Imprint | Privacy Policy
Privacy Policy
This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter “data”) within the scope of providing our services, as well as within our online offering and the associated websites, functions and content, and external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
FameL GmbH
Steinbruchweg 20,
8054 Seiersberg-Pirka
Austria
Web: www.famel.at
Phone: +43 (0)316 28 38 77
Email: [email protected]
Limited liability company (GmbH) with registered seat in Graz
Registered under FN 276368z at the Regional Court for Civil Matters Graz (Landesgericht für ZRS Graz)
VAT ID: ATU62484519
Managing Director: Alexander Lerch, MBA
Authorized Officer (Prokurist): Marianne Lerch
Types of Data Processed
Inventory data (e.g., master data, names, or addresses).
Contact data (e.g., email addresses, telephone numbers).
Content data (e.g., text entries, photographs, videos).
Usage data (e.g., visited websites, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
Purpose of Processing
Provision of the online offering, its functions and content.
Responding to contact requests and communicating with users.
Security measures.
Reach measurement / marketing.
Terminology Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant Legal Bases
Pursuant to Article 13 GDPR, we inform you of the legal bases for our data processing. For users within the scope of the GDPR, i.e., the EU and the EEA, the following applies if the legal basis is not explicitly stated in this Privacy Policy:
Legal basis for obtaining consent: Article 6(1)(a) and Article 7 GDPR.
Legal basis for processing to perform our services, contractual measures, and responding to enquiries: Article 6(1)(b) GDPR.
Legal basis for processing to comply with legal obligations: Article 6(1)(c) GDPR.
If vital interests require processing: Article 6(1)(d) GDPR.
Processing for tasks in the public interest / official authority: Article 6(1)(e) GDPR.
Processing to safeguard our legitimate interests: Article 6(1)(f) GDPR.
Processing for other purposes than those collected: Article 6(4) GDPR.
Processing of special categories of data: Article 9(2) GDPR (in accordance with Article 9(1) GDPR).
Security Measures
In accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, and the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to the data itself, input, disclosure, securing availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. We also consider the protection of personal data already in the development and selection of hardware, software and processes in accordance with the principles of data protection by design and by default.
Cooperation with Processors, Joint Controllers and Third Parties
If, within the scope of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transmit it to them or otherwise grant them access to the data, this is only carried out on the basis of a legal permission (e.g., if a transfer to third parties such as payment service providers is necessary for contract performance), user consent, a legal obligation, or our legitimate interests (e.g., use of agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies within our corporate group, this is carried out in particular for administrative purposes based on legitimate interests and otherwise on a legal basis complying with statutory requirements.
Transfers to Third Countries
If we process data in a third country (i.e., outside the EU/EEA or the Swiss Confederation), or if this occurs in the context of using third-party services or disclosing/transferring data to other persons or companies, this is only done if it is necessary to fulfil our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests.
Subject to statutory or contractual permissions, we process or have data processed in a third country only if the legal requirements are met, e.g., based on appropriate safeguards such as an officially recognised adequacy decision or the use of officially recognised contractual obligations.
Rights of Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to receive information about such data as well as further information and a copy of the data in accordance with legal requirements.
You have the right to request completion of data concerning you or correction of inaccurate data.
You have the right to request the immediate deletion of data concerning you, or alternatively, restriction of processing.
You have the right to receive the data concerning you which you have provided to us and to request its transmission to other controllers.
You also have the right to lodge a complaint with the competent supervisory authority.
Right to Withdraw Consent
You have the right to withdraw consent with effect for the future.
Right to Object
You may object to the future processing of your data at any time in accordance with legal requirements. The objection may particularly relate to processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
“Cookies” are small files stored on users’ devices. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device) during or after their visit within an online offering.
Temporary cookies (“session cookies” or “transient cookies”) are deleted after a user leaves an online offering and closes their browser. A shopping cart content or login status may be stored in such cookies.
“Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be saved when users return after several days. Interests may also be stored for reach measurement or marketing.
“Third-party cookies” are offered by providers other than the controller operating the online offering (otherwise these are “first-party cookies”).
We may use temporary and persistent cookies and provide information about this in this Privacy Policy.
If users do not want cookies stored on their device, they are asked to disable the relevant option in their browser settings. Stored cookies can be deleted via browser settings. Excluding cookies may lead to functional restrictions of this online offering.
A general objection to the use of cookies for online marketing purposes can be declared via the opt-out mechanisms offered by many services, especially in the case of tracking. Furthermore, cookies can be disabled via browser settings. Please note that not all functions of this online offering may then be available.
Deletion of Data
Data processed by us is deleted or restricted in accordance with legal requirements. Unless expressly stated in this Privacy Policy, data stored by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion.
If data is not deleted because it is required for other legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our Privacy Policy. We adapt the Privacy Policy as soon as changes to our data processing make this necessary. We will inform you as soon as changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Business-Related Processing
In addition, we process:
Contract data (e.g., subject matter, term, customer category).
Payment data (e.g., bank details, payment history).
from our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
Order Processing in the Online Shop and Customer Account
We process customer data in the context of ordering processes in our online shop to enable selection and ordering of products and services, as well as payment, delivery and/or performance.
Processed data includes inventory data, communication data, contract data and payment data. Data subjects are customers, interested parties and business partners. Processing serves contract performance within the operation of an online shop, invoicing, delivery and customer service. We use session cookies to store shopping cart contents and persistent cookies to store login status.
Processing is carried out to perform our services and contractual measures (e.g., order processing) and where legally required (e.g., statutory archiving of business transactions for commercial and tax purposes). Required information is necessary for establishing and fulfilling the contract. We disclose data to third parties only within delivery, payment, statutory permissions/obligations, or legitimate interests (e.g., legal/tax advisors, financial institutions, shipping companies, authorities).
Users may optionally create an account to view orders. During registration, required mandatory information is provided. Accounts are not public and cannot be indexed by search engines. If users terminate their account, the data will be deleted subject to statutory retention obligations. Users are responsible for securing their data before contract end. We are entitled to delete stored data after the contract term ends.
When using registration/login and the account, we store IP address and time of the user action. Storage is based on legitimate interests and user protection against misuse. Disclosure to third parties generally does not occur unless required to enforce legal claims or by law.
Deletion occurs after expiry of statutory warranty and other contractual rights/obligations (e.g., payment claims), with retention necessity reviewed every three years; for statutory archiving obligations deletion occurs after expiry.
Agency Services
We process customer data in the course of contractual services, including conceptual and strategic consulting, campaign planning, software/design development consulting, maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
We process inventory data, contact data, content data, contract data, payment data, usage data and metadata (e.g., for analysis and success measurement of marketing measures). Special categories of data are generally not processed unless part of commissioned processing. Data subjects include customers, prospective customers and their customers, users, website visitors, employees and third parties. Purposes include contract performance, billing and customer service. Legal bases: Article 6(1)(b) GDPR (contract), Article 6(1)(f) GDPR (analysis, statistics, optimisation, security). We process data required for the contract and point out necessity where not evident. Disclosure only where required for an assignment. For data provided by clients, we act under instructions and pursuant to Article 28 GDPR and do not process data beyond the commissioned purposes.
We delete data after expiry of statutory warranty and comparable obligations; retention necessity reviewed every three years; in the case of statutory archiving, deletion after expiry (6 years / 10 years as indicated in the German text).
Therapeutic Services and Coaching
We process data of our clients and interested parties and other principals/contracting partners (“clients”) pursuant to Article 6(1)(b) GDPR to provide contractual or pre-contractual services. The type, scope, purpose and necessity depend on the underlying contract. Data generally includes master data, contact data, contract data and payment data.
Within our services, we may process special categories of data pursuant to Article 9(1) GDPR (e.g., health data), subject to explicit consent where required or otherwise on the legal bases stated in the German text.
Disclosure/transfers may occur where necessary for contract performance, legally required, legitimate interests for efficient and cost-effective healthcare, vital interests, or consent, as set out in the German text.
Deletion occurs when data is no longer required for contractual/legal duties; retention necessity reviewed every three years; statutory retention obligations apply.
Contractual Services
We process data of our contractual partners and interested parties and other principals/customers/mandates/clients (“contractual partners”) pursuant to Article 6(1)(b) GDPR to provide contractual or pre-contractual services. Data includes master data, contact data, contract data and payment data. Special categories are generally not processed unless part of commissioned processing.
We process data required for contract performance and indicate necessity. Disclosure to external persons/companies only where required. For client-provided data, we act under instructions and statutory requirements.
When using our online services, we may store IP address and time of user actions, based on legitimate interests and protection against misuse; disclosure only where necessary to assert claims or where legally required.
Deletion occurs when no longer required for contractual/legal duties; retention necessity reviewed every three years; statutory retention obligations apply.
External Payment Service Providers
We use external payment service providers via whose platforms users and we can perform payment transactions. Processing is based on Article 6(1)(b) GDPR (contract performance) and otherwise Article 6(1)(f) GDPR (legitimate interests in effective and secure payment options).
Data processed by payment providers includes inventory data, bank data, passwords/TANs/checksums, contract and amount/recipient data. Data is required to perform transactions. We do not receive account or card details, only confirmation/negative information. Payment providers may transmit data to credit agencies for identity/credit checks. Terms and privacy notices of payment providers apply.
Administration, Accounting, Office Organisation, Contact Management
We process data for administrative tasks, organisation, accounting and compliance with legal obligations (e.g., archiving). Legal bases: Article 6(1)(c) and (f) GDPR. Data subjects: customers, interested parties, business partners, website visitors. Purposes: administration, accounting, office organisation, archiving.
We may disclose/transfer data to tax authorities, advisors (tax advisors/auditors), fee offices and payment providers.
We may also store supplier and business partner details for future contact based on business interests.
Business Analyses and Market Research
To operate economically and identify market trends and needs, we analyse data about business transactions, contracts and enquiries. Processing includes inventory, communication, contract, payment, usage and metadata based on Article 6(1)(f) GDPR. Data subjects include contractual partners, interested parties, customers, visitors and users.
Analyses serve business evaluations, marketing and market research, including potential profiling of registered users’ use of services. Analyses are internal and not disclosed externally unless anonymous/aggregated.
If analyses are personal, they are deleted or anonymised upon user termination; otherwise after two years from contract conclusion. Aggregated analyses are created anonymously where possible.
Participation in Affiliate Partner Programs
Within our online offering we use, based on legitimate interests (analysis, optimisation and economic operation), customary tracking measures insofar as required for affiliate system operation. Affiliate links may be placed on other websites; operators receive commission if users follow links and use offers.
To track whether users who clicked affiliate links subsequently used offers, affiliate links/offers may include values stored in the link or cookie (e.g., referrer, time, online identifiers, ad IDs, partner IDs, categorisations). Online identifiers are pseudonymous and are used to determine attribution; they may become personal when combined with other data held by partner companies.
Amazon Partner Program
We participate in the Amazon EU affiliate program based on legitimate interests under Article 6(1)(f) GDPR. Amazon uses cookies to track the origin of orders (e.g., recognising that a partner link was clicked and a product purchased). Further information is available in Amazon’s privacy notices.
Digistore24 Partner Program
We participate in Digistore24’s affiliate program based on legitimate interests under Article 6(1)(f) GDPR. Digistore24 uses cookies to track contract conclusion attribution. Further information is available in Digistore24’s privacy notices.
Data Protection Information in the Application Process
We process applicant data solely for recruitment purposes and within the application process in compliance with legal requirements. Processing is based on Article 6(1)(b) GDPR and Article 6(1)(f) GDPR; additional national rules may apply as indicated in the German text.
Applicants must provide the necessary data (personal data, addresses, application documents). Additional voluntary information may be provided. If special categories of data are provided, processing occurs under the additional legal bases stated in the German text.
If an online form is available, data is transmitted encrypted. Applications via email are possible but generally not encrypted; applicants are responsible for encryption. Postal submission remains possible.
Applicant data is deleted after the process ends; if withdrawn, deleted accordingly. Deletion may occur after six months for documentation obligations; expense invoices may be archived under tax rules.
Registration Function
Users may create an account. Required information is processed pursuant to Article 6(1)(b) GDPR for account provision. Data includes login information (name, password, email). Data is used for account purposes.
We may inform users by email about relevant account information (e.g., technical changes). Upon termination, data is deleted subject to retention obligations. Users should secure their data before termination. We may delete stored data after contract duration.
We store IP address and time of user actions during registration/login/account use based on legitimate interests and protection against misuse. IP addresses are anonymised or deleted after 7 days.
Contact
When contacting us (e.g., via contact form, email, phone or social media), user details are processed to handle the request pursuant to Article 6(1)(b) GDPR (contractual/pre-contractual relationships) and Article 6(1)(f) GDPR (other enquiries). User information may be stored in a CRM system or comparable organisation system.
We delete enquiries when no longer required. We review necessity every two years; statutory archiving obligations apply.
Newsletter
We provide information about newsletter contents, subscription, dispatch and statistical evaluation, and your rights to object. By subscribing you agree to the described procedures.
Newsletter dispatch occurs only with consent or legal permission. Double opt-in is used and logged (subscription time, confirmation time, IP address). Subscription requires email address; optionally name.
Dispatch and success measurement are based on consent pursuant to Article 6(1)(a) GDPR, Article 7 GDPR and relevant national rules, or otherwise on legitimate interests.
A withdrawal/cancellation is possible at any time via the link in each newsletter. We may retain unsubscribed email addresses for up to three years for evidence purposes, restricted to defence of claims; deletion requests are possible.
Newsletter service provider: The German text contains placeholders ([NAME], [ADDRESS], [LINK]) which must be completed before publishing.
Success measurement: Newsletters may contain a web beacon (tracking pixel) to measure opens and clicks for statistical purposes; an isolated revocation of success measurement is not possible—subscription must be cancelled.
Hosting and Email Dispatch
Hosting services provide infrastructure, storage, databases, email dispatch, security and maintenance for operating the online offering. We and/or our hosting provider process data of customers, interested parties and visitors based on legitimate interests under Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (data processing agreement).
Collection of Access Data and Log Files
We and/or our hosting provider collect server log files for each server access based on legitimate interests (Article 6(1)(f) GDPR). Access data includes requested page/file, date/time, volume, status, browser type/version, OS, referrer URL, IP address, and requesting provider.
Log file information is stored for security reasons (e.g., investigation of misuse/fraud) for up to 7 days, then deleted. Data required for evidence is excluded until final clarification.
Google Analytics
We use Google Analytics, a web analytics service of Google LLC, based on legitimate interests under Article 6(1)(f) GDPR. Google uses cookies; information may be transferred to servers in the USA.
We use Google Analytics with IP anonymisation (truncation within the EU/EEA; only exceptionally full IP transmitted to the USA and then truncated). The IP address is not merged with other Google data. Users can prevent cookie storage via browser settings and can prevent Google tracking via browser add-on.
Personal data is deleted or anonymised after 14 months.
Google AdSense with Personalised Ads
We use Google AdSense based on legitimate interests under Article 6(1)(f) GDPR. Usage data (e.g., ad clicks) and IP address are processed pseudonymously (IP truncated). With personalised ads, Google may infer interests based on visited websites/apps for ad targeting. Users can adjust ad personalisation settings.
Facebook Pixel, Custom Audiences and Conversion
Based on legitimate interests in analysis, optimisation and economic operation, we use the Facebook Pixel. Facebook can identify website visitors as an audience for ads and measure ad effectiveness (conversion). Processing is subject to Facebook’s data policies; users can adjust ad settings and opt out via relevant mechanisms.
Source Note
Created with Datenschutz-Generator.de by attorney Dr. Thomas Schwenke.
© 2026 - Legal Notice | Privacy Policy