Privacy Policy
Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you could be personally identified.
Who is responsible for data collection?
Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice (imprint) of this website or via office@webconsulting.at.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This could, for example, be data you enter into a contact form or provide when registering for our AI Tools. For the B2B subscription to the AI Tools, we additionally collect company and billing data such as the company name and, if applicable, the VAT ID. Other data is collected automatically by our IT systems when you visit the website.
General Notes and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
Controller
The controller responsible for data processing on this website is: webconsulting business services gmbh, Johann Nepomuk Berger-Straße 7/2/14, 7210 Mattersburg, Austria. Telephone: +43 2626 20156, Email: office@webconsulting.at
Withdrawal of your consent
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal message sent to us by email is sufficient for this purpose. The legality of the data processing carried out before the withdrawal remains unaffected by the withdrawal.
Legal bases for data processing
The processing of your personal data is carried out on the basis of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Telecommunications Act (TKG). Depending on the purpose of processing, the legal bases are: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Performance of a contract), Art. 6(1)(c) GDPR (Legal obligation), Art. 6(1)(f) GDPR (Legitimate interests).
Data Collection on our Website
Cookies
Our internet pages partially use so-called cookies. Cookies are small text files that are placed on your computer and stored by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. To use our AI Tools, we use a session cookie for authentication (Legal basis: Art. 6(1)(b) GDPR - Performance of a contract).
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is processed to ensure operation and detect attacks (Legal basis: Art. 6(1)(f) GDPR). The maximum storage period is 30 days.
Contact Form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions (Legal basis: Art. 6(1)(b) GDPR). The data will be deleted after the processing is complete and any statutory retention periods have expired.
AI Chatbot (OpenAI)
Our website offers an AI-supported chatbot to answer frequently asked questions. When using the chatbot, your enquiries are transmitted to and processed by OpenAI LLC (USA). No personal data is stored – neither on our servers nor are conversations logged. Processing is carried out exclusively to answer your enquiry. OpenAI processes the data in accordance with their privacy policy. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a user-friendly service). Data transmission to the USA takes place on the basis of Standard Contractual Clauses (SCCs) in accordance with Art. 46(2)(c) GDPR. You can close the chatbot at any time and avoid using it. The functionality uses sessionStorage (no cookies), which is automatically deleted when the browser is closed.
Payment Processing and Processors
Polar.sh (Payment Processing) – Data transmission to the USA
For the processing of payments for our AI Tools, we use Polar Software Inc. ("Polar.sh"), 548 Market St, PMB 96878, San Francisco, CA 94104-5401, USA. Polar.sh is a US company. Data transmission to the USA takes place on the basis of Standard Contractual Clauses (SCCs) in accordance with Art. 46(2)(c) GDPR. When placing an order or registering for a subscription, the following data is transmitted to Polar.sh: email address, username, company name, and, if applicable, VAT ID, as well as billing and payment information (payment details are entered directly into Polar.sh and are not stored by us). Polar.sh acts as the Merchant of Record and is responsible for payment processing, invoicing, and VAT calculation. Data processing is based on Art. 6(1)(b) GDPR (Performance of a contract). Polar.sh processes the data in accordance with their privacy policy. Storage period at Polar.sh: Your payment data is stored for the duration of the contractual relationship and beyond in accordance with statutory retention periods (generally 7 years for tax-relevant documents).
Vercel (Hosting)
Our website and AI Tools are hosted by Vercel Inc. Vercel stores technical access data (IP address, timestamp) to provide the service. Vercel uses servers in the EU (Frankfurt) and processes data in accordance with their privacy policy. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and high-performing website).
AI Tools Usage Tracking
When using our AI Tools (Prompt Database, Content Optimisation, Image Editor), we track token usage to bill usage-based costs. Data collected: number of tokens used, timestamp, user ID. This usage data is assigned to your user account and transmitted to Polar.sh for invoicing. Storage is based on Art. 6(1)(b) GDPR (Performance of a contract). Storage period: Usage data is stored for the duration of the contractual relationship and 3 years beyond for billing purposes.
User Account for AI Tools
When registering for our AI Tools, we store: username, email address, hashed password (bcrypt), registration date, subscription status, and company data such as the company name and, if applicable, the VAT ID. This data is required to provide the service, for invoicing in a B2B context, and is stored on servers in the EU (Vercel/AWS Frankfurt). Storage is based on Art. 6(1)(b) GDPR (Performance of a contract). Storage period: Account data is stored for the duration of the contractual relationship. Upon cancellation, the data will be deleted within 30 days, provided no statutory retention periods stand in the way.
Storage Period and Deletion
Overview of storage periods
Account data (AI Tools): Duration of the contractual relationship + 30 days after account deletion.
Usage data (Token consumption): Duration of the contractual relationship + 3 years for billing purposes.
Billing data: 7 years (statutory retention period).
Server logs: Maximum 30 days.
Contact enquiries: Until resolved + any statutory retention periods.
Email verification tokens: 24 hours after creation.
Automatic Deletion
Expired email verification tokens are automatically deleted after 24 hours. Upon account deletion, all personal data is irrevocably deleted within 30 days, provided there are no statutory retention obligations.
International Data Transmission
Third-Country Transfers
Within the scope of our services, personal data is transmitted to recipients in third countries (outside the EU/EEA). This applies in particular to the USA (Polar.sh for payment processing, OpenAI for the chatbot).
Safeguards for Third-Country Transfers
For all data transmissions to third countries, we have implemented appropriate safeguards in accordance with Art. 46 GDPR:
Standard Contractual Clauses (SCCs):Standard Contractual Clauses pursuant to the European Commission's Implementing Decision (EU) 2021/914 have been agreed with Polar.sh and OpenAI.
Supplementary Measures: In addition to the SCCs, we rely on technical measures such as data transmission encryption (TLS 1.3) and pseudonymisation, where possible.
You can request a copy of the Standard Contractual Clauses at office@webconsulting.at.
Your Rights
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data is being processed and, if so, to gain access to this data and further information.
Right to rectification (Art. 16 GDPR)
You have the right to request the immediate rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
Right to erasure (Art. 17 GDPR)
You have the right to request the immediate erasure of your personal data, provided that one of the legal grounds applies and no statutory retention obligations prevent it.
Right to restriction of processing (Art. 18 GDPR)
Under certain conditions, you have the right to request the restriction of the processing of your personal data.
Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transmit this data to another controller.
Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.
Right to lodge a complaint with the supervisory authority
In the event of data protection violations, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at, Tel: +43 1 52 152-0.
SSL and TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the padlock symbol in your browser line.
Questions about data protection or your rights
If you request access, rectification, erasure, or further information regarding data processing, please write to us at office@webconsulting.at.
Status of this Privacy Policy: 10.12.2025
This privacy policy is regularly reviewed and updated as necessary. Registered users will be informed by email of any material changes.
Parts of this content were created with the assistance of AI.