Contents
1. Data controller
The controller within the meaning of the GDPR is:
HR Eventconsulting GmbH
Nußdorfer Straße 20/1/22, 1090 Vienna, Austria
FN 493620m, Commercial Court of Vienna
E‑mail: richard@hrec.at
Managing director: Dr. Richard Rettenbacher
HR Eventconsulting GmbH has not appointed a data protection officer, as the legal requirements for doing so do not apply. For any data protection matters, please contact us directly using the details above.
2. Which data we process
We process only personal data that is necessary to operate this website and to deliver our services:
- Server log data when the website is accessed (IP address, timestamp, file requested, referrer, user agent)
- Contact details you send us via the contact form or by e‑mail (name, e‑mail address, organisation, message content)
- Cookie consent status, stored locally in your browser
We use no tracking tools, no advertising cookies and no profiling on hrec.at. There is no automated decision‑making within the meaning of Art. 22 GDPR.
3. Server logs & hosting
When you access this website, technical data is automatically processed in server log files. The following is recorded:
- IP address of the requesting device
- Date and time of the request
- File requested and amount of data transferred
- HTTP status code (whether the request was successful)
- Referrer URL (the previously visited page)
- Browser type, version and operating system
Purpose: technical provision of the website, ensuring IT security, prevention and investigation of misuse.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in stable, secure operation of the website)
This website is hosted on our behalf by GoDaddy.com, LLC (USA) and its associated European entity GoDaddy Europe LLC. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider.
4. Cookies & local storage
We use only strictly necessary storage mechanisms on hrec.at:
- One entry in your browser's Local Storage (key
hrec-cookie-consent), which stores your cookie decision so that the notice banner does not reappear on every visit.
We do not use third‑party cookies, tracking pixels or analytics tools such as Google Analytics, Matomo or Hotjar.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a user‑friendly presentation)
You can change your cookie decision at any time via the "Cookie Settings" link in the footer of the home page or by deleting the entry from your browser storage.
5. Contact & enquiries
When you contact us via the contact form on hrec.at or by e‑mail to richard@hrec.at or hans@hrec.at, we process the data you provide (name, e‑mail address, organisation, message) solely to respond to your enquiry and, where applicable, to initiate a business relationship.
Legal basis: Art. 6(1)(b) GDPR (steps preparatory to a contract or performance of a contract) and/or Art. 6(1)(f) GDPR (legitimate interest in responding to your enquiry)
No data is shared with third parties — with the exception of our e‑mail service provider (see section 8).
6. Newsletter
If you tick the "Please send me the HREC newsletter" option in the contact form, we will use your e‑mail address to send you occasional updates about HREC and our activities.
Legal basis: Art. 6(1)(a) GDPR (consent)
You may withdraw your consent at any time, with effect for the future, by sending a short notice to richard@hrec.at or by using the unsubscribe link in any newsletter. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.
7. External fonts (Google Fonts)
This website uses fonts provided by the Google Fonts service, which are loaded directly from servers operated by Google Ireland Limited or Google LLC (USA). Your IP address is transmitted to Google in the process. We have no influence over Google's data processing.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent, professional presentation of the website)
Google's privacy policy: policies.google.com/privacy.
8. Recipients & processors
Personal data is shared only with the following categories of recipients to the extent necessary for the provision of our services:
- Hosting provider (GoDaddy) — provision of the server infrastructure
- E‑mail provider (Microsoft 365 or the mail service configured for hrec.at) — handling of e‑mail communication
- Tax and legal advisors as well as public authorities — where required by law
Data processing agreements pursuant to Art. 28 GDPR are in place with all processors.
9. Transfers to third countries
Some of the providers listed above have parent companies in the United States. Any transfer to the USA takes place on the basis of the EU‑U.S. Data Privacy Framework (European Commission adequacy decision of 10 July 2023) or, where applicable, on the basis of Standard Contractual Clauses under Art. 46(2)(c) GDPR together with supplementary safeguards.
10. Retention periods
- Server logs: as a rule, a maximum of 14 days, unless required to be retained longer for security or evidentiary purposes
- Contact enquiries: for as long as necessary to process the enquiry; if a contractual relationship is initiated, until the statutory retention periods expire (in particular §132 BAO, §212 UGB — generally 7 years)
- Newsletter data: until you withdraw your consent
- Cookie consent: 12 months from the time it is given, stored in your browser's Local Storage
11. Your rights as a data subject
Subject to the conditions of the GDPR, you have the following rights against us:
- Access to the data we process about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR), provided no statutory retention obligations apply
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing based on legitimate interest (Art. 21 GDPR)
- Withdrawal of consent previously given (Art. 7(3) GDPR) — with effect for the future
To exercise any of these rights, an informal message to richard@hrec.at is sufficient.
12. Right to lodge a complaint
If you believe that the processing of your data infringes the GDPR or Austrian data protection law, you have the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42, 1030 Vienna, Austria
Tel.: +43 1 52 152‑0
E‑mail: dsb@dsb.gv.at
Web: www.dsb.gv.at
13. Changes to this policy
We reserve the right to adapt this privacy policy as required when our data processing or the legal framework changes. The current version is always available on this page.