Legal · GDPR · Austria

Privacy Policy

Name: ScanSustain
Address: Gartenstraße 7, Burgkirchen, 5274, AT
Telephone: +43 664 964 1980

We process personal data strictly in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). This notice explains what data we collect, for what purpose, on which legal basis, and which rights you have as a data subject. Last updated: April 2026.

1. Controller

ScanSustain e.U.
Owner: Ing. Andreas Huemer MSc MBA
Gartenstraße 7
A-5274 Burgkirchen, Austria
E-mail: office@scansustain.com
Phone: +43 664 964 1980

No data protection officer is mandated, as the criteria of Art. 37 GDPR do not apply. Data protection requests should be sent directly to the contact details above.

2. Hosting & Server Log Files

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit the site, the hosting provider automatically collects server log files transmitted by your browser, specifically:

requested page and time of access
transferred data volume and HTTP status code
browser type, browser version, operating system
referrer URL
truncated or pseudonymised IP address

Purpose: technically secure delivery of the website, abuse and attack detection, IT security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a stable, secure website).
Retention: as a rule, maximum 7 days; longer storage only in case of a concrete security incident, for evidentiary purposes.

Processing by IONOS takes place under a data processing agreement (Art. 28 GDPR). IONOS processes data exclusively within the EU/EEA.

3. Contact Form & E-mail Communication

When you use our contact form or the e-mail/phone details provided, we process the data you submit to answer your enquiry and for any follow-up questions.

Data collected: name, e-mail address, company (optional), phone (optional), sector and project details, free-text message, and technical metadata (see server log files).

Purpose: answering your enquiry, project pre-clarification, quotation.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measure) and Art. 6(1)(a) GDPR (consent, confirmed by ticking the privacy checkbox in the form).
Retention: as long as necessary for answering or contract initiation; if a business relationship is initiated, statutory retention periods apply (in particular § 132 Austrian Federal Tax Code, generally 7 years).

Technical handling: the form is encrypted via HTTPS. Messages are sent via the external form service provider Formspree (Formspree, Inc., USA) to office@scansustain.com. No copy is stored in our own database. Spam protection (honeypot, server-side spam filter of the service provider) works purely technically and does not collect personal data.

4. Cookies & Consent Management

We only use cookies and similar technologies where required for the secure operation of the website, and otherwise only with your express, revocable consent.

4.1 Strictly necessary cookies

scs_consent — stores your consent choice so the cookie banner does not reappear on every visit. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in compliant consent documentation). Retention: 180 days.

These cookies are essential for the core functionality of the site and are not subject to prior consent.

4.2 Optional cookies (analytics / marketing)

Analytics and marketing cookies are not set unless you give express consent. The consent banner on your first visit asks for consent per category (necessary / analytics / marketing). Analytics and marketing are off by default. Consent is given solely by active selection.

4.3 Changing or withdrawing consent

You can withdraw your consent at any time for the future. Two options:

Button "Open cookie settings" on this page — reopens the consent settings panel.
Delete the website cookies in your browser — the consent banner will reappear on the next visit.

5. Web Analytics (current status)

At the present time, no active web analytics is deployed on this website. A measurement environment (Google Analytics 4, configured with IP anonymisation and consent gate) is technically prepared but inactive as long as no valid measurement ID is integrated.

Should analytics be activated in the future, this will happen only after explicit consent under Art. 6(1)(a) GDPR. Details on the provider's responsibility (then: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), legal basis, possible third-country transfers under Art. 44 ff GDPR and withdrawal options will be documented here in an updated version of this policy before any tracking script is loaded.

We currently deploy no social media plug-ins, third-party embeds (e.g. YouTube, Vimeo), chat widgets, remarketing pixels, heatmap tools or external font services that would transmit personal data to third parties.

6. Recipients & Processors

Personal data is shared with third parties only if required for contract performance or if there is a legal obligation. Currently relevant recipient categories:

IONOS SE — hosting provider, processor under Art. 28 GDPR, processing within EU/EEA
Professional representatives (tax advisor, legal advisor, auditor) — if and to the extent required in individual cases
Authorities — where legally required (e.g. tax office, court)
Subcontractors — only after prior notice and based on a data processing agreement

No transfer of personal data to third countries outside the EU/EEA currently takes place.

7. Retention

Personal data is stored for as long as necessary for the respective purpose. In detail:

Contact enquiries without contract initiation: deletion after completion, at latest after 12 months
Data in the context of contract initiation or business relationship: 7 years under § 132 BAO
Server log files: maximum 7 days (see section 2)
Consent cookie: 180 days

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

Access (Art. 15 GDPR) — which data we process about you
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR, "right to be forgotten")
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing based on legitimate interests (Art. 21 GDPR)
Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

To exercise these rights, a simple e-mail to office@scansustain.com is sufficient. We will handle your request free of charge within the statutory deadlines.

9. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority if you believe that the processing of your personal data violates the GDPR.

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152–0
E-mail: dsb@dsb.gv.at
Web: www.dsb.gv.at

10. Data Security

We apply technical and organisational measures to protect your data against unauthorised access, loss or manipulation: TLS encryption of the entire website, access restrictions, secure password policies, structured backup processes and continuous review of the systems used. Despite all care, absolute protection during transmission over the internet cannot be guaranteed.

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to changing legal requirements or changes to our services. The current version is available at scansustain.com/en/datenschutz.html. Material changes are marked by updating the date at the top of the page.

Legal note: This privacy policy is a carefully prepared technical and substantive draft. It does not replace individual legal advice. Before live production use, the text should be reviewed with Austrian legal counsel — particularly when extending to analytics services, third-country transfers or new data processing processes.