Data Privacy Statement

Information pursuant to Articles 13 and 14 GDPR - Data Privacy Statement

We are committed to protecting personal data. The use of our website and our business activities generally involve the processing of personal data. To provide transparency, we inform you in this data privacy statement about how we process personal data and what rights you have in this context. Should you have further questions, our contact details can be found below.

1. Responsible Entity

Justament Consulting OG
Franz-Josefs-Kai 29/508
1010 Vienna

E-Mail: office@justament-consulting.at

2. Data Processing

2.1 General Information

We process personal data in compliance with applicable data protection laws, particularly the General Data Protection Regulation (GDPR, Regulation [EU] 2016/679) and the Austrian Data Protection Act (DSG). Processing occurs only on a legal basis (notably as per Article 6(1)(a–f) GDPR), which is detailed for each type of data processing below. All employees involved in processing are obligated to maintain the confidentiality of your data (data secrecy). We do not engage in automated decision-making.

As a rule, we collect personal data directly from the data subject. In some cases, we collect and store personal data (e.g., name, contact information) through correspondence with customers and business partners or from publicly available sources (e.g., directories, websites, company registers), based on Article 6(1)(f) GDPR. In such cases, the collection is not directly from the data subject but necessary for service delivery or contact and administration purposes, forming the basis of our legitimate interest.

2.2 Operation of Our Website

Every time our website (https://justament-consulting.at or https://justament-consulting.com) is accessed, your computer (device) or browser automatically transmits certain information to enable the visit or operation of the website:

• IP address
• Date and time of request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (page/content accessed)
• Access status/HTTP(S) status code
• URL of the previously visited website
• Browser and browser version
• Operating system and its interface

This data is stored in the log files of our web hosting provider, Hetzner Online GmbH. This data is not stored together with other personal data of the user.

Our website does not use cookies or tracking technology.

Legal Basis and Purpose of Data Processing

The legal basis for processing the data and temporarily storing it in log files is Article 6(1)(f) GDPR. The temporary storage of this data by the system is necessary to deliver the website to the user's device. Log file storage ensures the website's functionality, optimization, and the security of our IT systems, including ensuring the integrity, confidentiality, and availability of data processed through our website. These purposes constitute our legitimate interest under Article 6(1)(f) GDPR.

Duration of Storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For data collected to provide the website, this is the case when the respective session ends. Data stored in log files is deleted after a maximum of seven days unless further processing is required to investigate a (suspected) attack. Personal data generated by operating the website is transmitted to third parties (e.g., experts or competent authorities) solely in case of a (suspected) data security incident or criminal activity.

2.3 Social Media

We use social media to present our work through common communication channels. Each social media platform has its own policies governing how your personal data is processed when accessing its pages. For example, when accessing a LinkedIn link, you will be prompted to explicitly accept LinkedIn's cookies. If you have concerns or questions regarding the use of your personal data, carefully review the privacy policies of social media providers before using their services:

• https://www.linkedin.com/legal/privacy/eu
• https://www.whatsapp.com/privacy

2.4 Provision of Services and Customer Support (including Sales and Administration)

We process personal data to provide our services, support customers, and manage documentation and administration. The legal bases for processing data include contract fulfillment or pre-contractual measures (Article 6(1)(b) GDPR) if the individual is a direct party to the contract, compliance with legal obligations (Article 6(1)(c) GDPR), and our legitimate interests (Article 6(1)(f) GDPR), particularly in asserting or defending legal claims and for internal business administration.

For contract conclusion, providing certain personal data is legally or contractually required; otherwise, the contract cannot be concluded, nor the services provided.

2.5 Contact and Online Appointment Booking

When contacting us (e.g., via online appointment booking or email), the details provided by the inquirer (name, contact details, other information) are processed for documentation, handling, and responding to the inquiry. Mandatory fields required to address inquiries are marked accordingly. Additional information is voluntary.

The processing of this data is based on our legitimate interest in proper documentation, handling, and responding to the inquiry (Article 6(1)(f) GDPR). For inquiries within an ongoing customer relationship or in preparation for a business relationship, we rely on contract fulfillment or pre-contractual measures (Article 6(1)(b) GDPR).

We use Microsoft Bookings for scheduling appointments. Personal data is processed according to Microsoft's privacy policy: https://www.microsoft.com/en-us/privacy/privacystatement. Alternatively, appointments can be made by phone or email using the contact details on our website.

3. Data Retention Period

Unless otherwise stated, personal data is stored for as long as necessary to achieve the stated purposes or as legally required. For business records, contracts, or bookings, data is retained per statutory obligations (e.g., a minimum of 7 years under Austrian commercial law).

Inquiries are stored for up to three years after resolution unless longer retention is required for compliance or legal claims.

4. Rights of Data Subjects

If the legal requirements are met, you can exercise the following rights:

• Right to Access: Information about your personal data processed by us (Article 15 GDPR).
• Right to Rectification: Correct inaccuracies in your data (Article 16 GDPR).
• Right to Erasure: Deletion of your data if conditions are met (Article 17 GDPR).
• Right to Restriction: Restrict processing of your data (Article 18 GDPR).
• Right to Data Portability: Receive your data in a portable format (Article 20 GDPR).

You can also object to processing based on legitimate interests (Article 21 GDPR) or withdraw consent at any time. Contact us to exercise these rights.

4.1 Right to Lodge a Complaint

You can lodge a complaint with your local supervisory authority (in Austria: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at) if you believe data processing violates the GDPR. Please contact us first to resolve any issues.

5. Changes to this Privacy Statement

We reserve the right to update this privacy statement to reflect changes in legal requirements or services. The updated statement applies upon your next visit.