top of page

Privacy Policy

The data controller for processing your information is:


BSC Webdesign OG
Sankt-Johann-Gasse 1-5/1/17
1050 Vienna
Austria
Email: office@bscwebdesign.com

We are delighted by your interest in our website. Protecting your privacy is extremely important to us. Below, we provide detailed information about how your data is handled. Data processing is conducted in accordance with the GDPR and § 165 para. 3 TKG (Austria).

1. Access Data and Hosting
You can visit our website without providing personal information. Each time a webpage is accessed, the web server automatically stores a "server log file" containing information such as the name of the requested file, your IP address, date and time of access, transferred data volume, and the requesting provider (access data). This data is analyzed exclusively to ensure the smooth operation of the site and to improve our services. This is in line with our legitimate interests, as defined in Art. 6 para. 1 sentence 1 lit. f GDPR. Access data is processed only as long as necessary for the stated purposes.

Hosting
The hosting and website display services are partially provided by our service providers as part of commissioned processing. All access data and data collected through forms on the website are processed on their servers unless otherwise stated in this privacy policy. If you have questions about our service providers or the basis of our collaboration, please contact us via the methods outlined in this privacy policy.
Our service providers are located and/or use servers in countries with adequate data protection as determined by the European Commission, including Israel, the United Kingdom, and the USA (based on adequacy decisions and certifications).

For countries without such adequacy decisions (e.g., Brazil, Mexico, India, Ukraine), we rely on the EU's standard contractual clauses for data protection.

2. Data Processing for Contract Fulfillment and Contact

2.1 Data Processing for Contract Fulfillment
We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g., via a contact form or email). Mandatory fields are marked as such because we require this information to process the contract or handle your inquiry. Without this data, it may not be possible to complete your order or submit your inquiry. The specific data collected can be seen in the respective input forms.
We use the data you provide for contract processing and to handle your inquiries (including requests related to warranty claims, performance issues, or legal update obligations) as per Art. 6 para. 1 sentence 1 lit. b GDPR. For more information on how your data is processed, including sharing with service providers for order, payment, and shipping purposes, refer to the subsequent sections of this privacy policy.
After the contract is fully processed, your data will be restricted for further use and deleted after the expiration of legal retention periods in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR unless you have explicitly consented to further use of your data as per Art. 6 para. 1 sentence 1 lit. a GDPR, or unless we are legally permitted to use your data for other purposes, as explained in this statement.

2.2 Contact
As part of customer communication, we collect personal data to handle your inquiries in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR when you voluntarily provide it to us (e.g., via a contact form or email). Mandatory fields are marked as such because this information is required to process your inquiry. The specific data collected is visible in the respective input forms.
After your inquiry is fully processed, your data will be deleted unless you have explicitly consented to further use of your data as per Art. 6 para. 1 sentence 1 lit. a GDPR, or unless we are legally permitted to use your data for other purposes, as explained in this statement.

2.3 Data Processing for Appointment Scheduling
We collect personal data when you voluntarily provide it to us as part of scheduling an appointment. Mandatory fields are marked as such because this information is essential for processing the appointment request. Without this information, we cannot process your appointment booking. The specific data collected can be seen in the respective input forms. Information provided in free-text fields is optional and not required for the booking process. We request that you refrain from entering sensitive information (e.g., health-related data such as illnesses) in such fields.

We use the data you provide to process your appointment in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. After the appointment has been fulfilled, your data will be restricted for further use and deleted after the expiration of legal retention periods as per Art. 6 para. 1 sentence 1 lit. c GDPR unless you have explicitly consented to further use of your data as per Art. 6 para. 1 sentence 1 lit. a GDPR, or unless we are legally permitted to use your data for other purposes, as explained in this statement.

Appointment Scheduling Tool by Calendly
For appointment scheduling, we use the booking solution provided by Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518, USA. The service provider acts on our behalf.
Our service providers are located and/or use servers in countries with adequate data protection levels as determined by the European Commission, including the USA.

The adequacy decision for the USA serves as the basis for data transfers to third countries, provided the respective service provider is certified. Certification is in place.

3. Data Processing for Shipping Purposes
To fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we share your data with the shipping service provider responsible for delivering the ordered goods, insofar as this is necessary for the delivery.
If you have any questions about our service providers or the basis of our collaboration with them, please contact us using the details provided in this privacy policy.

4. Data Processing for Payment Transactions
We collaborate with the following partners for payment processing in our online shop: technical service providers, financial institutions, and payment service providers.

4.1 Data Processing for Transaction Execution
Depending on the chosen payment method, we transfer the necessary data for processing the payment transaction to our technical service providers acting on our behalf, the designated financial institutions, or the selected payment service providers. This is required to process the payment and fulfill the contract, as per Art. 6 para. 1 sentence 1 lit. b GDPR.
In some cases, the payment service providers collect the required data directly, such as through their own website or technical integration during the order process. In these cases, the privacy policy of the respective payment service provider applies.
For questions about our payment processing partners and the basis of our collaboration with them, please contact us using the details provided in this privacy policy.

4.2 Data Processing for Fraud Prevention and Payment Process Optimization
Where necessary, we may provide our service providers with additional data, which they combine with the data required for payment processing. This is used as part of their role as processors to prevent fraud and optimize payment processes (e.g., invoicing, handling of disputed payments, and accounting support).
This processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, safeguarding our legitimate interest in fraud prevention and efficient payment management.

5. Social Media

5.1 Social Buttons for Facebook (by Meta) and Instagram (by Meta)
Our website uses social buttons from social networks. These buttons are embedded as HTML links, ensuring no connection is made to the servers of the respective provider when you visit our site. If you click on one of these buttons, the respective social network’s website will open in a new browser window. There, you can, for example, click the Like or Share button.

5.2 Our Online Presence on Facebook (by Meta) and Instagram (by Meta)
If you have provided your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored when you visit our profiles on these social media platforms. This data is used for market research and advertising purposes, and pseudonymous user profiles may be created. These profiles can help display advertisements that are likely tailored to your interests both on and outside the platforms. Cookies are typically used for this purpose.
For detailed information about how your data is processed and used by the respective social media provider, as well as information about your rights and privacy settings, please refer to the privacy policies linked below. If you require assistance, you are welcome to contact us.
Facebook (by Meta)
Facebook is operated by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information collected by Meta Platforms Ireland during your visit to our Facebook page is typically transferred to and stored on a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in connection with visiting a Facebook page is based on a joint responsibility agreement under Art. 26 GDPR. For more information (including Insights data), click here.
Our service providers are located and/or use servers in the following countries, where the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for data transfer to third countries, provided the respective service provider is certified. Certification is in place.
Our service providers may also be located or use servers in the following countries without an adequacy decision from the European Commission: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. Our collaboration with these providers is based on the European Union’s standard contractual clauses.
Instagram (by Meta)
Instagram is operated by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Information collected by Meta Platforms Ireland during your visit to our Instagram page is typically transferred to and stored on a server operated by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in connection with visiting an Instagram page is based on a joint responsibility agreement under Art. 26 GDPR. For more information (including Insights data), click here.
Our service providers are located and/or use servers in the following countries, where the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.
The adequacy decision for the USA serves as the basis for data transfer to third countries, provided the respective service provider is certified. Certification is in place.
Our service providers may also be located or use servers in the following countries without an adequacy decision from the European Commission: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. Our collaboration with these providers is based on the European Union’s standard contractual clauses.

6. Contact Options and Your Rights

6.1 Your Rights
As a data subject, you have the following rights:

  • Right of Access (Art. 15 GDPR): You have the right to request information about the personal data we process about you, as specified in Art. 15 GDPR.

  • Right to Rectification (Art. 16 GDPR): You have the right to request the immediate correction of inaccurate personal data or the completion of incomplete data stored by us.

  • Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, provided further processing is not required:

    • To exercise the right to freedom of expression and information.

    • To fulfill a legal obligation.

    • For reasons of public interest.

    • To establish, exercise, or defend legal claims.

  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing your personal data if:

    • You contest the accuracy of the data.

    • The processing is unlawful, but you oppose its deletion.

    • We no longer need the data, but you require it to establish, exercise, or defend legal claims.

    • You have objected to the processing under Art. 21 GDPR.

  • Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or request that it be transferred to another controller.

  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, typically in the country of your habitual residence, workplace, or the location of our company headquarters.


Right to Object
If we process your personal data based on our overriding legitimate interests as part of a balancing of interests (as explained above), you have the right to object to this processing with future effect.
If the data processing is for direct marketing purposes, you can exercise this right at any time, as described above. If the processing serves other purposes, you have the right to object only if there are reasons that arise from your particular situation.
Once you have exercised your right to object, we will stop processing your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
This does not apply to processing for direct marketing purposes. In that case, your personal data will no longer be processed for such purposes.

6.2 Contact Options
If you have questions about the collection, processing, or use of your personal data; need information, rectification, restriction, or deletion of data; wish to revoke consent; or want to object to specific data use, please contact us directly using the contact details provided in our Imprint.

bottom of page