for the implementation and follow-up of the webinar, provided that there are no legal retention obligations.

 

---

4. Scope of data collection for online inquiries to CRYPTAS, support and sales enquiries

CRYPTAS collects and processes the following of your data when you contact us in the form of an online inquiry or submit an online support or sales inquiry:

• First name
• Last name
• e-mail address
• Name of the company
• The topic and your request

The following information is optional; if you provide this information, the data will also be processed:

• Your function in the company
• Address, telephone/fax number and web address of the company

This data will be stored for the duration of one calendar year (unless there is a legitimate reason for further processing).

 

---

 

5. Scope of data collection for the CRYPTAS partner request

If you are interested in registering as a CRYPTAS partner, the following data will be collected and processed by CRYPTAS:

• First and last name
• your e-mail address
• Your function in the company
• Name, address, telephone/fax number and web address of the company
• Any comments

All data provided (see points 1, 2, 3) will be processed by CRYPTAS it-Security GmbH in Vienna.

If no partner registration takes place, this data will be deleted after 6 months (unless there is a legitimate reason for further processing).

 

---

 

6. Disclosure to third parties

All data that you have transmitted to us will be treated confidentially and protected by technical and organizational measures as part of our IT security policy. As a matter of principle, we do not make your data available to third parties unless you have given your consent or we are legally obliged to do so. Exceptions to this are our service partners who require the transmission of data for order processing (e.g. the shipping company commissioned with the delivery and the credit institution commissioned with payment processing). In these cases, however, the scope of the data transmitted is limited to the minimum required.

 

---

 

7. Rights of data subjects

If the legal requirements are met, you have the following rights under the GDPR

Right of access, rectification, erasure, restriction of processing, data portability, objection to processing. In addition, you have the right to lodge a complaint with the competent supervisory authority if you believe that your personal data is being processed unlawfully.

Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, e-mail:dsb@dsb.gv.at

 

---

 

8. Google reCAPTCHA

ReCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human users.

The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website.

reCAPTCHA collects personal data from users. During the reCAPTCHA check, website operators and therefore Google collect a range of user data. Among other things, Google reCAPTCHA collects information about the

 

• Page that integrates reCAPTCHA,
• Referrer URL (page from which the user comes),
• IP address of the user,
• settings of the end device (language, browser, location),
• Dwell time,
• Mouse movements and keyboard strokes,
• Screen and window resolution,
• time zone and
• installation of browser plugins.
  
  

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

The data collected during the analysis is forwarded to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA takes place on the basis of Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF). For more information about Google Ireland Limited's DPF membership, please visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

Further information on Google reCAPTCHA and Google's privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

 

---

 

9. Name and contact details of the responsible body

CRYPTAS it-Security GmbH
Franzosengraben 8/4.OG
1030 Vienna, AUSTRIA
Tel. +43 (1) 3 555 3 - 0
Fax. +43 (1) 3 555 3 - 990
E-Mail:office@cryptas.com

• Controller: PrimeSign GmbH, Wielandgasse 2, 8010 Graz E-Mail: office@prime-sign.com; Phone: +43 (316) 25 830
• Purpose of processing: Proof of identification of natural persons for the purpose of issuing a (qualified) certificate. The data will not be used for other purposes.
• Legal basis: Art 6 para 1 lit b GDPR (performance of a contract), Art 24 eIDAS Regulation
• Duration of storage: 30 years after expiry of the validity of the issued certificate or 30 years from the date of issue of the certificate (Section 10 (3) SVG)
• Processed data: Identity data, data for proof of identity, certificate data
  
  
  

---

 

If the legal requirements are met, you have the following rights under the GDPR: right of access, rectification, erasure, restriction of processing, data portability, objection to processing.

You have the right to lodge a complaint with the following supervisory authority if you believe that your personal data is being processed unlawfully Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, e-mail: dsb@dsb.gv.at