Schmut/Weiss Logo

Privacy Policy

Last updated: 28 August 2025

This Privacy Policy explains how SCHMUT/WEISS GmbH in the following SCHMUT/WEISS, we, us, our processes personal data in connection with the website https://schmutweiss.com in the following Website and related online services. We process personal data only in accordance with the EU General Data Protection Regulation GDPR, the Austrian Data Protection Act DSG, and for cookies and similar technologies the Austrian Telecommunications Act 2021 TKG 2021. Using our Website is generally possible without registration. Where we process personal data, we do so only as necessary, lawfully, transparently, and for specified purposes.

1) Controller and contact

Controller within the meaning of Art. 4 para. 7 GDPR
SCHMUT/WEISS GmbH
Sieveringer Straße 9/13
1190 Vienna
Austria
Company register number and competent court to be added
Email: office@schmutweiss.com
Supervisory authority
You have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 to 42, 1030 Vienna, dsb@dsb.gv.at, www.dsb.gv.at.

2) Scope

This Privacy Policy applies when you

  • visit or interact with our Website
  • contact us for example by email
  • book appointments or conduct online meetings via third party services
  • make or receive payments via third party payment services

Processing performed independently by third party websites or platforms that you access via links on our Website is not covered. Once you click such links, the terms and privacy notices of the respective third party apply.

3) Key definitions

Personal data means any information relating to an identified or identifiable natural person.
Processing means any operation performed on personal data such as collection storage transmission or erasure.
Controller and processor have the meanings set out in Art. 4 paras. 7 and 8 GDPR.
Consent means a freely given informed and unambiguous indication under Art. 4 para. 11 GDPR.
Cookies and similar technologies are information stored on or read from your device. Details are set out in section 8.

4) Categories of data purposes and legal bases

4.1 Visiting the Website and server logs

Data
IP address date and time of access requested URL HTTP status code referrer URL user agent and where applicable truncated or anonymised IP

Purposes
Technical delivery of the Website stability security prevention of abuse troubleshooting

Legal bases
Legitimate interests under Art. 6 para. 1 lit. f GDPR in a secure and stable operation and section 165 para. 3 TKG 2021 for strictly necessary storage or access

4.2 Essential cookies and local storage

Data
Session identifiers security tokens and settings that are strictly necessary for core functionality

Purposes
Core functions such as navigation session continuity and security

Legal bases
Legitimate interests under Art. 6 para. 1 lit. f GDPR and section 165 para. 3 TKG 2021
Note
We do not set analytics or marketing cookies by default

4.3 Contacting us

Data
Contact details such as name email and where applicable phone number as well as the content and metadata of your message

Purposes
Handling your inquiry correspondence documentation pre contract communication

Legal bases
Art. 6 para. 1 lit. b GDPR for inquiries that are preparatory to or part of a contract otherwise Art. 6 para. 1 lit. f GDPR based on our interest in efficient communication

4.4 Appointment scheduling and online meetings

Services
Calendly Microsoft Teams Google Meet

Data
Name email chosen date and time optional notes and technical data captured by the respective provider

Purposes
Planning coordination and conduct of appointments and online meetings

Legal bases
Art. 6 para. 1 lit. b GDPR for pre contract or contract purposes and additionally Art. 6 para. 1 lit. f GDPR for our interest in efficient coordination

Role understanding
Depending on the situation these services act in part as independent controllers for their own purposes and in part as processors. Please review their privacy notices
Microsoft Teams
https://privacy.microsoft.com/
Google Meet
https://policies.google.com/privacy
Calendly
https://calendly.com/privacy

4.5 Project and work organisation

Service
ClickUp

Data
Contact and project data necessary for collaboration for example name email project related content and activity logs within the tool

Purposes
Project management task management internal and external coordination

Legal bases
Art. 6 para. 1 lit. b GDPR where contract related otherwise Art. 6 para. 1 lit. f GDPR

Role understanding
Depending on processing ClickUp may act as an independent controller or as our processor
Privacy notice
https://clickup.com/privacy

4.6 Payments

Service
Stripe

Data
Payment identifiers transaction data and where applicable billing master data. Card data is processed exclusively by Stripe

Purposes
Payment processing fraud prevention fulfilment of statutory retention and compliance obligations

Legal bases
Art. 6 para. 1 lit. b GDPR for contract performance and Art. 6 para. 1 lit. c GDPR for legal obligations

Role understanding
Stripe acts in part as an independent controller for example for compliance and fraud prevention and in part as a processor
Privacy notice
https://stripe.com/privacy

4.7 Optional communications

Data
Email address and preferences but only if you actively subscribe or request this

Purposes
Sending requested information and managing subscription and unsubscription

Legal bases
Art. 6 para. 1 lit. a GDPR. You may withdraw consent at any time with effect for the future

Note on special categories
We do not knowingly process special categories of personal data within the meaning of Art. 9 GDPR via the Website

5) Recipients and categories of recipients

We disclose personal data only as necessary

  • IT hosting and infrastructure for secure operation of the Website
  • Email hosting
  • Microsoft Teams Google Meet and Calendly for scheduling and communication
  • ClickUp for project and task management
  • Stripe for payment processing
  • External advisors such as tax or legal professionals where required
  • Public authorities and courts where legally required or to establish exercise or defend legal claims

We conclude data processing agreements with processors in accordance with Art. 28 GDPR. Third party providers may act as independent controllers for their own purposes. Please review their privacy notices.

6) International data transfers

Where recipients are located outside the EEA we ensure an adequate level of protection. This may be based on a European Commission adequacy decision or on EU Standard Contractual Clauses and where necessary additional measures. We will provide a summary of the relevant safeguards upon request.

7) Retention periods

We store personal data only for as long as necessary for the purposes described or as required by law. Relevant criteria include statutory retention duties limitation periods and operational necessity.

  • Server logs are usually kept for 7 to 30 days. Longer retention is possible when investigating security incidents
  • Inquiries and correspondence are kept for the duration of handling and usually 6 to 24 months for documentation. Longer retention is possible where legal claims arise
  • Contract payment and business records are retained in line with commercial and tax law in Austria generally 7 years
  • Consent based communications are kept until withdrawal or until the service ends

Where data is no longer required we delete or anonymise it.

8) Cookies and similar technologies

8.1 General information

We use cookies and comparable technologies such as local storage and pixels on our website. These technologies can read information from or store information on your terminal device. Under Section 165 (3) of the Austrian Telecommunications Act 2021, such storage or access generally requires your prior consent, unless it is strictly necessary in order to provide the expressly requested service “website”.

Without your consent we only use cookies and storage technologies that are technically necessary. Analytics and marketing technologies are only activated after you have given your consent via our consent banner.

Legal bases Article 6 (1) (f) GDPR in conjunction with Section 165 (3) TKG 2021 for technically necessary cookies Article 6 (1) (a) GDPR in conjunction with Section 165 (3) TKG 2021 for optional cookies and comparable technologies based on your consent

8.2 Categories of cookies and technologies

Technically necessary cookies These cookies and local storage entries are required for our website to function properly. They include security-related cookies, session identifiers, consent settings and similar technical entries. Without these technologies, our website cannot be provided without errors. You may disable them in your browser, but some parts of the website may no longer work correctly.

Statistics and performance technologies These technologies help us understand how visitors use our website, for example which pages are accessed and how often. We only use them if you have given your prior consent. Data is processed mainly in a pseudonymous form and is used to improve our website.

Marketing and personalisation technologies These technologies are used to provide users with targeted content or advertising, to measure the success of campaigns and to enable interest-based offers. Pseudonymous profiles may be created and combined with information from other sources. These technologies are only activated if you have consented.

8.3 Consent management (consent banner)

We use a consent management tool to record, store and manage your consents and preferences. For this purpose, in particular your selection of cookie categories, a technical identifier, timestamps and, where applicable, truncated IP addresses are processed. This data is required in order to document your consent decision and to technically implement it.

Legal bases Article 6 (1) (c) GDPR to comply with legal obligations under the GDPR and TKG 2021, insofar as we must be able to demonstrate valid consent Article 6 (1) (f) GDPR for our legitimate interest in legally compliant and user-friendly consent management

You can change your settings at any time via the cookie settings linked in the footer of our website or by deleting the respective cookies in your browser.

8.4 Google Tag Manager

We use the “Google Tag Manager” service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tag management system that allows us to manage website scripts (“tags”) and to integrate other tools, such as Google Ads, on our website.

According to Google, Google Tag Manager itself does not set cookies. However, it may transmit certain technical data such as IP address and browser information to Google and controls the loading and triggering of additional tags. The type and scope of data processed by the tools implemented via Google Tag Manager are described in the respective sections of this privacy notice.

Google Tag Manager is only loaded after you have given your consent to the relevant categories (in particular statistics and marketing) in our consent banner. Without consent, no tags for analytics or marketing purposes will be triggered.

Legal basis Article 6 (1) (a) GDPR in conjunction with Section 165 (3) TKG 2021 (consent)

Data transfers to third countries In connection with Google Tag Manager, personal data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified under the EU US Data Privacy Framework. In addition, Google may rely on other appropriate safeguards such as Standard Contractual Clauses. Further information is available in Google’s privacy information and in Section 6 of this privacy notice.

8.5 Google Ads conversion tracking and marketing features

We use Google Ads, an online advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads we use, in particular, conversion tracking and, where configured, additional marketing features.

Conversion tracking If you reach our website via a Google ad, Google places a cookie or a similar technology on your device in order to measure whether certain actions defined by us (so-called conversions) take place. This allows us to see how many users reach our website via our ads and which campaigns lead to contact requests or other objectives. We receive only statistical reports from Google and no information that would allow us to identify you directly.

Marketing features Depending on our configuration, Google Ads may also be used for marketing and remarketing purposes. In this context, data on your use of our website can be used to assign users to target groups and to serve interest-based ads to them on other websites within the Google advertising network. If you have a Google account and have activated corresponding settings, Google may combine data from different services.

Legal basis We only use Google Ads conversion tracking and marketing features if you have consented to the use of marketing technologies via our consent banner. The legal basis is your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 165 (3) TKG 2021.

Data transfers to third countries Processing is carried out primarily by Google Ireland Limited. However, personal data may also be transferred to Google LLC in the United States. Google LLC is certified under the EU US Data Privacy Framework. In addition, Google may use further appropriate safeguards such as Standard Contractual Clauses. For more details on international data transfers, please refer to Section 6 and Google’s privacy information.

Storage period Google Ads cookies usually have a limited lifetime, typically between 30 days and up to 13 months. You can find the concrete lifetimes in our consent banner and in Google’s cookie information.

Opt-out and withdrawal options You can withdraw your consent at any time with effect for the future by adjusting your preferences in the cookie settings on our website. In addition, you can deactivate personalised advertising within the Google advertising network in the Google ad settings and delete or block cookies via your browser settings.

8.6 Managing cookies in your browser

You can configure your browser so that you are informed when cookies are set, only allow cookies in individual cases, exclude the acceptance of cookies for certain cases, enable automatic deletion of cookies when closing the browser or generally block cookies. You can delete cookies that have already been stored at any time.

Please note that disabling or restricting cookies may affect the functionality of our website. Technically necessary cookies remain required so that the website can function correctly.

9) Security and technical and organisational measures

We protect personal data with appropriate technical and organisational measures

  • TLS encryption in transit
  • strict access controls based on the need to know principle
  • secure configuration regular updates and monitoring
  • backups and recovery procedures
  • logging and incident response processes
  • data minimisation and privacy by design and by default

Despite these measures no internet transmission can be completely secure. We continuously improve our security processes.

10) Your rights

Subject to the legal conditions you have the following rights

  • right of access Art. 15 GDPR
  • right to rectification Art. 16 GDPR
  • right to erasure Art. 17 GDPR
  • right to restriction of processing Art. 18 GDPR
  • right to data portability Art. 20 GDPR
  • right to object Art. 21 GDPR to processing based on legitimate interests. We will then stop processing unless we demonstrate compelling legitimate grounds
  • right to withdraw consent Art. 7 para. 3 GDPR with effect for the future
  • no solely automated decisions producing legal effects. We do not conduct such profiling

To exercise your rights contact office@schmutweiss.com. We may request a suitable proof of identity. You also have the right to lodge a complaint with the Austrian Data Protection Authority.

11) Third party links and social media

Our Website may contain links to third party providers for example LinkedIn. After clicking such links the terms and privacy notices of the respective providers apply. These providers process data under their own responsibility.

12) Children

Our Website is not directed at children. For information society services in Austria a minimum age of 14 years generally applies. If we become aware that we have inadvertently collected data from children we will delete it.

13) Business transfers and legal disclosures

We may transfer personal data in the context of corporate transactions such as mergers acquisitions or asset deals. We may also disclose data where required to fulfil legal obligations to respond to lawful requests from authorities or to establish exercise or defend legal claims.

14) Roles and services in overview

We use the following services in and around the Website. Depending on the configuration they may act as processors or as independent controllers

15) Necessity of provision

For contacting us booking appointments online meetings or payments certain information is required. Without such information we may be unable to process inquiries or provide services.

16) Changes to this Privacy Policy

We may amend this Privacy Policy if our processing activities or the legal framework changes. The version published on this page applies. The date under Last updated is decisive.

17) Contact

For questions or concerns regarding privacy please contact
SCHMUT/WEISS GmbH
Sieveringer Straße 9/13
1190 Vienna
Austria
office@schmutweiss.com

18) Version and scope

Document owner SCHMUT/WEISS GmbH
Effective from 28 August 2025
Scope https://schmutweiss.com including related sub pages