Privacy Policy
- Introduction and Overview
- Scope
- Legal Bases
- Controller Contact Details
- Storage Duration
- Rights under GDPR
- Data Transfer to Third Countries
- Data Processing Security
- Communication
- Contact Form
- Spam Protection (Cloudflare Turnstile)
- Data Processing Agreement
- Cookies
- Web Hosting (Hetzner)
- Web Analytics (Google Analytics)
- Appointment Booking (Cal.com)
- Social Media
Introduction and Overview
We have written this privacy policy (version 26.03.2025-122956231) to explain to you, in accordance with the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data we as the controller and our processors (e.g. providers) process, will process in the future, and what lawful options you have.
If you still have questions, please contact the responsible party listed below or in our legal notice.
Scope
This privacy policy applies to all personal data processed by us and by companies we have commissioned (processors). The scope includes:
- our website sadu.at
- our presence on LinkedIn
- email communication and phone contact
Legal Bases
We only process your data if at least one of the following conditions applies:
- Consent (Art. 6(1)(a) GDPR): You have given us consent to process data for a specific purpose.
- Contract (Art. 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you.
- Legal obligation (Art. 6(1)(c) GDPR): If we are subject to a legal obligation.
- Legitimate interests (Art. 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights.
In addition to the EU regulation, national laws apply: in Austria the Data Protection Act (DSG), in Germany the Federal Data Protection Act (BDSG).
Controller Contact Details
If you have questions about data protection, you will find the contact details of the controller below (Art. 4(7) GDPR):
SADU Development e.U.
Gussriegelstrasse 40/2/45
A-1100, Wien
Austria
Sandin Dulic
E-Mail: hallo@sadu.at
Telefon: +43 699 18 19 1484
Storage Duration
We only store personal data for as long as is necessary for the provision of our services. Once the reason for processing no longer exists, the data is deleted. In some cases, we are legally required to retain certain data beyond the original purpose, for example for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to store it.
Rights under the GDPR
Under Articles 13 and 14 of the GDPR, you have the following rights:
- Right of access (Art. 15): You can find out whether and what data we process about you.
- Right to rectification (Art. 16): You can request the correction of incorrect data.
- Right to erasure (Art. 17): You can request the deletion of your data.
- Right to restriction (Art. 18): You can request that we restrict processing.
- Right to data portability (Art. 20): You can receive your data in a common format.
- Right to object (Art. 21): You can object to processing.
- Right to lodge a complaint (Art. 77): You can complain to a supervisory authority.
Supervisory authority for Austria: Austrian Data Protection Authority, www.dsb.gv.at. In Germany, each federal state has its own data protection officer.
Data Transfer to Third Countries
We only transfer data to countries outside the GDPR (third countries) if you consent or there is other legal permission. Through the use of Google Analytics and Cal.com, data is transferred to the USA. Both providers participate in the EU-US Data Privacy Framework. More information: EU Commission
Data Processing Security
To protect personal data, we have implemented both technical and organizational measures. Our website is served exclusively via HTTPS (TLS encryption). Where possible, we encrypt or pseudonymize personal data.
Communication
Affected: All who communicate with us by phone, email, contact form or appointment booking
Processed data: Name, email address, phone number, message contents, appointment selection
Purpose: Handling communication with clients and prospects
Storage duration: Duration of the business case and legal requirements
Legal bases: Art. 6(1)(a) (Consent), (b) (Contract), (f) (Legitimate interests)
When you contact us by phone, email, through the contact form, or through the appointment booking on our website, personal data may be processed. The data is processed to handle your inquiry and is deleted once the business case has ended and legal requirements allow.
Contact Form
When you use our contact form, your name, email address, and message are transmitted to us by email. Processing is based on your consent (Art. 6(1)(a) GDPR), which you give by activating the checkbox before submitting. Your data is used exclusively to process your inquiry and is not shared with third parties.
Spam Protection (Cloudflare Turnstile)
Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
Processed data: IP address, browser information, interaction data
Purpose: Protecting the contact form from automated abuse
Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)
To protect our contact form from spam and automated abuse, we use Cloudflare Turnstile. When submitting the form, a request is sent to Cloudflare to verify that the input comes from a human. Cloudflare may process your IP address and browser information. Cloudflare participates in the EU-US Data Privacy Framework.
Cloudflare privacy policy: cloudflare.com/privacypolicy
Data Processing Agreement
We work with external service providers who may process personal data on our behalf. We have concluded contracts with these processors in accordance with Art. 28 GDPR. Our processors include:
- Hetzner Online GmbH (web hosting)
- Google Ireland Limited (Google Analytics)
- Cal.com, Inc. (appointment booking)
- Cloudflare, Inc. (contact form spam protection)
Cookies
Affected: Website visitors
Purpose: Website functionality, analysis of user behavior
Storage duration: depending on the cookie, from session to 2 years
Legal bases: Art. 6(1)(a) (Consent), (f) (Legitimate interests)
Our website uses cookies. We distinguish between:
- Technically necessary cookies: Required for website operation (e.g. language settings). Legal basis: Art. 6(1)(f) GDPR.
- Analytics cookies: Set by Google Analytics to analyze user behavior. Legal basis: Art. 6(1)(a) GDPR (your consent).
- Third-party cookies: The embedded Cal.com widget may set its own cookies (see Appointment Booking section).
You can delete, deactivate or partially allow cookies at any time in your browser settings.
Web Hosting (Hetzner)
Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
Processed data: IP address, time of visit, pages accessed, browser, operating system
Storage duration: Server log files are typically deleted after 14 days
Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)
Our website is hosted on servers of Hetzner Online GmbH in Germany. When you access our website, information is automatically stored in server log files. This is technically necessary to deliver the website and ensure security. The data is not merged with other data sources.
Hetzner privacy policy: hetzner.com/legal/privacy-policy
Web Analytics (Google Analytics)
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Processed data: IP address (anonymized), page views, time on site, device information, approximate location, referrer
Storage duration: 14 months (Google Analytics 4 default)
Legal basis: Art. 6(1)(a) GDPR (Consent)
Data transfer: USA (Google LLC participates in the EU-US Data Privacy Framework)
We use Google Analytics 4, a web analytics service by Google Ireland Limited. Google Analytics uses cookies to analyze the use of our website. Your IP address is truncated by Google within the EU/EEA before transmission.
Google Analytics is only activated with your consent. You can revoke your consent at any time. You can also prevent data collection by installing the Google browser add-on: tools.google.com/dlpage/gaoptout
Google privacy policy: policies.google.com/privacy
Appointment Booking (Cal.com)
Provider: Cal.com, Inc., San Francisco, USA
Processed data: Name, email address, selected appointment, timezone, IP address
Purpose: Online appointment booking for initial consultations
Storage duration: Until deletion of the appointment or after business conclusion
Legal basis: Art. 6(1)(b) GDPR (Contract/pre-contractual measures)
Data transfer: USA (Cal.com participates in the EU-US Data Privacy Framework)
We embed an appointment booking widget by Cal.com, Inc. on our website. When you book an appointment, your data (name, email address, appointment selection) is transmitted to Cal.com and processed there. The widget may set cookies and collect your IP address when loading.
This is based on Art. 6(1)(b) GDPR, as the appointment booking serves to initiate a contractual relationship. If you do not wish to book online, you can contact us by email or phone.
Cal.com privacy policy: cal.com/privacy
Social Media
We maintain a presence on LinkedIn (Profile). On our website, we only link to this profile. No data is transferred to LinkedIn and no social media plugins or tracking pixels are embedded. When you click the link and visit LinkedIn, LinkedIn's privacy policy applies: linkedin.com/legal/privacy-policy
All texts are protected by copyright.