Data Protection
Information on the processing of personal data pursuant to Art. 13 and 14 GDPR and the Austrian Data Protection Act (DSG)
Protecting your personal data is a core part of how we build products. This policy explains what data we process when you visit this website, on what legal basis, and the rights you have. For information on the data processing within our products and platform, please contact us directly.
The controller responsible for data processing on this website within the meaning of the GDPR is:
xzeptiq FlexCo
Schützenweg 5, 5321 Koppl, Austria
E-Mail: hello@xzeptiq.com
We have not appointed a data protection officer, as we are not legally required to do so. For any data protection enquiry, please contact us at the address above.
We process personal data in accordance with the GDPR on the following legal bases: your consent (Art. 6(1)(a) GDPR); the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR); compliance with a legal obligation (Art. 6(1)(c) GDPR); and our legitimate interests in the secure and efficient operation of this website (Art. 6(1)(f) GDPR).
This website is hosted on GoDaddy Managed WordPress. GoDaddy is our hosting provider and acts as our processor under a data processing agreement pursuant to Art. 28 GDPR; under that agreement GoDaddy commits to processing hosting data within the EU/EEA or a country recognised by the EU as offering an adequate level of protection. GoDaddy's ultimate parent, GoDaddy Inc., is based in the USA; where a transfer to the USA occurs it is additionally safeguarded by the EU Standard Contractual Clauses. When you access the website, the provider's servers automatically collect and store information that your browser transmits in so-called server log files:
IP address · date and time of the request · browser type and version · operating system · referrer URL · amount of data transferred.
This data is processed on the basis of our legitimate interest in the technically error-free presentation and security of our website (Art. 6(1)(f) GDPR). Log data is stored for a short period and then deleted, unless it is required as evidence in the event of security incidents.
When you first visit our website, only technically necessary storage is active. To remember your cookie choice, we store a value in your browser's local storage (xzeptiq_cookie_consent); this is required for the basic functioning of the consent mechanism and does not require consent.
Analytics cookies and similar technologies are disabled by default and are only activated once you give your consent via our cookie banner (§ 165(3) TKG 2021, Art. 6(1)(a) GDPR). You can withdraw your consent at any time with effect for the future by clearing the stored preference in your browser; on your next visit the banner will reappear and you can decide again.
Subject to your consent, this website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Ireland is the controller's contractual partner and in turn relies on Google LLC (USA) as a sub-processor.
Google Analytics uses cookies and similar identifiers to analyse how visitors use our website. The information generated (including a shortened IP address, device and browser information, pages visited, and approximate location) is used to compile aggregated statistics. We have IP-anonymisation enabled, and analytics tags are loaded in Google Consent Mode v2 with all storage set to “denied” until you actively consent.
Legal basis: your consent pursuant to Art. 6(1)(a) GDPR and § 165(3) TKG 2021. You may withdraw your consent at any time with effect for the future (see section 4).
Further information: Google Privacy Policy · Google Analytics data practices.
If you contact us by e-mail or via our enquiry form, we process the data you provide (e.g. name, company, e-mail address, company size, your message, and any file you attach) solely to handle your enquiry and any follow-up questions.
The legal basis is your consent (Art. 6(1)(a) GDPR) and, where your enquiry relates to a contract, the performance of pre-contractual measures (Art. 6(1)(b) GDPR). We store this data until your enquiry has been fully dealt with, after which it is deleted, unless statutory retention obligations require otherwise.
Enquiries submitted through our form are stored in Google Sheets (Google Workspace), and any file you attach is stored in Google Drive (Google Workspace) and linked from the enquiry record. Google acts as our processor under a data processing agreement pursuant to Art. 28 GDPR; our Google Workspace environment is configured to store this data within the EU where available. We retain form enquiries only for as long as needed to handle them and any follow-up; enquiries that do not lead to a business relationship are deleted at the latest after 24 months, unless statutory retention obligations require otherwise.
We only pass on personal data where this is necessary and legally permitted. Service providers who process data on our behalf (e.g. GoDaddy for hosting, Google for analytics, and Google Workspace / Google Sheets for storing form enquiries) act as processors under data processing agreements pursuant to Art. 28 GDPR. We do not sell personal data.
Where you consent to Google Analytics, personal data may be transferred to Google LLC in the USA. Google LLC is certified under the EU–US Data Privacy Framework, which the European Commission has recognised as providing an adequate level of protection (adequacy decision of 10 July 2023). In addition, transfers are safeguarded by the EU Standard Contractual Clauses. Despite these safeguards, access to data by U.S. authorities cannot be entirely excluded.
We store personal data only for as long as necessary for the respective purpose or as required by statutory retention periods. Once the purpose ceases to apply and no retention obligations remain, the data is deleted.
As a data subject, you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing (Art. 21). Where processing is based on consent, you may withdraw that consent at any time with effect for the future (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out before the withdrawal.
To exercise these rights, please contact us at hello@xzeptiq.com.
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority in Austria is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, dsb@dsb.gv.at, dsb.gv.at.
We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR on this website.
As of: June 2026. We may update this privacy policy to reflect changes to our website or legal requirements. For questions: hello@xzeptiq.com