PRIVACY POLICY

1. Controller

ValueADD Unternehmensberatungs GmbH

Possannergasse 29, 1130 Vienna, Austria

Commercial register no.: FN 588660 b

Commercial register court: Commercial Court of Vienna

UID: ATU78522207

Managing Director: Mag. Manuela Fürst

Phone: +43 664 9951 9326

E-mail: [email protected]

2. General Information

We take the protection of your personal data seriously. We process your personal data exclusively in accordance with the applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG 2021).

Your IP address, as well as the start and end of your session, are recorded for the duration of your visit to our website. This is technically necessary for the operation of the website and constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. Unless otherwise stated below, these data are not further processed by us.

3. Purpose of This Website

This website provides information about ValueADD Unternehmensberatungs GmbH and its services in the fields of M&A advisory, restructuring and interim CFO services, and serves to promote these services.

4. Categories of Personal Data Processed

When you visit this website, we may process the following categories of personal data:

  • IP address
  • Date and time of access
  • Requested page or file
  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Server log data

If you contact us via the contact form, we process the data you provide, in particular:

  • Name
  • Company
  • Email address
  • Phone number
  • Selected topic
  • Message / short description of your situation

Please note: Providing your name and email address is required to process your enquiry. Without these details, we are unable to respond to your message. All other fields are voluntary.

5. Purposes and Legal Bases of Processing

  • To ensure the technical operation, security and stability of the website — Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
  • To process enquiries submitted via the contact form, email or phone — Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and, where applicable, Art. 6(1)(f) GDPR
  • To comply with legal obligations — Legal basis: Art. 6(1)(c) GDPR

6. Contacting Us

If you contact us via the contact form on the website, by email or by phone, the data you provide will be processed for the purpose of handling your enquiry and for possible follow-up questions or further business communication. These data are stored for a period of 6 months from the last contact. Beyond that, storage only takes place where legal retention obligations apply or where necessary to establish, exercise or defend legal claims.

We do not pass on this data without your consent unless this is necessary for the fulfilment of a contract, for pre-contractual measures, for technical processing by processors acting on our behalf, or due to a legal obligation.

7. Recipients of Data

Your personal data will only be disclosed to third parties where necessary for the operation of the website, the handling of your enquiry, the fulfilment of legal obligations, or where you have given your consent. Possible recipients may include:

  • Hosting providers
  • IT and website maintenance service providers
  • Email and infrastructure providers
  • Professional advisers where legally or commercially necessary
  • Authorities or courts where there is a legal obligation

8. Hosting

This website and the associated mail infrastructure are hosted by an external hosting provider.

World4You Internet Services GmbH

Hafenstraße 35, 4020 Linz, Austria

In the course of hosting, personal data processed on this website may be stored on the servers of the hosting provider, in particular server log data and data submitted via the website. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider.

9. Cookies and Similar Technologies

Our website uses cookies. Cookies are small text files stored on your device by your browser. They do not cause any harm.

Technically necessary cookies

This website uses technically necessary cookies to ensure the secure and functional operation of the website. These cookies are used solely to make the website work properly. They do not require your consent and are set on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR and § 165(3) TKG 2021.

The following technically necessary cookies are used:

  • Session cookies (e.g. WordPress authentication cookies): temporary, deleted at end of browser session
  • Security cookies (e.g. CSRF protection): session duration

Third-party cookies (Vimeo)

This website contains embedded videos from Vimeo. When a page with an embedded Vimeo video is accessed, Vimeo may set cookies and process personal data (such as IP address, browser information, device information and usage data). These cookies are not technically necessary and are only activated with your prior consent.

Action required: A cookie consent banner (Cookie-Fenster) should be implemented to obtain active consent before Vimeo content is loaded, in accordance with § 165(3) TKG 2021 and Art. 6(1)(a) GDPR. Alternatively, Vimeo can be integrated using a two-click solution that only loads the embed after the user actively clicks play.

10. Fonts

This website uses fonts that are integrated through the website theme. According to the current setup, no separate external font service (such as Google Fonts) is used for the live website. All fonts are loaded locally from the web server.

11. Vimeo

This website contains embedded videos from Vimeo LLC, 555 West 18th Street, New York, NY 10011, USA.

When a page containing an embedded Vimeo video is accessed, the following personal data may be transmitted to Vimeo: IP address, browser information, device information, usage data, and information about videos accessed. Vimeo may also use cookies or similar technologies.

This involves the transfer of personal data to the United States. Vimeo LLC participates in the EU-US Data Privacy Framework (DPF), which provides an adequacy decision by the European Commission pursuant to Art. 45 GDPR. In addition, standard contractual clauses pursuant to Art. 46(2)(c) GDPR may apply.

For further information on Vimeo’s data processing, please refer to Vimeo’s Privacy Policy at: https://vimeo.com/privacy

Action required: Vimeo videos should only be loaded after the user has given active consent via a cookie banner. Until then, only a preview image or placeholder should be displayed.

12. LinkedIn

This website contains a link to our LinkedIn profile (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). When you click on the LinkedIn link, you leave this website and are redirected to LinkedIn. From that point onward, the processing of personal data is carried out by LinkedIn under its own responsibility and in accordance with LinkedIn’s Privacy Policy.

13. Storage Period

We store personal data only for as long as necessary for the respective purposes:

  • Server log data: stored only as long as necessary to ensure the security, stability and technical operation of the website (typically up to 7 days, unless a specific incident requires longer retention)
  • Contact form / email enquiries: 6 months from last contact, or longer where legal retention obligations apply or where necessary to establish, exercise or defend legal claims

14. Third-Country Transfers

As a rule, we process personal data within the European Union or the European Economic Area.

However, when using third-party services such as embedded Vimeo content, personal data may be transferred to recipients in the United States. Such transfers are made on the basis of:

  • The EU-US Data Privacy Framework (adequacy decision of the European Commission pursuant to Art. 45 GDPR), where the recipient is certified, and/or
  • Standard contractual clauses (SCCs) pursuant to Art. 46(2)(c) GDPR

For further information on applicable safeguards, please refer to the respective provider’s privacy documentation.

15. Your Rights

Under applicable data protection law, you have the following rights regarding your personal data processed by us:

  • Right of access (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of your rights, please contact us at: [email protected]

16. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority.

In Austria, the competent supervisory authority is:

Austrian Data Protection Authority (Datenschutzbehörde)

Barichgasse 40-42, 1030 Vienna, Austria

Website: www.dsb.gv.at

17. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access. This website is transmitted via an encrypted HTTPS connection.

18. Changes to This Privacy Policy

We reserve the right to amend this privacy policy where necessary, in particular to reflect legal, technical or business developments. The current version published on this website shall apply. We recommend that you check this page regularly for updates.