Privacy Policy

I. Overview

Please get a picture of how we process your personal data when you use the implemented AI-Services (hereinafter "Services") or otherwise have a business relationship with us (Art 13, Art 14 GDPR; section 165 para 3 TKG [“Austrian Telecommunication Act”]).

If you are merely visiting our website, please note point III.

II. What data do we process when you use our Services and who may receive your data?

When using our Services, the following data may be processed of the following data subjects:

Users of the Services; Employees of the User:

  • Name
  • E-mail address,
  • Employers,
  • Profession,
  • Language,
  • Services Preferences,
  • Notification Preferences,
  • Addresses,
  • All data required in the course of maintenance,
  • LogIn-Data (E-Mail)
  • Screening (clients)/Incident tickets in case of maintenance,
  • All documents and personal data required in a business relationship (eg. invoices, proposals, time tracking, tasks, projects),
  • Payment data,
  • All personal data put in the AI-System.

The processing of this data is necessary to ensure the security of the operation of the Services and to ensure the functionality of the Services. The processing of this data is justified by our legitimate interest in the operation of our Services as well as contractual and legal obligations (Art 6 para 1 lit b, c and f GDPR).

In order to operate our Services, it may be necessary for us to disclose your information to the following recipients:

Recipients of the dataPurpose of the data processingLegal justificationLocationBasis for transfer to a third country [1]
ScalewayServer ProviderLegitimate Interest (Art 6 para 1 lit f GDPR); contractual obligation (Art 6 para 1 lit b GDPR)FranceWithin the EU
DataCrunch OyServer ProviderLegitimate Interest (Art 6 para 1 lit f GDPR); contractual obligation (Art 6 para 1 lit b GDPR)FinlandWithin the EU
Auth0, Inc.User authenticationLegitimate Interest (Art 6 para 1 lit f GDPR); contractual obligation (Art 6 para 1 lit b GDPR)USEU-US Data Privacy Framework (regarding Non-HR Data)
Stripe, Inc.Payment ProviderContractual necessity (Art 6 para 1 lit b GDPR)USEU-US Data Privacy Framework

III. What data do we process when you visit our website?

Welcome to our website! Please get a picture of how we process your personal data when you visit our website (Art 13, Art 14 GDPR; section 165 para 3 TKG).

When you visit our website, the following data may be processed:

  • Browser Type,
  • operating system,
  • Employers,
  • country,
  • date,
  • time and duration of access,
  • IP address and pages
  • contact section on website,
  • device data: We may store personal data from your device. Such data includes geolocation data, IP address, unique identifiers (e.g. MAC address),
  • data you enter via a contact form,
  • email address,
  • user-interactions (e.g. button-clicks),
  • Payment data (credit card),
  • Account type,
  • Company name,
  • Business tax ID,
  • Choosen Model

The processing of this data is necessary to manage the security of the operation of the website and to ensure the functionality of the website from a technical point of view. The collection of this data is partly carried out via technical cookies. These technical cookies are only used to the extent necessary (section 165 Abs 3 TKG). The processing of this data is justified by our legitimate interest in operating our website (Art 6 para 1 lit f GDPR).

When you visit our website, the following recipient may receive your data:

Recipient of dataPurpose of data processingLegal justificationLocationBasis for transfer to third country
ScalewayHosting of the WebsiteLegitimate interest (Art 6 para 1 lit f GDPR)FranceWithin the EU

IV. Overview of the “technical” cookies used

The above-mentioned data is stored using so-called “cookies”. Cookies are text files that are stored on your computer and enable your use of the website to be analyzed. They are used to recognize and store temporary data of the website visitor. We only use cookies to the extent necessary to communicate with you via the website. These technical cookies are activated as soon as you visit our website.

The following cookies are used on our website on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR):

Name of the CookiesPurposeRemuneration periodeSeat of the recipientPurpose of the data transfer
__stripe_midTechnical purposes1 dayUSAUsed by Stripe to facilitate payment.

V. Overview of the "advertising cookies" used

In addition to the “technical cookies” described above, we also use so-called advertising cookies (including “statistical cookies”). These advertising cookies make it possible to better understand and evaluate your interests. With the help of advertising cookies, we can merge your “surfing behavior” across the boundaries of our website with data from other websites. This enables us to better understand the interests of our website visitors and to address them in a more targeted manner.

We respect the fact that not every visitor to the website wants this. We therefore only process your data in the course of advertising cookies if you consent to this (Art. 6 para 1 a GDPR). You can revoke this consent at any time, whereby the data processing carried out up to the time of revocation remains justified.

A current list of cookies can be found in the following cookie policy:

Name of the CookiesPurposeRemuneration periodeSeat of the recipientPurpose of the data transfer
_ga (Google)Statistical purposes2 yearsUSARegisters a unique ID that is used to generate statistical data about how he or she uses the website.
_gat (Google)Statistical purposes1 dayUSAUsed by Google Analytics to differentiate between users.
_ga_GTM-TV2DDNTX (Google)Statistical purposes1 dayUSAUsed by Google Analytics to differentiate between user session.

VI. For what purposes do we process your data when we have a business relationship or you use our Services?

In the course of our business relationship with customers or users, we process data on the basis of contractual (processing of the contractual relationship, pre-contractual obligations, billing for services, dispatch of documents, communication for the processing of the contract) and legal obligations (legally required storage within the meaning of section 132 BAO; section 212 UGB [“Austrian Commercial Act”]) (Art 6 para 1 lit b and c GDPR) as well as on the basis of our legitimate interests or on the basis of legitimate interests of third parties (Art 6 para 1 lit f DSGVO), namely:

  • for the purpose of internal administration and management of the business case to the extent necessary (e.g.: Processing your business case, forwarding your business case to various departments, filing, archiving purposes, correspondence with you);
  • for the purpose of providing the Services;
  • all of your data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices;
  • we point out, that we may process data for advertising purposes on the basis of legitimate interests (Art 6 para 1 lit f GDPR). You may object to this form of data processing at any time (Art 21 para 2 GDPR).
  • for the purpose of law enforcement;
  • for the purpose of conducting investor due diligence;

in each case to the extent necessary. The processing of your data serves the initiation, maintenance and handling of our business relationships. If you do not provide us with this data, we will unfortunately not be able to provide you with the Services.

The processing of your data can also be based on consent (Art 6 para 1 lit a GDPR). This consent can be revoked at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

VII. How long do we store your data

We will only store your data for as long as is necessary for the purposes for which we collected your data. In this context, legal storage obligations must be taken into account (for example, for reasons of tax law, contracts and other documents from our contractual relationship must generally be stored for a period of seven years (section 132 BAO)). In justified individual cases, such as for the assertion and defense of legal claims, we may also store your data for up to 30 years after termination of the business relationship.

We store data of interested parties (e.g. visitors to the website or possible cooperation partners) for up to one year from the time of the last contact by the interested party.

We point out that all data will be irretrievably deleted 30 days after deletion of the account.

VIII. Collection of data from other sources

In the course of a business relationship or the initiation thereof, it is naturally necessary to conduct research on the business partner. This is done exclusively to the extent required for this purpose. In this context, data may be retrieved and processed from the following sources:

Source of dataPurpose of data processingLegal justificationLocationProcessed data
Google, LLCSingle sign inConsensus (Art 6 para 1 lit a GDPR)USGoogle-ID to register
MicrosoftSingle sign inConsensus (Art 6 para 1 lit a GDPR)USMicrosoft-ID to register.
LinkedIn Inc.Single sign inConsensus (Art 6 para 1 lit a GDPR)USLinkedIn-ID to register.
Github Inc.Single sign inConsensus (Art 6 para 1 lit a GDPR)USGithub-ID to register.

IX. Does automated decision-making and/or profiling take place (Art 13 (2) lit f GDPR)?

No automated decision-making or profiling takes place in our company.

X. What rights do you have with regard to data processing?

We would like to inform you that you have the right, provided that the legal requirements are met:

  • You have the right to request information about which of your data is processed by us (see in detail Art 15 GDPR).
  • You have the right to request the correction or completion of incorrect or incomplete data concerning you (see in detail Art. 16 of the GDPR).
  • The right to have your data deleted (see in detail Art 17 GDPR).
  • The right to object to processing of your data that is necessary to protect our legitimate interests or those of a third party (see in detail Art 21 of the GDPR). This Serviceslies in particular to the processing of your data for advertising purposes.
  • You have the right to receive the transfer of the data provided by you in a structured, common and machine-readable format.

If we process your data on the basis of your consent, you have the right to revoke this consent at any time by e-mail. This will not affect the lawfulness of the data processing carried out up to this point (Art 7 para 3 GDPR).

XI. Do you have a right to complain?

If, contrary to our expectations, there is a violation of your right to lawful processing of your data, please contact us by mail or e-mail. We will make every effort to process your request promptly. You also have the right to lodge a complaint with the supervisory authority responsible for data protection matters. In Austria, this is the: Data protection authority (“Datenschutzbehörde”) based in Vienna, Austria.

XII. Opportunity to get in contact

If you have any further questions about the processing of your data, please feel free to contact our data protection coordinator using the contact details below.

XIII. Controller

The Controller in the sense of Art 4 Z 7 GDPR is:
  • Cortecs GmbH
  • Schottengasse 10
  • 1010 Vienna, Austria
  • E-Mail: office@cortecs.ai
  • Tel: +43 680 3230395
  • [1] "Third Country" includes all countries other than (1) the Member States of the European Union and (2) the Member States of the European Economic Area, which means, in addition to the EU Member States, Iceland, Liechtenstein and Norway.