Legal · GDPR · Austria

Privacy Policy

Name: ScanSustain
Address: Gartenstraße 7, Burgkirchen, 5274, AT
Telephone: +43 664 964 1980

We process personal data strictly in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). This notice explains what data we collect, for what purpose, on which legal basis, and which rights you have as a data subject. Last updated: April 2026.

1. Controller

Ing. Andreas Huemer MSc MBA
Sole proprietor (Einzelunternehmer), SCANSUSTAIN (non-registered business designation)
Gartenstraße 7
A-5274 Burgkirchen, Austria
E-mail: office@scansustain.com
Phone: +43 664 964 1980

No data protection officer is mandated, as the criteria of Art. 37 GDPR do not apply. Data protection requests should be sent directly to the contact details above.

2. Hosting & Server Log Files

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. When you visit the site, the hosting provider automatically collects server log files transmitted by your browser, specifically:

requested page and time of access
transferred data volume and HTTP status code
browser type, browser version, operating system
referrer URL
truncated or pseudonymised IP address

Purpose: technically secure delivery of the website, abuse and attack detection, IT security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a stable, secure website).
Retention: as a rule, maximum 7 days; longer storage only in case of a concrete security incident, for evidentiary purposes.

Processing by IONOS takes place under a data processing agreement (Art. 28 GDPR). IONOS processes data exclusively within the EU/EEA.

3. Contact Form & E-mail Communication

When you use our contact form or the e-mail/phone details provided, we process the data you submit to answer your enquiry and for any follow-up questions.

Data collected: name, e-mail address, company (optional), phone (optional), sector and project details, free-text message, and technical metadata (see server log files).

Purpose: answering your enquiry, project pre-clarification, quotation.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measure) and Art. 6(1)(a) GDPR (consent, confirmed by ticking the privacy checkbox in the form).
Retention: as long as necessary for answering or contract initiation; if a business relationship is initiated, statutory retention periods apply (in particular § 132 Austrian Federal Tax Code, generally 7 years).

Technical handling: the form is encrypted via HTTPS. Submissions are processed by the external form service provider Formspree, Inc. (2100 Geng Rd, Suite 210, Palo Alto, CA 94303, USA) and forwarded by e-mail to office@scansustain.com. Formspree receives the form data, forwards it to us and also stores it in the submission archive of our Formspree account for as long as the data is needed there to track the enquiry. Once received, the data is additionally held in our e-mail mailbox at IONOS SE (server location EU). Deletion and any further retention follow the purposes and periods set out in section 7.

Third-country transfer (USA): Formspree, Inc. is based in the USA. The transfer and processing of personal data in the USA takes place on the basis of Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR between controller and processor. Further information: Formspree Privacy Policy.

Spam protection: honeypot field and server-side spam filter of Formspree operate on a purely technical level and do not collect additional personal data.

4. Cookies & Consent Management

We only use cookies and similar technologies where required for the secure operation of the website, and otherwise only with your express, revocable consent.

4.1 Strictly necessary cookies

scs_consent — stores your consent choice so the cookie banner does not reappear on every visit. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in compliant consent documentation). Retention: 180 days.

These cookies are essential for the core functionality of the site and are not subject to prior consent.

4.2 Optional cookies (analytics / marketing)

Analytics and marketing cookies are not set unless you give express consent. The consent banner on your first visit asks for consent per category (necessary / analytics / marketing). Analytics and marketing are off by default. Consent is given solely by active selection.

4.3 Changing or withdrawing consent

You can withdraw your consent at any time for the future. Two options:

Button "Open cookie settings" on this page — reopens the consent settings panel.
Delete the website cookies in your browser — the consent banner will reappear on the next visit.

5. Web Analytics (current status)

At the present time, no active web analytics is deployed on this website. A measurement environment (Google Analytics 4, configured with IP anonymisation and consent gate) is technically prepared but inactive as long as no valid measurement ID is integrated.

Should analytics be activated in the future, this will happen only after explicit consent under Art. 6(1)(a) GDPR. Details on the provider's responsibility (then: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), legal basis, possible third-country transfers under Art. 44 ff GDPR and withdrawal options will be documented here in an updated version of this policy before any tracking script is loaded.

We currently deploy no social media plug-ins, third-party embeds (e.g. YouTube, Vimeo), chat widgets, remarketing pixels, heatmap tools or external font services that would transmit personal data to third parties.

6. Recipients & Processors

Personal data is shared with third parties only if required for contract performance or if there is a legal obligation. Currently relevant recipient categories:

IONOS SE — hosting provider, processor under Art. 28 GDPR, processing within EU/EEA
Formspree, Inc. (USA) — processor for technical reception of contact form enquiries (see section 3); third-country transfer under Standard Contractual Clauses, Art. 46(2)(c) GDPR
Professional representatives (tax advisor, legal advisor, auditor) — if and to the extent required in individual cases
Authorities — where legally required (e.g. tax office, court)
Subcontractors — only after prior notice and based on a data processing agreement

Transfers of personal data to third countries currently take place only to Formspree, Inc. (USA) in the context of contact form processing (see section 3). No further third-country transfers take place.

7. Retention

Personal data is stored for as long as necessary for the respective purpose. In detail:

Contact enquiries without contract initiation: deletion after completion, at latest after 12 months
Data in the context of contract initiation or business relationship: 7 years under § 132 BAO
Server log files: maximum 7 days (see section 2)
Consent cookie: 180 days

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

Access (Art. 15 GDPR) — which data we process about you
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR, "right to be forgotten")
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing based on legitimate interests (Art. 21 GDPR)
Withdrawal of consent with effect for the future (Art. 7(3) GDPR)

To exercise these rights, a simple e-mail to office@scansustain.com is sufficient. We will handle your request free of charge within the statutory deadlines.

9. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority if you believe that the processing of your personal data violates the GDPR.

Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna, Austria
Phone: +43 1 52 152–0
E-mail: dsb@dsb.gv.at
Web: www.dsb.gv.at

10. Data Security

We apply technical and organisational measures to protect your data against unauthorised access, loss or manipulation: TLS encryption of the entire website, access restrictions, secure password policies, structured backup processes and continuous review of the systems used. Despite all care, absolute protection during transmission over the internet cannot be guaranteed.

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to changing legal requirements or changes to our services. The current version is available at scansustain.com/en/datenschutz.html. Material changes are marked by updating the date at the top of the page.