Privacy Policy

Last Updated: 19 February 2026

Grover is committed to protecting your data and privacy rights. This Privacy Policy (“Privacy Policy”) provides information about how we collect your personal data, what we do with it, for what purposes and on what legal basis this happens, and what rights and claims are associated with it for you.

The Privacy Policy applies to information we obtain from and about you when you interact with us, our website, mobile application, products and services. However, it does not apply to job applicants, Grover employees, suppliers, existing or potential business partners.

Data Protection Requests: If you would like to raise a data protection request, please fill out our Privacy Webform via this link or contact our external Data Protection Officer at the email address provided below.

1. Who is responsible for data processing and whom can I contact?

Data Controller

Grover Österreich GmbH (hereinafter referred to as “we”, “our” or “Grover”) is the data controller within the meaning of GDPR as being the operator of the website www.grover.com ("website") and the Grover App for the processing activities described in this Privacy Policy. It is also the contractual partner of the customer (hereinafter referred to as “you”, “your” or “customer"). Below you can find further company details:

Grover Österreich GmbH

Address: Hegelgasse 13 1010 Wien, Austria

Commercial Register: Wien

Commercial Register Number: 555792 t

E-mail: [email protected]

For data protection requests, we kindly request that you use our Privacy Webform.

In the course of our business relationship with you, we share your personal data with Grover Group GmbH ("Grover Group"). We and Grover Group are jointly responsible for the proper protection of your personal data (Article 26 of the GDPR). Both companies have entered into an agreement to determine which of them fulfils which obligations under data protection law. We provide you with the essential content of this agreement here. Grover Group is primarily responsible for exercising the rights of data subjects and for providing information for data processing.

Below you can find further company details:

Grover Group GmbH

Address: Potsdamer Str. 125, 10783 Berlin, Germany

Commercial Register: Berlin-Charlottenburg Local Court

Commercial Register Number: HRB 166467 B

E-mail: [email protected]

For data protection requests, we kindly request that you use our Privacy Webform.

The External Data Protection Officer

You can reach the external data protection officer of the company at

FIRST PRIVACY GmbH

Konsul-Smidt-Str. 88

28217 Bremen

e-mail: [email protected] / www.first-privacy.com

2. For what purpose do we process your data and on which legal basis?

2.1 Data processing when using Grover Services

We process personal data in accordance with the provisions of the GDPR and the Data Protection Act (DSG) for the following purposes:

a) For the performance of contractual and pre-contractual obligations (Article 6 (1) sentence 1 (b) GDPR)

The processing of personal data (Article 4 No. 2 GDPR) is carried out for the purpose of providing this website and for the marketing of the products, in particular for the conclusion and processing of contracts, for invoicing, for the implementation of pre-contractual measures, for answering inquiries in connection with our business relationship and for all activities required for the operation and administration of the company. We may transmit data relating to outstanding claims, including the IBAN used for payments made, to a collection agency or a law firm for the purpose of debt collection.

The purposes of data processing are primarily based on the specific product. Further details regarding the purpose of data processing within the scope of contracts can be found in the respective contract documents and terms and conditions.

In particular, Grover processes the personal information that you provide as a user during registration, for contractual purposes or within the scope of an inquiry. In particular, this concerns the following data: Name, date of birth, e-mail address, address (invoice and possibly differing shipping address), order information, optional telephone number and bank details. In addition, Grover stores the password, which the user can freely choose. The password is not stored in plain text, but only a so-called hash value.

If you contact us through our customer service chatbot (“Grover Bot”) or via the online contact form with a request that relates to the performance of a contract or pre-contractual measures, we will process the personal data you provide (including the content of your messages, any metadata associated with the interaction, and any files or documents you choose to upload) in order to handle your inquiry and fulfill the related obligations.

If you use our service offering for digital products, we will collect data about your purchase of the digital item to ensure the proper functioning of our services, facilitate customer support and improve our products. This data includes transaction details, product identifiers, and purchase history.

If you use our service offering for tech-accessories, we will collect order data to ensure the proper functioning of our services, facilitate customer support and improve our products. This data includes order details, your full name, email address and shipping address.

If you utilize our add-on service, Grover Care, we will also collect data about product damages reported by You.

Also, we collect and process personal data about you (including name, email and postal code), if you enroll in any of our loyalty programs.

b) Based on legitimate interests (Article 6 (1) sentence 1 (f) GDPR)

In addition, we process your data beyond the provision of the website and the actual fulfilment of the contract to protect legitimate interests of us or third parties, as in the following cases in particular:

Response to your inquiries outside of a contract or pre-contractual measures such as those received through our contact forms, including our chatbot, or our social media platforms;
Advertising or market and opinion research, unless you have objected to the use of your data, this includes existing customer advertising;
Evaluation of our advertising measures, e.g. tracking of click and opening behavior in e-mail campaigns;
Enforcement of legal claims and defense in legal disputes;
Ensuring IT security and IT operation;
Creditworthiness check;
Prevention and investigation of criminal offences, among others, by verifying your identity;
Sending out payment reminder notifications regarding your upcoming payment if you select pay by invoice as your payment method;
Measures for business management and further development of products.

Our legitimate interest is to market our products in the best possible way and to further develop them and our company, or to protect our company against impairments and dangers and to enforce our claims.

c) Based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. evaluation or use of data for marketing purposes, receipt of advertising by e-mail), the legality of this processing is based on your consent.

If you have given your consent for email marketing, we will contact you to celebrate your birthday. To facilitate this, we will process your name, email address and date of birth.

If you choose to write a review about our services and/or products on the platform provided by Trustpilot A/S ("Trustpilot"), your consent will be the legal basis for this data processing. To facilitate your review, we will share your name, email address, and reference number with Trustpilot. For more details on how Trustpilot processes your data, please refer to their Privacy Policy here.

Your consent can be revoked at any time. Please note that the revocation is only effective for the future.

d) Due to legal requirements (Art. 6 para. 1 sentence 1 lit. c GDPR)

We are also subject to various legal obligations, e.g. money laundering law, tax laws, which require the processing of data.

e) Based on your explicit consent (Art. 9 para. 2 lit. a GDPR)

If you have given us your explicit consent to process personal data including biometric data or health data or data relating to religious or ideological beliefs revealed as a result of the bank account check (see below under 2.) for the purposes of fraud prevention, risk assessment and identity verification, the legality of this processing is based on your explicit consent. Your consent can be revoked at any time. Please note that the revocation is only effective for the future.

In cases of early termination due to health issues, we may collect and process personal data through your submission of health data.

2.2 Credit assessment, risk analysis and fraud prevention

a) Creditworthiness Check

In the course of the ordering process, we may check your creditworthiness. For this purpose we transmit the following data to so-called credit bureaus cooperating with us:

Customers (including Freelancer): Full name, billing and shipping address, date of birth, phone number, email.
Business customers: Company, company address.

We transfer your personal data to the following companies, among others, for credit assessment:

CRIF GmbH, Rothschildplatz 3/Top 3.06.B, A-1020 Vienna, Austria

For the decision on the conclusion, performance or termination of a contractual relationship, we use not only an address check, but also information about your previous payment behavior as well as probability values for your future behavior, which include, among other things, address data. We obtain this information from the following providers, among others:

CRIF GmbH, Rothschildplatz 3/Top 3.06.B, A-1020 Vienna, Austria

Grover is collecting and sharing data about customer sessions (including name, address, email address, phone number and IP address) and payment with Mastercard Europe SA. The legal basis for this is legitimate interest (Article 6 (1) sentence 1 (f) GDPR), resulting from our interest in preventing abuse and fraud and avoiding debts in current and future rental contracts. In this regard, such personal data will be transferred and stored outside the country in which it was collected (e.g., transfer to and storage in the United States) based on the Mastercard Binding Corporate Rules, as approved by the competent Data Protection Authority in the EU. These rules include your right to enforce them as third-party beneficiaries.

For the decision on the establishment of a contractual relationship, we also carry out our own analyses to detect abuse and fraud. In particular, we use the following categories of data:

Customer characteristics (e.g. data from credit reports, age, mobile phone provider, e-mail provider)
Shopping cart data like device categories
Behavioral data (e.g. number of orders and their status, behavior on the website)
Payment data like payment methods
Reconciliation of account data with other user accounts with regard to matching data
Customer characteristics such as data from credit reports and mobile phone providers.
Only if applicable, bank account data, in particular, account balances, turnover and transaction data
Data required to complete identity verification checks including a scan of a photo ID (e.g. a passport, a driver's license or an identity card), an image, a video including audio data and biometric facial identifiers.

The credit information and the own analyses for fraud detection can contain probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical procedures and their calculation includes among other things (but not exclusively) address data. The legal basis for this is Article 6 paragraph 1 letter f) GDPR. The legitimate interest results from our interest in reducing the contractual risk, in protection against bad debts and against the danger of misuse of our services by third parties. Your interests worthy of protection are taken into account in accordance with the statutory provisions.

In individual cases we check the calculation or the calculation result manually.

In order to prevent abuse and fraud and to avoid debts in current and future rental contracts of the customer, the longer-term storage (see 3.) of creditworthiness data and data from our own analyses is necessary for the detection of abuse and fraud. The legal basis is Art. 6 Paragraph 1 Letter f) GDPR. Our legitimate interest arises from our interest in detecting fraudulent behaviour or patterns of behaviour, recognising and taking into account developments in the creditworthiness of our customers, evaluating the rental agreements (the risk portfolio and the probability of default are relevant for investors, among others) and reviewing and improving our risk management (by analysing the data records - only in anonymised form).

If the other legal requirements are met, we will also forward information about delays in payment or a possible loss of receivables to credit agencies cooperating with us, please see 2.2. The legal basis for this is article 6 paragraph 1 letter f) GDPR. Our legitimate interest results from our and third parties' interest in reducing contractual risks for future contracts.

b) Identity Check

In order to detect/prevent fraudulent activities, we use the services of Onfido Limited. It is necessary for us to check whether the scan of a photo ID is genuine or fraudulent by confirming that the photo/video matches the facial biometrics in the photo on the provided document. Biometrics adds a layer of protection against stolen IDs and impersonation attacks. For this data processing, the legal basis is your explicit consent in accordance with Art. 9 para. 2 lit. a GDPR. We do not share these types of data with third parties unless required by law. You can revoke your consent with effect for the future at any time. The data processing that took place until the revocation remains lawful. If you want to obtain further information on retention periods, please see “How long will my data be stored for?” further below.

c) Bank Account Check

You can have your bank account checked by us if your credit score is negative. During this process, we check your bank account data by using our partner called FinTecSystems GmbH. This is necessary for the purpose of deciding on the establishment of a contractual relationship, for identity verification and for fraud prevention. We only review your three months of financial data such as your account balances and turnover. We do not share your bank account data with third parties. The legal basis for this is Article 6 (1) sentence 1 (a) GDPR.

Even though we are only interested in your financial data, your data related to your health, religious or ideological beliefs may be visible in your transactions. In such cases, your consent extends to special categories of personal data pursuant to Article 9 (1) of the GDPR. The legal basis for this is your explicit consent in accordance with Article 9 paragraph 2 letter a) GDPR.

You can revoke your consent with effect for the future at any time in this context. The data processing that took place until the revocation remains lawful. If you want to obtain further information on retention periods, please see “How long will my data be stored for?” further below.

3. Which data do we process when you visit our website?

3.1 Usage data

When you visit our website, our web server temporarily evaluates so-called usage data for statistical purposes as a protocol in order to improve the quality of our website. This data record consists of

the name and address of the requested content,
the date and time of the query,
the transferred data volume,
the access status (content transferred, content not found),
the description of the used web browser and operating system,
the referral link, which indicates from which page you reached ours,
the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The mentioned log data will only be evaluated anonymously.

In addition, we store the IP address transmitted by your web browser solely for the purposes of fraud detection and prevention as well as to protect you against such fraudulent activities based on Article 6 para. 1 letter f) GDPR. We may also transfer the IP address to third parties solely for the fulfillment of these purposes.

3.2 Cookies and similar technologies

Our websites and mobile applications use cookies and similar technologies to provide secure, reliable and personalized services, understand how our sites and apps are used, and improve our communications and products. Some of these technologies may collect personal data, such as your IP address or user ID.

This section explains what these technologies are, what they do, which providers we use, and how you can manage your settings.

What technologies we use

Cookies
are small text files that a website stores on your device to remember information such as your login, preferences, or shopping cart contents. Cookies may be set by us (“first-party cookies”) or by our partners (“third-party cookies”). Cookies can also be session cookies, which are deleted when you close your browser, or persistent cookies, which remain stored for a defined period or until deleted manually.
Pixel tags (web beacons)
are small blocks of code placed on our website and in online services that allow us and our partners to track user activity, measure performance and deliver content or advertising.
Software development kits (SDKs)
are pieces of code integrated in our mobile apps that perform similar functions to cookies and pixel tags but operate within the app environment.

For simplicity, references to “cookies” in the following sections also include similar technologies such as pixel tags, SDKs, and comparable tools that store or access information on your device.

Why we use these technologies.

We use cookies and similar technologies for the following purposes:

Strictly necessary cookies: These cookies are required for the website and app to function and cannot be disabled in our systems. We rely on Article 6(1)(f) GDPR for this processing. They enable us to:

identify you as logged in and authenticate you;
ensure you connect to the correct service when we make changes to the website;
ensure the security and integrity of our services, including detecting and preventing fraudulent activity.

We do not use these cookies for analytics or advertising. You can configure your browser to inform you when cookies are set or to block them entirely, but some website functions may not work properly as a result.

Functional cookies: These cookies enable enhanced functionality and personalisation, such as remembering your location, language or preferences, and supporting additional services like live chat.

Functional cookies may be set by us or by service providers whose tools we embed. The processing is based on your consent in accordance with Article 6(1)(a) GDPR and, in Germany, Section 25(1) TTDSG. If you disable these cookies, some or all features may not work properly. You can withdraw your consent at any time by clicking “Cookie Settings” at the bottom of any page.

Performance and analytics cookies: These cookies help us measure and improve the performance of our site by counting visits, identifying traffic sources, and understanding how visitors use our pages. The information collected is aggregated and anonymised.

In some cases, aggregated data may be enriched with demographic information from third-party sources (e.g., age, gender, location) or combined with recognition methods that analyse mouse-pointer movements to improve usability. Processing is based on your consent (Article 6(1)(a) GDPR and Section 25(1) TTDSG). You can withdraw your consent at any time via “Cookie Settings.”

Profiling and targeting cookies: We use cross-device tracking technologies to display advertising relevant to your interests on other websites and to measure the effectiveness of our marketing. These cookies may be placed by our advertising partners to build a pseudonymous profile of your interests. They do not directly store personal information but rely on identifiers associated with your browser or device.

We also use affiliate marketing technologies. When you click an affiliate link, a cookie may be stored in your browser to track any resulting sales for commission purposes.

Processing is based on your consent (Article 6(1)(a) GDPR and Section 25(1) TTDSG). Consent can be withdrawn at any time through “Cookie Settings.”.

Storage period

Cookies may remain stored for the duration of your browsing session or for a longer period, depending on their function and the configuration of the provider. You can find specific durations in the list of cookies.

Categories of recipients

Personal data collected through cookies may be shared, where applicable, with:

IT and hosting service providers supporting our website and app infrastructure;
analytics and measurement providers helping us evaluate website performance;
advertising and affiliate marketing networks supporting interest-based advertising and commission tracking;
social media and content delivery partners enabling sharing and integration features;
other entities within the Grover group for internal administrative purposes.

You can access a full list of our cookie providers via the list of cookies.

International transfers

Where our partners or service providers are located outside the EU or EEA, we ensure that an adequate level of data protection is maintained. This may be based on a formal adequacy decision by the European Commission, on contractual safeguards such as Standard Contractual Clauses, or on recognised certification mechanisms demonstrating an adequate level of protection. Where no such safeguards are available, transfers take place based on your explicit consent under Article 49(1)(a) GDPR, which we collect through our consent banner. Please note that in certain countries, such as the United States, public authorities may have access to your data for security or monitoring purposes without adequate legal remedies being available to you.

Managing your cookie preferences

You can manage your cookie preferences at any time by clicking “Cookie Settings” at the bottom of any page. Blocking certain cookies may affect your experience and the services we can provide.

You can also control cookies through your browser settings. Instructions can be found here:

Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari

3.3 Access Protected Area

If you wish to use our access-protected area, prior registration is necessary.

We only collect the data required for registration. The processing is based on Art. 6 para. 1 sentence 1 letter b GDPR or on Art. 6 para. 1 letter f GDPR in the interest of providing you with the services and information of the access-protected area.

If we collect additional data, these are marked as voluntary and are based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

4. Who is the recipient of my data?

Within the respective responsible company, those departments that need access to your data to fulfill our contractual and legal obligations are granted access to your data.

We will pass on your data to the recipients named in this privacy policy. We also pass on your data to the following categories of recipients if this is necessary to fulfill a contractual relationship with you or to carry out pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR) or to safeguard legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

IT service providers, especially software as a service, hosting, storage, artificial intelligence solutions, and cloud computing providers
Logistics service provider
E-mail marketing service providers and customer service providers who, among other things, create offers and invoices for us
Marketing service providers, especially Google Adwords and WhatsApp consulting service providers
Payment service providers and credit institutions for the collection of a charge or the provision of a payment service
Collection agency/law firms for the enforcement of claims
Service providers who support us in risk analysis and fraud prevention
Insurance companies and legal service providers
Identity verification service provider called Onfido Limited for the purpose of verifying your true identity and validity of your identity documents in order to detect/prevent fraudulent activities
If you use our service offering for special products, namely, digital products and/or tech-accessories, we will send data to our partner service providers to facilitate the services.

Insofar as processing is necessary to protect legitimate interests, for example when using IT services, our legitimate interest is to outsource functions.

In addition, your personal data will be passed on or transmitted if required by law (Art. 6 para. 1 sentence 1 lit. c GDPR) or if you have given your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

5. Is my personal data processed outside the European Union and the EEA?

For the processing of your data we also use service providers located in third countries outside the European Union or the European Economic Area (EEA). These countries may have a different level of data protection than within the European Union. Unless there is a decision by the EU Commission that these third countries generally offer an adequate level of data protection, we have taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries we conclude the standard data protection clauses of the European Commission to provide appropriate guarantees for the protection of your data with service providers in the third country. You can request a copy of these data protection clauses by contacting us at the contact details given above. Furthermore, we carry out Transfer Impact Assessments to make sure that service providers in third countries provide adequate protection of personal data. In addition, we encrypt or pseudonymize personal data before transferring it to a service provider in a third country, provided that this is technically possible and appropriate.

An adequacy decision (Data Privacy Framework Program) applies to the U.S., under which certified companies can demonstrate an adequate level of data protection. If a data recipient is not certified, we conclude the European Standard Contractual Clauses with them.

6. To what extent does automated decision making take place in individual cases?

When establishing contractual relationships, we use fully automated decision-making processes in the sense of Art. 22 Para. 1 GDPR, taking into account the creditworthiness data provided by credit agencies and the score value determined by our own analyses for abuse and fraud detection (see above under 2.) This is necessary for the conclusion of the contract in the sense of Art. 22 para. 2 lit. a GDPR: automated decision making allows for greater coherence and fairness, the risk of non-payment due to lack of solvency, abuse or fraud is minimized and we can make decisions within shorter deadlines and increase our efficiency. All this is essential in our mass and time-critical online business. It is therefore possible that we may automatically reject your order based on the determined creditworthiness or the determined probability of abuse or fraud. If you do not agree with our decision, you can inform us in writing or by filling out our Privacy Webform and express your point of view. A member of staff will then review the decision, taking your point of view into account, and correct it if necessary.

7. How long will my data be stored?

Your data will be processed according to the legal regulations and deleted in accordance with the intended deletion periods.

As far as necessary, we process and store your personal data for the duration of our contractual relationship, which also includes, for example, the initiation and execution of a contract. Please note that our contractual relationship is usually a continuing obligation.

In the case of contractual relationships, but also in the case of other claims under civil law, the storage period is also governed by the statutory limitation periods, which, may for example, be two years in the case of a warranty for movable goods pursuant to Section 933 of the Austrian Civil Code (ABGB) or three years in the case of a purchase price claim pursuant to Sections 1062 in conjunction with 1486 of the Austrian Civil Code (ABGB), but in certain cases, namely pursuant to Section 1486 of the ABGB in the case of claims for damages, may also be up to thirty years.

In addition, we are subject to various retention and documentation obligations, which result, among other things, from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO). The retention and documentation periods specified there are seven years from the end of the calendar year for which the entries were made in the books or records, and vouchers, business papers and other documents from the end of the calendar year to which they relate. The retention obligation under company law according to §§ 190, 212 UGB is also seven years.

Logfiles are deleted in principle after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. The storage period of cookies depends on the individual case and is usually between twelve and 24 months.

Customer data and your customer account will be deleted five years after the end of your last rental contract or after your last login, whichever comes later.

We usually delete the following customer data within the following shorter periods:

Data on telephone conversations with customers (for example telephone number) will be deleted one year after the last telephone conversation with the customer. If we record a telephone conversation in individual cases, which is only done with the customer's voluntary consent, the recording is automatically deleted after 30 days.

Credit scoring data (see above under 2.) of customers whose order was rejected for reasons of creditworthiness, we delete or anonymize after six months. Otherwise, we delete or anonymize creditworthiness data five years after the end of your last rental agreement or after your last login, whichever comes later.

Only if applicable and in connection with the creditworthiness check, three months’ bank account data including account balances, turnover and transaction data for the purpose of deciding on the establishment of a contractual relationship, for identity verification and for fraud prevention (see above under 2.), we will delete or anonymize your data after six months from the receipt of your data.

Data from our own analyses for abuse and fraud detection (see above under 2.) we will delete or anonymize your data five years after the end of your last rental agreement or after your last login, whichever comes later.

In connection with the identity check, data required to complete ID verification checks including a scan of a photo ID (e.g. a passport or a driver's license or an identity card), an image, a video including audio data and the biometric facial identifiers from the image/video (see above under 2.), we will delete the data after 6 months following the completion of identity verification process.

8. What are my privacy rights?

In order to assert all these rights as well as for further questions regarding personal data, you can fill out our Privacy Webform or contact our data protection officer

You have the right of access (Art. 15 GDPR), the right of rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limit processing (Art. 18 GDPR) and the right of data transferability (Art. 20 GDPR).

You also have the right to object to data processing by us (Art. 21 GDPR).

Your rights in detail:

You can request confirmation as to whether and how we process your personal data. In particular, you have a right of access to your personal data and the information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the envisaged storage period, or, if this is not possible, the criteria for determining this period; the existence of a right to rectification or erasure of your personal data, to restriction of the processing or to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; the source of the data if the personal data has not been collected from you, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the significance and envisaged consequences of such processing. If we transfer personal data to a third country or an international organisation, you may also request information about the safeguards we have in place to protect your data. Your right to information may be limited in individual cases by national law and the rights and freedoms of others.

You may request the rectification of inaccurate personal data with undue delay or, taking into account the purposes of the processing, the completion of incomplete personal data - also by means of providing a supplementary declaration.

You have a right to immediate erasure of your personal data under certain circumstances, e.g. if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent and there is no other legal basis for the processing, or if you have objected to the processing of your data for direct marketing purposes. The right does not exist to the extent the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the exercise of a public power vested in us, or for the establishment, exercise or defence of legal claims. Your right to erasure may be limited in individual cases by national law.

You may request the restriction of processing if you contest the accuracy of the personal data for the duration of the verification of the accuracy by us, if the processing is unlawful but you object to the erasure of your personal data, if we no longer need your personal data but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing.

You have the right to data portability, i.e. the right to receive and transmit the personal data you have provided to us in a structured, commonly used and machine-readable format, if we process your personal data on the basis of your consent or a contract and the processing is carried out by automated means.

Insofar as our processing of your personal data is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you may revoke this consent at any time; the legality of the data processing carried out on the basis of the consent until revocation remains unaffected.

Notwithstanding the above, you have the right to lodge a complaint with a supervisory authority - in particular in the EU member state of your residence, place of work or place of the alleged violation - if you believe that the processing of the personal data you provided violates the GDPR or other applicable data protection laws (Art. 77 GDPR). In Austria the Data Protection Authority (Österreichische Datenschutzbehörde) is responsible.