Privacy policy

This privacy policy explains how Webagentur Hochmeir e.U. (“we”) processes personal data when you visit our website and use the Arbeitskraftwerk application, in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Controller

For all questions regarding data protection and to exercise your rights, please contact us at the address above.

2. Definitions & principles

“Personal data” means any information relating to an identified or identifiable natural person. We process data lawfully, fairly and transparently, limited to the purpose, data-minimised, accurate, storage-limited and with appropriate security (Art. 5 GDPR).

3. Legal bases

• Art. 6(1)(a) – your consent;
• Art. 6(1)(b) – performance of a contract or pre-contractual steps;
• Art. 6(1)(c) – compliance with a legal obligation;
• Art. 6(1)(f) – our legitimate interests (e.g. security, operation and improvement of the service), balanced against your rights.

4. Visiting the website (server log files)

When you access our website, the server automatically processes: IP address, date and time of the request, requested URL/file, HTTP status code, transferred data volume, referrer URL, browser type and version, and operating system. Purpose: delivering the website, ensuring stability and security, and troubleshooting. Legal basis: Art. 6(1)(f). Log data is stored for a short period and then deleted or anonymised.

5. Cookies & local storage

Strictly necessary cookies are required for core functions such as login, session management and protection against cross-site request forgery (CSRF). They do not require consent (Art. 6(1)(f)). We do not use third-party advertising cookies. Should we introduce analytics or other optional cookies, they will only be set after your explicit consent via a consent banner, which you can withdraw at any time.

6. Contacting us

If you contact us by e-mail, we process the data you provide (e.g. name, e-mail address, company, message content) to handle your enquiry. Legal basis: Art. 6(1)(b) and (f). Data is deleted once the enquiry is fully resolved, unless statutory retention periods apply.

7. Using the Arbeitskraftwerk application

7.1 Account & usage data

For registered users we process account data (name, e-mail, hashed password, role, two-factor settings, tenant membership) and usage/audit data (logins, changes, access to records). Legal basis: Art. 6(1)(b) and (f).

7.2 Personnel data entered by customers (processing on behalf)

Where you, as our customer (a staffing agency), enter personnel data of your employees and candidates (e.g. name, address, date of birth, social-security number, citizenship, qualifications, assignments, uploaded documents), you remain the controller and we act as processor under Art. 28 GDPR. We process such data exclusively on your documented instructions to provide the service. A data processing agreement (DPA) is concluded with each customer.

7.3 Security measures

Sensitive personal data is stored field-level encrypted in the database, with a separate encryption key per tenant. Uploaded documents are encrypted at rest and only delivered through authenticated, in-app routes. Access is role-based; an audit log records changes without storing cleartext personal data. Transport is secured via TLS/HTTPS.

8. Recipients & processors

We engage carefully selected processors who provide sufficient guarantees under Art. 28 GDPR, in particular hosting/infrastructure providers operating within the EU. We do not sell personal data. Data is disclosed to third parties only where legally required or necessary to provide the service.

9. Hosting & data location

The application and its data are hosted in data centres within the European Union. There is no transfer of personal data to third countries outside the EU/EEA. Should such a transfer ever become necessary, it will only take place on the basis of appropriate safeguards (e.g. EU Standard Contractual Clauses).

10. Retention

We store personal data only as long as necessary for the respective purpose or as required by statutory retention obligations (e.g. commercial and tax law). Afterwards the data is deleted or anonymised. Personnel data processed on behalf of a customer is retained according to the customer’s instructions and the DPA.

11. Your rights

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure / “right to be forgotten” (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection to processing based on legitimate interests (Art. 21)
• Withdrawal of consent at any time, without affecting prior processing (Art. 7(3))

To exercise your rights, contact hello@webhoch.com. If your data is processed by a staffing agency using our application, please contact that agency as the controller.

12. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, dsb.gv.at).

13. No automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR that produces legal effects concerning you.

14. Changes to this policy

We may update this privacy policy to reflect changes to our services or legal requirements. The current version is always available on this page.

Last updated: June 2026

← Back to home