smartPM.solutions GmbH Privacy Policy

As of June 2026

smartPM.solutions GmbH Privacy Policy, June 2026  (pdf Download)

Table of Contents

 

1. General Information

1.1 Scope

This Privacy Policy applies to data processing by smartPM.solutions GmbH, Bergsteiggasse 56-58, 2500 Baden, Austria. It explains what personal data we collect and process, in the course of our business activities, from users of our website and of our products and services (including Power BI Visuals), from customers, suppliers, and other business partners and contacts, from applicants for positions at our company, and from other individuals. It also explains how and for what purpose we collect and process personal data.

1.2 Definitions

We use the terms defined in the General Data Protection Regulation (GDPR) in the meanings specified therein.

1.3 Controller of Personal Data

The data controller is:

smartPM.solutions GmbH
Bergsteiggasse 56-58
2500 Baden
Austria
Tel +4313580070
Email: info@smartpm.solutions

1.4 Duration of Storage

We process personal data of data subjects in accordance with Articles 17 and 18 GDPR only for as long as necessary to achieve the underlying purpose or as required by law. If the purpose of storage no longer applies, personal data will be deleted in ac-cordance with legal requirements, unless we are obligated (e.g., due to tax and com-mercial law retention and documentation requirements) or entitled (e.g., due to ongo-ing legal disputes) to store it for a longer period, or you have consented to further stor-age pursuant to Article 6(1)(a) GDPR.

1.5 Processors

We may transfer data to data processors. These are companies that we commission to process data within the framework provided by law, Art. 28 GDPR (service providers, vicarious agents). We remain responsible as a controller for the protection of your data even in the case of data processing. We commission companies in particular in the areas of IT, sales, order processing, marketing, finance, and consulting.

2 Data Processing When Using Our Website

2.1 Server Log Files

When you use our website, the following data is stored by our hosting provider for organizational and technical reasons: the names of the pages you visit, the browser and operating system you use, the date and time of access, the website from which you accessed our site (referrer URL), the names and URLs of the files you accessed, and your IP address.

This information is required to deliver the content of our website correctly. In addition, we analyze this technical data solely for statistical purposes to continuously optimize our website and make our online offerings even more attractive. Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest stems from the aforementioned purposes for data collection.

The data is stored separately from other personal data on secure systems. No conclusions are drawn regarding individual persons unless this is necessary to investigate unauthorized access to the site. Information from log files is stored for a period of 14 days and deleted immediately upon expiration of the retention period, unless we are entitled to retain it for a longer period due to special circumstances, such as for evidentiary purposes in the event of a legal violation. The legal basis for such data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above.

2.2 Cookies

Our website uses so-called “cookies.” Cookies are small text files that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services provided by the third-party company.

Cookies serve various functions. Many cookies are technically necessary, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies are used to analyze user behavior or display advertisements.

Cookies that are necessary for the execution of the electronic communication process (necessary cookies) or for the provision of certain functions you have requested (functional cookies, e.g., for the shopping cart function) or to optimize the website (e.g., cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. We have a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of our services. If consent to store cookies has been requested, the storage of the relevant cookies is based exclusively on this consent (Art. 6(1)(a) GDPR, § 165(3) TKG 2021).

You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. Disabling cookies may limit the functionality of this website.

For more information on cookies, please see our Cookie Policy at https://smartpm.solutions/de/cookie-richtlinie/.

2.3 Data Processing and Transfers to Third Countries by Google

When providing the Google services mentioned in our Cookie Policy, Google processes your data as a data processor. To this end, we have entered into a data processing agreement with Google. As part of the data processing by Google, data is also regularly transferred to a Google server in the United States. Google is certified under the EU-US Privacy Shield Framework. For data transfers to Google in the U.S., there is therefore an adequacy decision by the European Commission pursuant to Art. 45 GDPR.

2.4 Links

If you use external links provided on our website, this privacy policy does not apply to the linked websites. We have no influence over other providers’ compliance with data protection and security regulations. Therefore, please also review the privacy policies provided on the websites of those other providers.

3 Company Presence on Social Media Platforms

We maintain various publicly accessible profiles on social networks.

If you are logged into your social media account and visit our social media presence, the operator of the social media portal may associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media platforms can create user profiles that store your preferences and interests. In this way, interestbased advertising can be displayed to you both within and outside the respective social media platform. If you have an account with the respective social network, interestbased advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing activities on social media platforms. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Our social media presence is intended to ensure that our online presence is as targeted as possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

Please note that we do not have full control over the data processing activities of social media platforms. Our options are largely determined by the corporate policies of the respective provider. Any data processing by the providers that does not concern the interaction between you and us—in particular, the use of data for profiling to display targeted advertising to you—is the sole responsibility of the providers.

The data collected directly by us via our social media presence is deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions—in particular retention periods—remain unaffected.

We have no influence over the retention period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

4 Communication with smartPM.solutions

4.1 Contact Form or Inquiries via Email, Phone, or Fax

If you send us inquiries via the contact form or contact us via email, phone, or fax, your inquiry—including all personal data contained therein (name, content of the inquiry)—will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not disclose this data to third parties without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided that such consent was requested.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.

4.2 Job Applications

You can submit your data to us via email or through the application form on our website as an online application. Please note that emails are not sent encrypted, and you, as the applicant, must ensure encryption yourself.

If your application for one of our job openings is unsuccessful, your data will be deleted 90 days after the application process is completed, unless you have issued a valid revocation before the end of this period or have given us consent to store the data for a longer period. This is necessary to enable us to fulfill our obligations to provide evidence under the Equal Treatment Act (GlBG) if required. If you have submitted invoices for travel expense reimbursement to us, these will be stored in accordance with legal requirements and deleted after the statutory retention periods have expired.

We will process the data you provide exclusively for the purpose of handling the application process. This is done on the basis of Article 6(1)(b) GDPR (data processing necessary for the performance of a contract or for the implementation of pre-contractual measures), or, if processing becomes necessary in legal proceedings, on the basis of legitimate interests (Article 6(1)(f) GDPR). If you also voluntarily provide us with special categories of personal data, such as health data, we will process this data on the basis of your explicit consent (Art. 9(2)(a) GDPR). If this is necessary for the intended professional activity, we request special categories of personal data on the basis of Art. 9(2)(b) GDPR (processing for the exercise of rights and fulfillment of obligations).

4.3 Online Meetings via “Microsoft Teams”

We use the “Microsoft Teams” tool to conduct teleconferences, online meetings, video conferences, and/or webinars (hereinafter: “Online Meetings”). “Microsoft Teams” is a service provided by Microsoft Corporation or, for users based in the EU, by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

In the context of our Online Meetings using Microsoft Teams, we process the following personal data:

  • User information: e.g., display name, email address (if applicable), profile picture (optional), preferred language
  • Meeting metadata: e.g., date, time, meeting ID, phone numbers, location
  • Text, audio, and video data: You may have the option to use the chat function during an “online meeting.” In this regard, the text you enter is processed to display it in the “online meeting.” To enable video display and audio playback, data from your device’s microphone and any video camera on your device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Microsoft Teams” application.

If we intend to record Online Meetings, we will inform you of this transparently in advance and—where necessary—request your consent. If it is necessary for the purpose of documenting the results of an Online Meeting, we will record the chat content. However, this will generally not be the case. The legal basis for data processing when conducting Online Meetings is Article 6(1)(b) GDPR (data processing necessary for the performance of a contract), provided the meetings are conducted within the framework of contractual relationships. If no contractual relationship exists, the legal basis is Article 6(1)(f) GDPR. Here, too, our interest lies in the effective conduct of Online Meetings.

The provider of “Microsoft Teams” necessarily gains access to the aforementioned data to the extent provided for in our data processing agreement with Microsoft. Data processing outside the European Union (EU) generally does not occur, as we have limited our storage locations to data centers within the EU. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case in particular if participants in Online Meetings are located in a third country. However, the data is encrypted during transmission over the internet and is thus protected against unauthorized access by third parties.

4.4 Direct Contact; Newsletter

We may contact you directly by phone or email (via newsletter or individually) to inform  you about our services or to survey you for the purpose of improving and optimizing our services, provided you have expressly consented to such contact in advance. In this case, processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Consent may be revoked at any time with future effect (Art. 7(3) sentence 1 GDPR). Upon receipt of the revocation, we may continue to store your contact information so that we can demonstrate your consent even after the data has been deleted from our marketing database. The legal basis for retaining the consent is Art. 6(1)(c) in conjunction with Art. 5(1)(a), (2), Art. 7(1) GDPR, and Art. 6(1)(f) GDPR. 

If our telephone contact can be attributed to your commercial or self-employed professional activity and we may assume your consent to our call, processing may also be based on our legitimate interest pursuant to Article 6(1)(f) GDPR.

In addition, we may contact you by email if we have received your email address from you in connection with the sale of a product or service, we inform you about our own similar goods or services, you have not objected to such use, and we have clearly and unambiguously informed you at the time of collecting the address and on each occasion of use that you may object to such use at any time without incurring costs other than the transmission costs according to the basic rates. In this case, processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR.

5 CRM System

We may store your data in our Customer Relationship Management (CRM) system, which certain employees of smartPM.solutions can access in accordance with an authorization concept adapted to data protection requirements. For this purpose, we may collect your data and store it in the CRM system. The processing of your data in a CRM system is based on smartPM.solutions’ legitimate interests pursuant to Article 6(1)(f) GDPR. The legitimate interest consists in setting up and maintaining a CRM system for internal administrative and business purposes.

6 Processing for the Preparation and Execution of Contracts

We collect, process, and use personal data of our business partners and customers to the extent necessary for the establishment, content, or modification of the legal relationship with our business partners and customers. We collect, store, and, if necessary, disclose the data to the extent required to facilitate contractual negotiations, the performance of contracts, and the implementation of contractual amendments. The data processed in this context may include, in particular, contact details (e.g., name, academic title, address, email, phone number), contract terms, information regarding contractual services, and business correspondence. If you are our contractual partner, this processing is based on Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. If you are not our contractual partner, but we process your data to fulfill a contract with another contractual partner (e.g., in the case of IT services to be coordinated between us and you for a mutual client), the processing is based on the legitimate interests of us and our contractual partner pursuant to Article 6(1)(f) GDPR.

7 Use of Derived Data

To further develop, optimize, and improve the functionality of our services, we may analyze usage and operational data generated through the use of our services and combine it with corresponding data from other customers. To the extent that personal data is processed in this context, such processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest consists in continuously improving the quality, security, performance, and functionality of our services, as well as adapting them to the needs of our customers. We reuse the combined data exclusively in aggregated and anonymized form. We ensure that the resulting data sets

(i) do not allow any conclusions to be drawn about individual users or customers,

(ii) cannot be used to identify individual users or customers, and

(iii) do not contain any personal data within the meaning of the GDPR.

The use of such anonymized data sets is not subject to the provisions of the GDPR, as there is no longer any personal reference.

8 Data Subject Rights

8.1 Right of Access, Rectification, Erasure, Restriction of Processing, Data Portability

You have the right:

  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as information regarding the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
  • to request, pursuant to Article 16 GDPR, the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
  • to request, pursuant to Article 17 GDPR, the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
  • pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller.

8.2 Withdrawal of Consent

Pursuant to Article 7(3) GDPR, you have the right to withdraw your consent at any time. As a result, we may no longer continue processing the data based on this consent in the future.

If you wish to exercise your right to withdraw consent, please send an email to info@smartpm.solutions.

8.3 Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you may object to the processing of your personal data pursuant to Article 21 GDPR, provided there are grounds arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will honor without requiring you to specify a particular situation.

If you wish to exercise your right to object, please send an email to info@smartpm.solutions.

8.4 Right to Lodge a Complaint

In addition, you have a general right to lodge a complaint with the competent data protection supervisory authority.

 

As of: 17. Juni 2026

Scroll to Top