In Frame In Frame
ENDE
Get in touch

Privacy Policy

Protecting your personal data is important to us. We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act 2021 (TKG). Below we inform you about which data we process on this website, for what purpose, on what legal basis and which rights you have.

Change cookie settings

1. Controller

In Frame - Martina Sattler & Mag. Michael Föls
Ringelseegasse 17/3
1210 Vienna, Austria
Phone: 0664 9388206
Email: office@inframe.at
Website: www.inframe.at

For all questions relating to data protection and the exercise of your rights, you can contact us directly at any time. We are not legally required to appoint a data protection officer.

2. Your rights

You have the following rights with regard to the personal data concerning you:

  • Access (Art. 15 GDPR) - whether and which data we process about you;
  • Rectification (Art. 16 GDPR) - correction of inaccurate data;
  • Erasure (Art. 17 GDPR) - “right to be forgotten”;
  • Restriction of processing (Art. 18 GDPR);
  • Data portability (Art. 20 GDPR);
  • Objection to processing based on legitimate interest (Art. 21 GDPR);
  • Withdrawal of consent given, with effect for the future (Art. 7(3) GDPR).

You can adjust or withdraw cookie consent you have given at any time via the cookie settings.

Right to lodge a complaint: If you believe that the processing of your data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at · Web: www.dsb.gv.at

3. Accessing the website, server log files & hosting

Each time our website is accessed, the browser automatically transmits information to the server and temporarily stores it in so-called log files. The following is recorded: the page accessed, date and time, volume of data transferred, notification of successful retrieval, browser type and version, operating system, referrer URL and the IP address (usually anonymised/truncated).

This data serves the technical delivery, stability and security of the website as well as the defence against attacks. The legal basis is our legitimate interest in secure and trouble-free operation (Art. 6(1)(f) GDPR). Log files are stored for a maximum of 14 days and then deleted, unless a security-relevant incident requires longer retention.

Hosting: Our website is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany); the servers are located in a data centre in Helsinki, Finland (EU). A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner. Privacy information: hetzner.com/rechtliches/datenschutz.

Content Delivery Network (CDN): For the fast, worldwide delivery of our content - in particular images, including via the subdomain fotos.inframe.at - we use Amazon CloudFront provided by Amazon Web Services, Inc. or Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, 1855 Luxembourg). For technical reasons, your IP address is transmitted to the CloudFront servers in order to load the content from the nearest location. The legal basis is our legitimate interest in fast and reliable provision (Art. 6(1)(f) GDPR). Amazon is certified under the EU-US Data Privacy Framework; any transfer to the USA is thereby safeguarded (see point 10). Privacy information: aws.amazon.com/privacy.

4. Fonts (locally hosted)

We embed all the fonts we use locally from our own server. No connection is made to Google’s servers (Google Fonts) or other third-party providers; your IP address is not transmitted to third parties in this process.

5. Cookies & consent management

Cookies are small text files that are stored on your device. We distinguish between technically necessary cookies and those used for analytics or marketing.

Technically necessary cookies and storage are required for the operation of the website and are set without consent on the basis of Section 165(3) TKG 2021 and our legitimate interest (Art. 6(1)(f) GDPR). These include in particular:

  • the cookie of our consent tool (stores your cookie choices so that you are not asked again on every visit);
  • the language cookie of the multilingual plugin WPML (remembers the chosen language).

All non-necessary cookies and services (analytics and marketing) are set exclusively after you have actively consented in the cookie banner (Art. 6(1)(a) GDPR, Section 165(3) TKG 2021). Before your consent, the corresponding scripts (e.g. Google Analytics, Google Ads, PostHog, Metricool, Meta Pixel) are blocked and not loaded. You can change or withdraw your choices at any time via the cookie settings; rejected cookies are deleted automatically.

6. Getting in touch & contact form

If you contact us by email, telephone or via our contact form, we process the data you provide (e.g. name, email address, telephone number, content of the enquiry) in order to handle your enquiry. The contact form is provided using the WPForms plugin; the data is stored on our server and forwarded to the email address you specify or to our internal email address.

The legal basis is Art. 6(1)(b) GDPR (initiation or performance of a contract), insofar as your enquiry is aimed at concluding a contract, otherwise our legitimate interest in responding to enquiries (Art. 6(1)(f) GDPR). Your data is deleted as soon as the enquiry has been conclusively dealt with and no statutory retention obligations (e.g. under tax law) preclude this.

Email dispatch (Amazon SES): For the reliable dispatch of emails (e.g. form notifications), we use Amazon Simple Email Service provided by Amazon Web Services EMEA SARL with processing in the EU Frankfurt region (eu-central-1). A data processing agreement is in place with Amazon.

6.1 WhatsApp contact

On our website we offer the option to contact us via WhatsApp (buttons such as “Questions?” or “WhatsApp”). Technically, this is a simple link - merely accessing our pages transmits no data to WhatsApp and sets no cookies. Data is only transmitted once you actively click the link and start a chat with us.

If you start a chat, we process the data you transmit - in particular your phone number, your profile name and the content of your messages - in order to respond to your enquiry. The service is provided by WhatsApp Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland), a company of the Meta group. WhatsApp independently processes connection and metadata over which we have no influence. Details can be found in WhatsApp’s privacy policy.

The legal basis is Art. 6(1)(b) GDPR (initiation or performance of a contract), insofar as your enquiry is aimed at this, and otherwise the consent expressed by your active contact as well as our legitimate interest in straightforward communication (Art. 6(1)(a) and (f) GDPR). In this process, a transfer to the USA cannot be ruled out (see section 10).

The use of WhatsApp is voluntary: you can also reach us at any time by email, telephone or via our contact form. We delete messages exchanged via WhatsApp as soon as your enquiry has been dealt with and no statutory retention obligations preclude this.

7. Reach measurement without cookies

To understand how our website is used, we carry out a cookieless, data-minimising reach measurement. This works server-side and does not access information on your device and sets no cookies - it therefore takes place even without consent.

When a page is accessed, a signal is sent to our server, which passes the following information to our analytics tool PostHog (EU hosting, see point 8): the page and URL accessed, the referrer (referring page), any UTM campaign parameters, browser, operating system and device type. Your IP address is truncated/masked before any processing (IPv4 to the last octet, IPv6 to the prefix) and not stored in plain text. A pseudonymous, non-reversible hash that changes weekly is created as an identifier; identifying you as a person is therefore not possible.

The legal basis is our legitimate interest in a basic, anonymous reach and error analysis to improve our offering (Art. 6(1)(f) GDPR). You can object to this processing at any time (see point 2).

8. Web analytics with your consent

The following analytics services are only loaded after your consent in the “Analytics” category (Art. 6(1)(a) GDPR):

8.1 PostHog

After your consent, we use PostHog for detailed product and usage analysis. The provider is PostHog with data processing on the EU cloud (servers within the EU). PostHog then records page views and interactions (autocapture) and creates anonymised session recordings, with which we trace mouse movements, clicks and scrolling behaviour in order to improve usability. In this process, all text entries are automatically masked and your IP address is not stored. PostHog only sets cookies after your consent. Privacy information: posthog.com/privacy.

8.2 Google Analytics 4

After your consent, we use Google Analytics 4 (measurement ID G-LEBF13D476), a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies to analyse the use of the website (e.g. pages accessed, time spent, visitor origin). The IP address is processed by Google in truncated form. We use the Google Consent Mode v2 - without your consent, no analytics cookies are set and no personal data is transmitted to Google. A transfer to the USA is possible (see point 10). Privacy information: policies.google.com/privacy.

8.3 Metricool

After your consent, we use Metricool to analyse website and marketing performance. The provider is Metricool S.L., Spain (EU). Metricool may set cookies for this purpose and evaluate usage data in pseudonymous form. Privacy information: metricool.com/legal-notice.

9. Marketing & conversion measurement with your consent

The following services are only loaded after your consent in the “Marketing” category (Art. 6(1)(a) GDPR). They serve to measure the success of our advertising and to show you relevant advertising.

9.1 Google Ads (conversion tracking & remarketing)

We use Google Ads provided by Google Ireland Limited (conversion ID AW-11140393114) to measure which adverts lead to contact being made, and to serve relevant ads to visitors of our website on Google services and partner websites (remarketing). Cookies may be set in this process. Consent Mode v2 also applies here - without consent, no processing for marketing purposes takes place. Privacy information: policies.google.com/privacy.

9.2 Meta Pixel (Facebook/Instagram)

We use the Meta Pixel (ID 622940152995948) provided by Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland). With it, we measure the effectiveness of our adverts on Facebook and Instagram (conversions) and can build audiences for advertising. The pixel sets cookies after your consent (e.g. _fbp). A transfer to the USA is possible (see point 10). Privacy information: facebook.com/privacy/policy.

10. Data transfer to third countries (USA)

Some of the services used with your consent (in particular Google and Meta) may transfer data to their parent companies in the USA. Google LLC and Meta Platforms, Inc. are certified under the EU-US Data Privacy Framework (DPF); on this basis, the EU Commission has determined an adequate level of data protection (adequacy decision of 10 July 2023). In addition, the providers rely on the EU Commission’s standard contractual clauses. Despite these safeguards, it cannot be entirely ruled out that US authorities may access data. You give your consent to this transfer within the cookie banner (Art. 49(1)(a) GDPR).

11. Social media presences

We are present on social networks (e.g. Instagram, Facebook) with our own profiles and link to them from our website. A connection to these networks is only established when you actively click a corresponding link - no social media plugins or tracking buttons that transmit data as soon as our page loads are actively embedded. The data protection provisions of the platforms themselves apply to the processing of your data on those platforms.

12. Storage period

We store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods (e.g. 7 years pursuant to Section 132 of the Austrian Federal Fiscal Code (BAO) for tax-relevant documents). Data based on consent (analytics, marketing) is processed until withdrawal or in accordance with the storage period of the respective cookies. After that, the data is deleted or anonymised.

13. No automated decision-making

No automated decision-making with legal effect or similarly significant impact within the meaning of Art. 22 GDPR takes place. The marketing services used may build interest-based profiles for advertising purposes on the basis of your consent; you can put an end to this at any time by withdrawing your consent.

14. Currency & amendment of this privacy policy

This privacy policy is currently valid. As our website develops or due to changed legal or regulatory requirements, it may become necessary to amend this policy. The current version can be accessed on this page at any time.

As of: June 2026