About Us
Core Competencies
Current Topics
News
Career
Contact
DE
EN
Mercilessly pragmatic.
Strategies that work.
About Us
Our Team
Vision
Mission
Values
Locations
Core Competencies
Strategy
Organization
Leadership
Digitale Transformation
Change Management
Current Topics
Generation Management & Diversity
Intelligentes Sparen
News
Career
Open postions
Benefits
Contact
Data Privacy
Data Controller

Die Umsetzer GmbH

Management Consultancy

Haus am Schottentor

Heßgasse 3 / TOP 25

office@dieumsetzer.com

A-1010 Vienna

General

The protection of your personal data is of particular importance to us. We process your data exclusively in accordance with the applicable data protection regulations, in particular the GDPR and the relevant telecommunications regulations.

This privacy policy informs you about which personal data is processed when you visit and use our website, for what purposes this is done, the legal basis on which the processing is based, and what rights you have.

Contacting Die Umsetzer

If you contact us by email or via the contact form, we process the data you provide to handle your enquiry and for any follow-up questions.

 

The following information is collected via the contact form:

 

  • Name
  • Email address
  • Subject
  • Free-text message

 

Messages submitted via the contact form are sent by email to office@dieumsetzer.com. In addition, the enquiries are stored in the CMS used.

 

Data processing is carried out for the purpose of taking pre-contractual measures or handling your enquiry in accordance with Article 6(1)(b) of the GDPR and additionally based on our legitimate interest in orderly communication and documentation in accordance with Article 6(1)(f) of the GDPR.

 

Please note that the transmission of content via email may involve risks despite transport encryption and that sensitive information should therefore not be transmitted in this way.

 

According to the information available, no automated deletion is currently in place for contact enquiries. Data may therefore be stored in the CMS and in connected email systems until further notice, provided that no manual deletion is carried out and there are no conflicting statutory retention obligations.

Data retention

Generally, we only store personal data for as long as is necessary for the respective purposes or as required by statutory retention obligations.

 

The following guidelines apply to individual processing operations:

 

  • Server log files on Vercel: generally, three days
  • Server log files on DigitalOcean: typically, around three to seven days, depending on file size
  • Google Analytics: 14 months, in accordance with the data processor’s privacy policy
  • Contact enquiries via form/CMS and email: currently no automated deletion period

 

Where required by statutory retention obligations or for the establishment, exercise or defense of legal claims, data may be retained for a longer period.

Cookies

Our website uses cookies and similar technologies. These are small text files or technically similar storage mechanisms that are stored on or read from your device.

 

Depending on your consent, the following cookies are used:

 

  • _ga: Google Analytics analytics cookie
  • cookies-configured: Storage of your cookie consent selection
  • cookies-marketing: Storage of your selection for the marketing category
  • cookies-statistics: Storage of your selection for the statistics category

 

Technically necessary cookies are stored based on our legitimate interest in a functional and user-friendly website. Where analytics cookies or other non-essential technologies are used, this is done exclusively based on your consent in accordance with Article 6(1)(a) of the GDPR, in conjunction with the relevant provisions governing the storage and retrieval of information on end devices.

 

Consent management is not implemented via an external consent management tool, but is carried out directly on our platform.

Use of analytics tools

This website uses analytics tools.

 

Google Analytics

 

We use Google Analytics, a web analytics service provided by Google. The provider within the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In connection with this service, personal data may be transferred to Google LLC in the USA. Processing takes place exclusively based on your consent. Further information regarding the scope of processing, recipients and international data transfers should also be taken into account in Google’s information.

 

Plausible

 

Plausible is also used as an analytics tool. Insofar as personal data or device information is processed in this context, this is also carried out only to the extent permitted by law and – where necessary – based on your consent.

Analytical and statistical processing does not take place unless valid consent has been given or the respective service is technically configured in such a way that no processing requiring consent takes place.

CAPTCHA

Google reCAPTCHA is used to protect forms from unauthorized automated use. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; data processing by Google LLC in the USA cannot be ruled out.

 

When using reCAPTCHA, the following data in particular may be processed: IP address, referrer URL, information about user behavior, browser and device settings, language settings, and other data required by Google for bot detection.

 

This is carried out based on our legitimate interest in securing our website and preventing abusive automated input in accordance with Article 6(1)(f) of the GDPR. Where consent is required for specific technical elements, processing is additionally carried out based on your consent.

Server log files

Our website is technically operated in a shared hosting and delivery environment. The backend and CMS are hosted by DigitalOcean, whilst the frontend is hosted by Vercel. According to the information available, the servers are located in Frankfurt am Main, Germany.

 

Server log files are processed as part of the operation of the website. This involves, in particular, standard network and access logs, such as IP address, date and time of access, requested resource, technical information about the browser and operating system, referrer information, and host and status data.

 

This data is processed to ensure technical operation, system security, error analysis, detection of misuse and defence against attacks based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR.

 

According to the information available, the retention period at Vercel is generally three days. DigitalOcean does not have purely time-based retention periods; data is retained there based on file size, with current experience indicating a typical retention period of approximately three to seven days.

 

The hosting providers used may, within the scope of their technical and administrative access rights, theoretically gain access to personal data to the extent necessary for operation, maintenance, support or security measures.

SSL encryption

We employ technical and organisational security measures to protect personal data against accidental or deliberate manipulation, loss, destruction or unauthorised access by third parties. This includes, in particular, the encrypted transmission of the website via HTTPS or TLS, depending on the specific system configuration used.

Google Maps API

The Google Maps API is used on the website to display map content. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When maps are integrated, your IP address and technical usage data in particular may be transmitted to Google; transmission to Google LLC in the USA cannot be ruled out either.

 

The integration is carried out for the user-friendly display of locations and directions based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Insofar as map content or associated technologies are only loaded with your consent, processing is carried out based on your consent pursuant to Article 6(1)(a) of the GDPR.

Data transfers to third countries

Where Google services are used, or where external providers maintain group or support structures outside the European Economic Area, the transfer of personal data to third countries, in particular to the USA, cannot be ruled out.

 

Such transfers take place – where necessary – based on appropriate safeguards within the meaning of Articles 44 et seq. of the GDPR, for example on the based onrd contractual clauses or other permissible transfer mechanisms.

Your rights

In accordance with the statutory provisions, you have, in particular, the right to access, rectification, erasure, restriction of processing, data portability, objection and – in the case of processing based on consent – the right to withdraw consent with effect for the future.

 

If you believe that the processing of your personal data infringes data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with the competent supervisory authority.

 

In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

Data processors

Recipients of personal data may include technical and organizational service providers whose services are required for the operation, provision, security, communication or analysis of the website. These include, in particular, hosting and infrastructure providers, analytics service providers, Google services, the CMS used, and email systems.

 

Where external service providers process personal data on our behalf, they are, where legally required, engaged as data processors based on a corresponding contract for commissioned data processing in accordance with Article 28 of the GDPR.

Legal Notice:

This document is an English translation of the original German version and is provided for convenience only. Only the German version constitutes the legally binding and authoritative document. In the event of any conflict, ambiguity, discrepancy, or inconsistency between the English translation and the German original, the German original shall exclusively prevail.

 

Last updated: April 2026