Privacy policy

Stand: October 2025

We process personal data in accordance with GDPR and Austrian law (including. TKG, UGB/BAO for storage). This declaration provides information about the type, scope and purposes of processing in the context of this website and our services.

§ 1 Information on the collection of personal data

(1) Person responsible:
Racpan & Hölzl AI Solutions GmbH
Gustav Maherl Weg 4
5162 Obertrum am See
Austria
Phone: +43 664 41 22 774
e-mail: kontakt@rhai.at
Web: https://www.rhai.at

(2) Data protection contact: kontakt@rhai.at
(3) In the event of contact (e-mail, form, telephone), we process the data you provide to process the request; deletion after the purpose no longer applies or in accordance with legal deadlines (UGB/BAO).

§ 2 Your rights

Information, rectification, erasure, restriction, data portability, objection, revocation of consents granted; complaint to the data protection authority Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna).

§ 3 Data processing when visiting the website (server logs & cookies)

(1) For purely informational use: IP address, date/time, URL, referrer, user agent, HTTP status, amount of data transferred. Legal basis: Art. 6 para. 1 lit. f GDPR (operation/security).
(2) Cookies/ConsentWe use a cookie/consent tool (e.g. Borlabs or Compliance) to manage your consents. You can adjust/revoke settings at any time (consent footer).
(3) Google Analytics 4 about Google Tag Manageronly with consent (Art. 6 para. 1 lit. a). IP anonymisation activated; provider: Google Ireland Ltd. transfer to third countries in accordance with Art. 46 (SCC). Storage duration GA4 data according to Google settings. Objection at any time in the consent tool.

§ 4 Other functions/offers

(1) Contact forms & appointment bookingName, e-mail, telephone, message/options; legal basis Art. 6 para. 1 lit. b (pre-contractual) or lit. f (balancing of interests).
(2) Calendly (appointment scheduling): Provider Calendly LLC (EU branch, data transfer to the USA based on SCC). Data collected: Contact data, appointment metadata.
(3) Demo callback (AI voice agent)On request, we process contact data and call metadata (time, duration, result) to arrange appointments and follow up (Art. 6 para. 1 lit. b/f). Telephone advertising to non-customers only with prior consent acc. § SECTION 107 TKG.
(4) Newsletter/info (optional)Only with consent (double opt-in); cancellation at any time.

§ 5 Objection/revocation

(1) You can revoke your consent at any time with effect for the future (consent tool/e-mail).
(2) Insofar as we process on the basis of a balancing of interests, you may object; we will then examine the overriding legitimate grounds.

§ 6 Applications

Processing of application data to carry out the procedure (Art. 6 para. 1 lit. b/f, if applicable Art. 9 para. 2 lit. b/a). Deletion generally after 6 months, longer storage with consent.

§ 7 Hosting & order processing

(1) Hosting/Operation at ALL-INKL.COM - New Media Münnich (Germany/EU). Processing in accordance with Art. 28 GDPR (AVV).
(2) E-mail and server services, security and maintenance services are provided as Order processing used. Data processing only according to instructions.

§ 8 Services used

  • Google Tag Manager / GA4 (s. § 3)
  • Calendly (Appointment booking)
  • reCAPTCHA (Spam protection in the form, only with consent/essential depending on configuration)
  • CDN/Fonts: Local integration recommended; external fonts only with consent
  • Social media profiles/links: The terms and conditions of the respective provider apply when calling

§ 9 Data origin, recipients & third countries

(1) Data always originates from you (form, appointment, telephone).
(2) Recipients: hosting providers, appointment/communication and analysis services, contracted agency/IT service providers.
(3) Third countries: only if required for a tool (e.g. Calendly/Google). Protection via SCC (Art. 46).

§ 10 Storage period

We delete/archive personal data after the purpose no longer applies and in accordance with statutory retention obligations (UGB/BAO). Applications generally 6 months; enquiries: 12 months (best practice), provided there are no longer obligations.

§ 11 Security

TLS encryption of the website; technical and organisational measures (access, roles, backups, updates, least privilege).

§ 12 Necessity of provision

Certain information is required for contract conclusion/appointment processing; without this, processing may not be possible.

§ 13 Automated decisions/profiling

No profiling within the meaning of Art. 22 GDPR. (If GA/Ads perform segmentation, then only pseudonymised and on a consent basis).

§ 14 Use of Cookies and Consent Management

Our website uses so-called cookies and similar technologies (e.g., tracking pixels or local storage) to ensure the website’s functionality, improve user-friendliness and enable certain services from third-party providers.

1. General information about cookies

Cookies are small text files that our web server sends to your browser and stores on your end device (e.g., computer, smartphone, tablet) when you visit our website. They do not cause any harm.

A basic distinction is made between:

  • Technically necessary (essential) cookies: Required for the basic operation and functionality of the website (e.g., storing log-in information, shopping-cart functions or cookie-consent settings).[8, 28]
  • Technically non-essential cookies: erve other purposes such as analyzing user behavior (analytics cookies), delivering personalized advertising (marketing cookies), or providing extended functionality (functional cookies).[8, 28]
  • First-party cookies: Set by our own website.
  • Third-party cookies: Set by third-party providers whose services are embedded on our website (e.g., Google Analytics, Meta Pixel).
  • Session cookies: Deleted automatically when you end your visit (close the browser).[43]
  • Persistent cookies: Remain on your end device after your visit and can be deleted by you. They help us recognize your browser on your next visit.

2. Legal bases for cookies and similar technologies

The legal bases for the use of cookies and similar technologies on our website follow from Austrian telecommunications law (TKG 2021) and the GDPR:

  • Technically necessary cookies: Storing information or accessing information already stored on your device is permitted without consent if it is strictly necessary to transmit a message or to provide the service expressly requested by you (Sec. 165 (3) TKG 2021). Any processing of personal data that then occurs is based on our legitimate interests in operating a secure and functional website (Art. 6 (1) (f) GDPR).[8, 28]
  • Technically non-essential cookies (analytics, marketing, etc.): These require your consent before being set or read on your device (Sec. 165 (3) TKG 2021). Where personal data are processed, the legal basis is your consent (Art. 6 (1) (a) GDPR).

This separation of legal bases is important. Sec. 165 TKG 2021 regulates access to information on the end device, while the GDPR governs the subsequent processing of any personal data. Proper consent management prevents unlawful data processing.

3. Consent management (cookie banner)

To obtain your consent for technically non-essential cookies and similar technologies, we use a Consent Management Platform (CMP), which is displayed as our cookie banner.

This tool enables you to make an informed and voluntary choice about which data processing and cookies you consent to. It is implemented in accordance with the requirements of the GDPR, the TKG 2021, and—where applicable—the guidelines of the data protection authorities. [28, 29, 44]

  • No cookies before consent: No technically non-essential cookies are set, and no information is read from your device, until you have given active consent.
  • Active and unambiguous consent: Your consent must be given by a clear, affirmative action (e.g., clicking an “Accept” button). Simply continuing to browse the site or using preconfigured browser settings does not constitute consent. Pre-ticked boxes for non-essential cookies are not permitted. [17, 18, 28]
  • Voluntariness: Giving consent is voluntary. You will not suffer any disadvantage if you withhold or refuse consent. Access to the website is not generally denied if you do not consent (no “cookie wall” by default). [17, 28] Under certain circumstances, an alternative access model (“pay or okay”) may be permissible if users can choose between consenting and a paid, tracking-free use. [28] We do not use such a model on our website.
  • Equal choice options: The option to refuse consent or to accept only necessary cookies must be as easy and as prominent as the option to accept all cookies. In particular, a “Reject” or “Accept only necessary” button must be designed equally (size, color, placement) and may not be hidden or harder to find than the “Accept” button. So-called “dark patterns” or “nudging” that push users toward consent are not allowed. [28, 29, 44]
  • Granular choice: You can give or withhold consent separately for different categories of cookies (e.g., analytics, marketing) and even for individual providers.
  • Information: The banner clearly and comprehensibly informs you about the purposes of processing, the technologies used, the providers and storage duration, or links to more detailed information in our privacy policy and/or the consent tool itself. [28]
  • Right to withdraw: You are informed how and where you can withdraw your consent at any time with effect for the future (see next section).

The proper design of the cookie banner is crucial for legal compliance and is a frequent reason for warnings in Austria. Strict adherence to the criteria above—especially offering equivalent refusal options—is therefore essential.

Scroll to Top