This Privacy Policy informs you about the scope and purpose of the processing of personal data (hereinafter referred to as “Data”) by our company, in particular with regard to visitors of our website and social media accounts, but also generally in the context of performance of con-tracts and communication with our customers, stakeholders and other data subjects.

With regard to the terminology used, e.g. “personal data”, “data subject”, “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1. Controller:

ARIAN Gesellschaft m.b.H
Wünschendorf 160
8200 Gleisdorf, Austria
FN 373548 k
Tel.: +43 3112 / 3243
E-Mail: datenschutz@arian.com

2. Categories of data processed:

  • name (first and last name, company name),
  • contact data (address, email, phone no.),
  • registration data (VAT, company register no.),
  • payment transaction data (bank details),
  • internet data (IP address, surfing habits).

Basically, we do not process special categories of personal data according to Art. 9, 10 GDPR (“sensitive data”).

3. Categories of data subjects:

The processing of personal data concerns in particular

  • customers and stakeholders,
  • suppliers,
  • consultants,
  • service provider,
  • visitors of our website and social media ac-counts.

4. Purposes of and legal bases for processing:

We process your personal data in accordance with the provisions of the GDPR

  • for the performance of contracts (Art. 6 para. 1 lit. b) GDPR): The processing of personal data takes place in the context of performance of our contracts and the execution of your orders as well as all related activities.

  • for compliance with legal obligations (Art. 6 (1) lit. c) GDPR): Processing of personal data may be carried out for the purpose of compliance with various statutory obligations (eg. Companies Act, tax regulations).

  • in the context of your consent (Art. 6 (1) (a) GDPR): If you have given us consent to the processing of your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. A consent granted may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).

  • for the purposes of legitimate interests (Art. 6 para. 1 lit. f) GDPR): If necessary, and if there are legitimate interests on our part, data processing may take place beyond the actual performance of the contract. Data processing for the purposes of legitimate interests takes place in particular in the following cases:

    • consultation and exchange of data with credit agencies (eg Österreichischer Kreditschutzverband 1870) for the identification of credit and default risks;
    • measures for business control, further development of services and products;
    • measures to protect employees and customers as well as company property;
    • in case of legal proceedings.

5. Transmission and processing of data on be-half of the controller:

If we transmit data to third parties (processors) or grant third parties access to data, this will only be done on a lawful basis (eg if a transmission of the data to third parties, such as to payment service providers, in accordance with Art. 6 para. 1 letter b) GDPR is required for performance of a contract, or if your consent is given, or compliance with a legal obligation requires it, or for the purpose of our legitimate interests).

Data may in particular be transmitted to:

  • hosting providers,

  • consultants for taxes, economics and law,

  • service providers with regard to customer care, accounting, billing and similar services, which support us performing our contractual obligations, administrative tasks and legal ob-ligations efficiently and effectively.

Insofar as we engage third parties (processors) to process data on basis of a data processing agreement, this is done in compliance with Art. 28 GDPR.

6. Transmission of data to third countries:

Basically, personal data is not transmitted to third countries (ie outside the European Union or the European Economic Area). If we process data in a third country or if this is done by third parties on basis of a data processing agreement, this will only be done on a lawful basis and in compliance with Art 44 et. seq. GDPR against specific guarantees, such as the official recognition of an EU-compliant level of data security (for example, the US Privacy Shield) or the observance of officially recognized special contractual obligations (so-called “standard contractual clauses”).

7. Rights for data subjects:

  • Right of access: According to Art. 15 GDPR, you have the right to obtain information and confirmation as to whether or not your personal data are being processed and you may request a copy of the relevant data.
  • Right to rectification: In accordance with Art. 16 GDPR, you have the right to have incomplete personal data completed and to obtain the rectification of inaccurate personal data.
  • Right to erasure:In accordance with Art. 17 GDPR, you have the right to obtain the erasure of your personal data without undue de-lay, if certain conditions are met.
  • Right to restriction of processing: According to Art. 18 GDPR, they have the right to obtain restriction of processing, if certain conditions are met.
  • Right to data portability: In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning your person and to request their transmission to another controller.
  • Right of Withdrawal: You have the right to withdraw your granted consent in accordance with Art. 7 para. 3 GDPR (not affecting the lawfulness of processing based on con-sent before its withdrawal) at any time.
  • Right of objection: In accordance with Art 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
  • Right of appeal: You also have according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority.

8. Erasure of data:

In accordance with Art. 17 and 18 GDPR the data being processed by us is erased or their processing is restricted as soon as they are no longer needed for their intended purpose, if the erasure does not conflict with statutory retention obligations. If the data is not deleted because it is required for other purposes of the legitimate interests, its processing will be restricted. This means the data is blocked and not processed for other purposes. This applies, for example for data that must be kept because of obligations arising from corporate or tax legislation.

According to legal requirements, the storage takes place in particular for 7 years in accordance with § 132 para. 1 BAO (Austrian Federal Tax Code) for accounting documents, receipts, invoices, accounts, receipts, business papers, statement of income and expenses, etc.

9. Customer Relationship Management:

We use the cloud-based customer relationship management software “Zoho CRM” to manage our customer contacts and contract data as well as the best possible customer support in the field and in-house. In Zoho CRM, order-re-lated contact and contract data are processed.

The data is stored exclusively on servers that are physically located within the European Un-ion. Zoho offers a very high standard of data protection and data security and meets all requirements of the GDPR in this regard. The security and privacy policy of Zoho can be viewed at the following links:



10. Hosting:

We use hosting services for providing infra-structure and platform services, computing capacity, storage space and database services, security and technical maintenance services, which we need for our website.

We (or our hosting service provider) as a processor according to Art. 28 GDPR process personal data, in particular usage data, meta and communication data of customers, interested parties and visitors of our website on the basis of our legitimate interests for efficient and se-cure provision of our web-services.

11. Collection of access data and logfiles:

Based on our legitimate interests we collect Data about every access to the server on which our website is located (so-called “server log files”). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP ad-dress and the requesting provider.

Logfile-Informationen werden aus Sicherheitsgründen (z.B. zur Aufklärung von Missbrauchs- oder Betrugshandlungen) für die Dauer von maximal sieben Tagen gespeichert und danach gelöscht. Daten, deren weitere Aufbewahrung zu Beweiszwecken erforderlich ist, sind bis zur endgültigen Klärung des jeweiligen Vorfalls von der Löschung ausgenommen.

Such logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then erased. Data whose further retention is required for evidential purposes is excluded from erasure until final clarification of the incident.

12. Social Media Accounts:

We maintain social media accounts, especially on Facebook, XING and LinkedIn, in order to communicate with the customers, prospects and users active therein and to inform them about our services. When using the respective networks and platforms, the respective terms and conditions and data processing guidelines apply.

13. Cookies

“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online service and closes their browser. In such a cookie, e.g. the contents of a shopping cart are stored in an online store or a login jam. The term “permanent” or “persistent” refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users visit it after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the person responsible for providing the online offer.

We can use temporary and permanent cookies and clarify this in the context of our privacy pol-icy. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be done via a variety of services, especially in the case of tracking, via the US website


oder die EU-Website


Furthermore, cookies can be deactivated in the settings of the browser. Please note that in this case not all features of the website may work properly.

14. Amendments and updates:

To ensure that you are always aware of how we use your personal data we will update this Pri-vacy Policy from time to time, especially if it is required to comply with changes in applicable law or regulatory requirements. We will notify you by e-mail about significant changes. How-ever, we encourage you to review this Privacy Policy periodically for your information about the use of your personal data.

Effective: September 2018

arian agbPrivacy Policy