Privacy Policy

Last updated: April 25, 2023

1. Controller and Contact Information

This privacy policy applies to the processing of personal data by:

SALLS GmbH
Rittersporngasse 80
1220 Vienna, Austria
Email:

2. Legal Basis and Purpose of Data Processing

All processing of personal data is performed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”), the Austrian Data Protection Act (DSG), and any other applicable legal provisions. We process personal data exclusively on the following legal bases:

• Art. 6(1)(a) GDPR – Consent
• Art. 6(1)(b) GDPR – Contractual necessity
• Art. 6(1)(c) GDPR – Legal obligation
• Art. 6(1)(f) GDPR – Legitimate interests

Data is processed for the following purposes:

• Ensuring technical availability and operational security
• Responding to correspondence and inquiries
• Preventing misuse and fraud
• Statistical analysis (where anonymized)
• Future implementation of user-centric services and modules
• Regulatory compliance and audit readiness

3. Categories of Data Processed

• IP address, timestamp, browser and OS metadata
• Device identifiers and technical headers
• Email and contents if voluntarily submitted
• Server logs and diagnostic data

4. Automated Data Collection and Hosting

Our infrastructure automatically captures standard access data. Hosting is provided within the EEA under strict Art. 28 GDPR processor agreements. Log files are maintained for operational integrity, security, and compliance purposes.

5. No Cookies, No Third-Party Tracking

We do not use tracking cookies, web analytics, profiling scripts, or third-party marketing integrations. This website operates under a strict privacy-first policy.

6. Email Communication

If you contact us, your message and any included personal data will be used to process your request. This falls under Art. 6(1)(b) GDPR (pre-contractual steps) or Art. 6(1)(f) GDPR (legitimate interest).

7. Data Retention

• Server logs: 14 days (extended in cases of security investigation)
• Email correspondence: up to 3 years
• Financial/legal data: up to 7 years (per §132 BAO)

8. Third Parties and Subprocessors

SALLS GmbH uses external contractors for hosting, development, infrastructure monitoring, and technical maintenance. All entities operate under Data Processing Agreements as per Art. 28 GDPR. No data is accessed for independent purposes by these parties.

9. International Transfers

No personal data is transferred outside the EEA. If ever required, only EU Commission-approved mechanisms (SCCs, adequacy decisions) will be used.

10. Data Subject Rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)
• Complaint: Austrian Data Protection Authority

11. Security Measures

All systems are protected using TLS 1.3+, hardened OS environments, access logs, multi-factor authentication, and intrusion detection systems. Employees and contractors are subject to binding confidentiality agreements.

12. No Automated Profiling

We do not conduct automated decision-making within the meaning of Art. 22 GDPR.

13. Law Enforcement

We cooperate with national and EU regulators, courts, and supervisory authorities as legally required under GDPR, DSG, and Austrian law.

14. Future Service Expansion

Any introduction of user accounts, advanced AI features, or analytics will be accompanied by updated notices and, where required, consent requests. You will be informed before any material changes to this policy take effect.

15. AI Systems and Model Training

SALLS GmbH may use anonymized interaction data to enhance its AI-based educational systems. By using the platform, you acknowledge and agree that pseudonymized usage patterns may be processed to improve model performance and training accuracy (Art. 6(1)(a) and (f) GDPR).

We do not use personal identifiers or sensitive data for training purposes without explicit consent. You may object at any time by contacting: .

16. Outsourced IT Responsibility

Technical architecture and infrastructure are developed and maintained by certified IT contractors acting under strict processor agreements. While SALLS GmbH maintains control of all data governance, operational responsibilities are delegated to ensure reliability and compliance under Art. 5(2) GDPR.

17. Governing Law

This policy is governed by Austrian and EU law. Jurisdiction: Vienna, Austria, unless consumer law provides otherwise.