Dataprotection

Aurenix Solutions OG

Scope

Due to the nature of its business, Aurenix places great importance on the protection of information, and in particular personal data. Aurenix is ​​committed to handling personal data responsibly and in accordance with the law. This privacy policy describes how Aurenix processes and protects personal data – such as first and last name, email address, postal address, telephone number, or other contact details of prospective customers, customers, and business partners. Personal data is processed exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR) and the applicable national data protection regulations. Insofar as personal data is processed within the framework of commissioned data processing, it is transferred to external service providers only on the basis of corresponding data processing agreements pursuant to Article 28 GDPR. Personal data is processed only to the extent necessary to fulfill the respective contractual or legal obligations. Aurenix takes appropriate technical and organizational measures to protect personal data from unauthorized access, loss, misuse, or unlawful processing.

§1 General

1.1. Who is responsible for data processing?

Aurenix Solutions OG is solely responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR). No processing by other group companies or partnerships takes place.


1.2. What data is processed? Where does the data come from (data sources)?

1.2.1. Data collected from the data subject

Aurenix processes personal data that is collected directly from the data subject. Personal data is processed in particular when it is provided within the context of an existing or prospective business relationship (e.g., customers, prospective customers, suppliers, business partners, or in the course of support requests) for the performance of a contract or for the implementation of pre-contractual measures. In addition, Aurenix Solutions OG processes personal data:

• that is actively provided by the customer or the data subject themselves,

• that is necessary for compliance with a legal obligation,

• or for whose processing the data subject has given explicit consent for one or more specific purposes. The personal data processed includes, but is not limited to: Title, first and last name, email address, IP address(es), residential or business address(es), telephone number(s), other contact details, date of birth (if provided), contract and billing data (including information on contractual partners and their contact persons), company data, and other case-related information such as correspondence and communication data.


1.2.2. Data in the Context of Support Services

If support services are used, Aurenix processes the personal data generated in connection with the respective support request. This includes, in particular: Description of the problem, transmitted log files, attachments, screenshots, communication content, documentation of the problem resolution, and the contact details of the persons involved in the support request.


1.3. For what purposes and on what legal basis are personal data processed?

1.3.1. Fulfillment of contractual and pre-contractual obligations

Personal data is processed for the initiation, execution, and processing of contractual relationships, as well as for the provision of the products and services commissioned by the customer. The specific purpose of the data processing depends on the agreed scope of services. In particular, identification and contact data (e.g., name, address, email address, telephone number), contract, billing, inquiry, quotation, and order data, as well as other information required for the performance of the contract, are processed. Legal basis: Art. 6 para. 1 lit. b GDPR.


1.3.2. Fulfillment of legal obligations

Insofar as the processing of personal data is necessary for the fulfillment of legal obligations (e.g., company, tax, or commercial law retention and documentation obligations), this processing is carried out on the basis of legal requirements. Legal basis: Article 6(1)(c) GDPR.


1.3.3. Safeguarding legitimate interests

Aurenix processes personal data to the extent necessary to safeguard legitimate interests and provided that no overriding interests or fundamental rights of the data subject conflict. Legitimate interests include, in particular:

• ensuring proper operation, IT security, and the prevention of misuse,

• improving and further developing products and services,

• responding to inquiries and maintaining business relationships,

• informing customers and prospective customers about our own products, services, or relevant technical developments (direct marketing to the extent permitted by law). Data subjects have the right to object to this processing at any time on grounds relating to their particular situation. Legal basis: Article 6(1)(f) GDPR.


1.3.4. Processing Based on Consent

If consent is required for certain processing operations, processing will only take place for the expressly stated purposes (e.g., sending newsletters, information about events, or providing content). Consent can be withdrawn at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected. Legal basis: Art. 6 para. 1 lit. a GDPR.


1.3.5. Processing in the Context of Support and Service

Personal data is processed in the context of support requests to the extent necessary for processing the request and for error analysis (e.g., contact details, communication content, log files, attachments, or screenshots). Legal basis: Art. 6 para. 1 lit. b and lit. f GDPR.


1.4. Who receives personal data?

Within Aurenix, only those individuals who require access to personal data to fulfill contractual or legal obligations, as well as to protect legitimate interests, are granted such access. Access is granted according to the principles of necessity and purpose limitation. Aurenix is ​​the data controller for all processing operations. Aurenix is ​​responsible for the complete administration, maintenance, configuration, and security of the infrastructure.


Use of Data Processors

For the technical provision of the server infrastructure, Aurenix uses the following external service providers:

• Hetzner Online GmbH Service: Data center and hosting services (server operation)

• sevDesk GmbH Service: Creation of quotes and invoices

• Stripe, Inc. Service: Collection of SEPA direct debit mandates


Hetzner acts exclusively as a data processor within the meaning of Article 28 GDPR. The processing of personal data is carried out exclusively on the instructions of Aurenix and only within the scope of the contractually agreed services. The data is processed on encrypted file systems; Aurenix is ​​solely responsible for managing the encryption and accessing the content.


Other Recipients

In addition, personal data may be transferred to the following to the extent necessary:

• Tax advisors and auditors, insofar as this is necessary for fulfilling tax and commercial law obligations,

• Lawyers, courts, or public authorities, insofar as this is necessary for legal advice, enforcement of rights, or due to legal obligations. Obligations of Data Processors


All data processors are contractually obligated to process personal data exclusively for the specifically defined service provision and to implement appropriate technical and organizational measures in accordance with the GDPR. Transfers to Third Countries Personal data is generally not transferred to countries outside the European Union or the European Economic Area. Should such a transfer become necessary in a specific case, Aurenix will ensure in advance that an adequate level of data protection in accordance with Art. 44 et seq. GDPR is guaranteed (e.g., through standard contractual clauses).


1.5. How long is the data stored?

Aurenix processes and stores personal data only as long as necessary for the respective processing purposes.


Contract-related data

Personal data is stored for the duration of the entire business relationship, from the initial contract negotiation through contract execution to the termination of the contractual relationship. After termination of the contract, personal data is deleted unless statutory retention or documentation obligations prevent deletion. Such obligations arise in particular from:

• commercial and tax law retention obligations (generally 7 to 10 years),

• statutory limitation periods under European or national law (in individual cases up to 30 years).


Product and usage data

After termination of the contract, Aurenix Solutions OG provides the customer – if contractually stipulated – with the data they provided or generated for a limited period (e.g., 14 days). After this period, the instance and all data it contains will be irrevocably deleted, unless statutory retention obligations apply.


Data based on consent

Personal data processed based on consent pursuant to Art. 6 para. 1 lit. a GDPR (e.g., newsletters, event information) will be stored until consent is withdrawn, but for no longer than three years from the last active contact. Consent can be withdrawn at any time and will be effective for the future; the lawfulness of the processing carried out before the withdrawal remains unaffected.


Erasure and restriction

As soon as the respective purpose ceases to apply and no statutory retention obligations exist, the personal data will be erased or anonymized. If erasure is not possible, processing will be restricted to the legally permissible minimum.


1.6. Where is the data stored?

Aurenix stores data either on its own, self-operated hardware or on rented server infrastructure from the data center and hosting provider Hetzner Online GmbH. Regardless of the infrastructure model used, all data is stored exclusively on encrypted file systems.

Encryption takes place at the file system level; the cryptographic keys used for this purpose are managed exclusively by Aurenix and stored separately from the respective system. Neither external service providers nor subcontractors have access to the encryption keys or the contents of the stored data. Through these measures, Aurenix ensures that personal data is effectively protected against unauthorized access, even in the event of physical or technical access to the infrastructure.


1.7. What data protection rights do you have as a data subject?

You have the right to access, rectification, erasure, or restriction of processing of your stored personal data, the right to object to processing, and the right to data portability in accordance with the requirements of the General Data Protection Regulation (GDPR). If the processing of your personal data is based on your consent, you can withdraw this consent at any time. In the event of withdrawal, Aurenix Solutions OG will immediately cease the corresponding processing, unless legal or contractual obligations prevent erasure or restriction. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


You can exercise your data subject rights via the following contact points:

• By email: office@aurenix.at

• By post: Aurenix Solutions OG, Schlossbergstraße 9/1/1, 2410 Hainburg an der Donau


Your rights must generally be asserted in writing. To prevent misuse, Aurenix Solutions OG is entitled to request suitable proof of identity in cases of reasonable doubt. Aurenix Solutions OG is entitled to continue processing personal data provided that it has been anonymized beforehand in such a way that it is no longer possible to associate it with a specific or identifiable person. Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a data protection supervisory authority, in particular with the Austrian Data Protection Authority or another competent supervisory authority within the European Union.


1.8. Mandatory Provision of Personal Data

In the context of initiating, conducting, and processing a business relationship, as well as in the course of pre-contractual measures, the provision of personal data necessary for concluding and fulfilling the respective contractual relationship, or which Aurenix is ​​legally obligated to process, is required. If this personal data is not provided, or not provided completely, this may result in the conclusion of a contract not being possible, or in contractual services – in particular the provision of products or services – not being provided, or not being provided properly.

§2 Information on the Aurenix Solutions Website

2.1. Web analytics and use of the website

2.1.1. Data collected when using the website

When the Aurenix Solutions OG website is accessed, the website service Framer automatically collects and evaluates the following information:

• The source or referrer from which the access originated (e.g. search engines, social networks, direct access),

• Which pages of the website were visited and how frequently,

• The country from which access was made,

• Whether access was made via a mobile device or a desktop device,

• How frequently the contact form provided on the website is used.

With the exception of the use of the contact form, only aggregated, statistical usage data is processed, from which no conclusions can be drawn about an identified or identifiable natural person.

No personal profiling, creation of profiles, or merging of this data with other data sources takes place.


2.1.2. Purpose of processing

The processing of the aforementioned data is carried out for the following purposes:

• Analysis of website usage,

• Improvement of website content, structure, and user-friendliness,

• Statistical evaluation of the website's reach and usage,

• Technical optimisation and ensuring the functionality and security of the website.

Processing is carried out on the basis of legitimate interest pursuant to Art. 6(1)(f) GDPR.


2.1.3. Contact form

Personal data is only processed where the contact form is actively used. This data consists of the information voluntarily entered by the user:

• First and last name

• Email address

• Company name

• Content of the message

• Confirmation of consent to data processing

This data is required to process the enquiry and to make contact with the user.


The processing of personal data provided in the contact form takes place exclusively:

• For the processing and responding to the enquiry,

• For carrying out pre-contractual measures, or

• For fulfilling an existing contractual relationship.

The legal basis is Art. 6(1)(b) GDPR. The data will not be used for any other purposes or disclosed to third parties unless a legal obligation exists.


2.1.4. Separation of data processing

The statistical usage data collected in the context of web analytics is not linked to the personal data collected via the contact form.

No personal profiling, individual user tracking, or automated decision-making within the meaning of Art. 22 GDPR takes place.


2.2. Enquiries via general contact addresses

In addition to the contact form, the Aurenix Solutions OG website also provides general contact addresses (e.g. office@aurenix.at) through which users can get in touch with Aurenix.

When you send a message to such a general email address, the personal data contained therein (e.g. name, email address, company name, content of the enquiry) will be processed and forwarded internally to those persons responsible for handling the respective enquiry.


2.3. Data security

Aurenix implements appropriate technical and organisational measures to protect personal data against loss, destruction, unauthorised access, alteration, or unlawful disclosure.

Where you transmit personal data to us via our website or by email, transmission is carried out exclusively in encrypted form using SSL/TLS (Secure Sockets Layer). An encrypted connection can be recognised, among other things, by the address bar of your browser changing from 'http://' to 'https://'. When encryption is active, the transmitted data cannot be read by unauthorised third parties.

In addition, personal data processed or stored on Aurenix Solutions OG servers is stored exclusively on encrypted file systems. The management of encryption keys is carried out exclusively by Aurenix; the keys are stored separately from the respective system. Data centre and hosting service providers have no access to the content of stored data.

Security measures are continuously reviewed and updated in line with technical developments. However, as with any internet-based data transmission, absolute protection cannot be fully guaranteed.

§3 Privacy Information for Visitors to Our Social Media Platforms

Aurenix Solutions OG maintains social media presences on Instagram and LinkedIn to provide information about the company and to communicate with interested parties and customers.


3.1. Instagram

For our Instagram presence, Aurenix uses the services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, USA. The processing of personal data is carried out on the basis of legitimate interest within the meaning of Art. 6(1)(f) GDPR, in order to provide information and enable communication.

Instagram is part of the Meta group of companies and shares infrastructure and systems with Meta Platforms Ireland Limited. The use of features such as 'Page Insights' may give rise to joint controllership within the meaning of Art. 26 GDPR.

Further information on the data processing activities of Instagram/Meta can be found at:

• https://de-de.facebook.com/legal/terms/page_controller_addendum

• https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect


3.2. LinkedIn

The legitimate interest within the meaning of Art. 6(1)(f) GDPR also applies to the LinkedIn company page. LinkedIn and Aurenix act as joint controllers within the meaning of Art. 26 GDPR. Personal data (e.g. posts, messages, comments) is stored only for as long as necessary for communication and legal retention purposes. Further information can be found at:

• https://de.linkedin.com/legal/privacy-policy


3.3. Liability and responsibility

Aurenix Solutions OG does not collect personal data directly via social media platforms and bears no responsibility for the data protection measures, cookies, or data processing activities of the platform operators. Any processing of data on Instagram or LinkedIn is subject to the respective privacy policies of the operators.

FAQ

Got questions about Aurenix?
We’ve got answers.

Still have questions? Use our contact form or write an email to us at office@aurenix.at

How can I contact you?

What are the next steps after I contacted you?

What software are you using to implement your solutions?

Do I depend on you to run one of your solutions?

FAQ

Got questions about Aurenix?
We’ve got answers.

Still have questions? Use our contact form or write an email to us at office@aurenix.at

How can I contact you?

What are the next steps after I contacted you?

What software are you using to implement your solutions?

Do I depend on you to run one of your solutions?

FAQ

Got questions about Aurenix?
We’ve got answers.

Still have questions? Use our contact form or write an email to us at office@aurenix.at

How can I contact you?

What are the next steps after I contacted you?

What software are you using to implement your solutions?

Do I depend on you to run one of your solutions?

FAQ

Got questions about Aurenix? We’ve got answers.

Still have questions? Use our contact form or write an email to us at office@aurenix.at

How can I contact you?

What are the next steps after I contacted you?

What software are you using to implement your solutions?

Do I depend on you to run one of your solutions?

©2026 Aurenix. All rights reserved.

Home

Services

About us

Legal Notice

GTCs

Data Protection

©2026 Aurenix. All rights reserved.

Home

Services

About us

Legal Notice

GTCs

Data Protection

©2026 Aurenix. All rights reserved.

Home

Services

About us

Legal Notice

GTCs

Data Protection

©2026 Aurenix. All rights reserved.

Home

Services

About us

Legal Notice

GTCs

Data Protection