Data Pro­tection

1. Data processing controller

The controller, as defined in Art. 4(7) of the General Data Protection Regulation (GDPR), is

ZWT, Eingang A, 3. OG
Neue Stiftingtalstrasse 2
A-8010 Graz

Phone: +43316228272

Fax: +4331622827215


Central data protection officer: Dr. Martin Funk

2. Processing of the data of individuals connected to our business

We process the data that diverse groups of people have provided to us themselves, for example through emailing us with an enquiry, or through entering into a contract or a business relationship. We also process the data of people who attend events or seminars.

2.1 Data subjects

We process the following data related to prospective customers: company name, contact person’s name and work-related contact data, address.

We process the following data related to customers: company name, title and name of the contact persons, work-related address and contact data, bank details, contract information, including data related to creditworthiness.

We process the following data related to suppliers and business partners: company name, title and name of the contact persons, work-related address and contact data, bank details, contract information.

2.2 Transfer of data

We only pass personal data on to third parties if this is for the purpose of processing and fulfilling a contract, or as a result of statutory requirements.

2.3 Data retention/erasure

The data will be deleted by us as soon as there is no longer a requirement for us to store it, or statutory retention periods – e.g. for VAT-related purposes – have expired. Should the basis for processing constitute consent, we will restrict processing or delete the data if this consent is revoked – unless statutory provisions preclude this.

2.4 Communicating by email

If you contact us by email, the data you provide us with will be stored on the basis that you have consented to this, so that we can answer your enquiry. The data arising out of this exchange will be deleted by us once there is no longer a requirement to process it; or we will restrict its processing if we have to observe a statutory retention period.

2.5 Basis in law

The basis in law for the processing of data is

  • establishment of a contract and contract performance, in accordance with Art. 6(1)(b) GDPR
  • compliance with legal obligations, in accordance with Art. 6(1)(c) GDPR (for example, legally required retention and documentation obligations)
  • legitimate interest on the part of our company, within the meaning of Art. 6(1)(f) GDPR (e.g. for statistical analysis)
  • Art. 6(1)(a) GDPR applies where consent has been obtained (e.g. using images, or data for advertising purposes).

3. Data processing if contact is established via our website, newsletter or a job application

3.1 Establishing contact

If you have used the form on our website to request that we contact you or to send us a message, we will store the data relating to you that is required for communications. This will be your first name and surname, your email address, telephone number and any data you give us in the contact form. The data will be deleted by us as soon as there is no longer a requirement for us to store it or you withdraw your consent to processing.

Legal basis: Art. 6(1)(a) GDPR

3.2 Newsletter

You have the option to subscribe to our newsletter. We need your email address for this. You can cancel the newsletter at any time. Once we have received your cancellation notice, we will no longer use your data for sending out newsletters. If we do not have any form of business relationship with you and we do not have to observe a statutory retention period, your data will be deleted when you cancel the newsletter.

Legal basis: Art. 6(1)(a) GDPR

3.3 Job applicants

If you send us documents supporting a job application, we will process the personal data contained in them along with your curriculum vitae and your references for the purposes of selecting a person for the job. If we do not offer you the job, we will delete your documents 7 months from the date we inform you that you have not been selected.

Legal basis: Art. 6(1)(b) GDPR

If you consent to us holding your information on file for possible contact at a later point, we will send you a formal request to give us your consent. If you explicitly give us this consent, we will store your consent. If no further job opportunities arise within a year, we will delete all your job application data one year from the date you sent us your consent.

Legal basis: Art. 6(1)(a) GDPR

4. Data processed when visiting our website

4.1 Use of the website for information purposes

If you use our website purely for information purposes, we will only capture the personal data transmitted from your browser to our server. If you wish to look at our website, we will capture no more than that data which we require technically to display our website to you and to ensure its stability and security.

  • IP address
  • Date and time of the query
  • Time zone difference to Coordinated Universal Time (UTC)
  • Query content (specific pages)
  • Access status/HTTP status code
  • Website from which the query originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

Legal basis: Art. 6(1)(f) GDPR

4.2 Cookies

In addition to the abovementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive; and which provide certain information back to the site which set the cookie (in this case, ours). Cookies cannot run programs or transmit viruses to your computer.

The cookie allows you to be recognised when you revisit the website, without you having to re-enter data already entered.

The information contained in the cookies is used, for instance, to determine whether you are logged in, or what data you have already entered, or to recognise you as a user if a link is established between our web server and your browser. Cookies are automatically accepted by most web browsers.

If your browser settings accept cookies, by using our websites you agree to the deployment of these cookies.

4.2.1 Transient cookies

Transient cookies are automatically deleted when you close the browser. This type of cookie includes, in particular, session cookies. These store a so-called session ID, which allows it to assign various queries from your browser to the session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you logout or close the browser.

4.2.2 Persistent cookies

Persistent cookies are automatically deleted after a specified period of time which can vary according to the cookie deployed. You can delete these cookies in your browser’s security settings at any time.

4.2.3 Third-party cookies

These come from providers other than the website operator. They can be used, for instance, to collect information for marketing purposes, user-defined content and web statistics.

4.2.4 Browsers

Most browsers are set to accept all cookies as standard. You can set your browser to inform you when cookies are being set and to allow cookies only on an individual basis; to stop cookies being set for specific cases or, indeed, generally; and to automatically delete cookies when you close the browser. If cookies are deactivated, this can restrict the functionality of our website.

You yourself can delete any cookies stored on your PC at any time, by deleting temporary internet files.

Legal basis: Art. 6(1)(f) GDPR (in the case of technical cookies), Art. 6(1)(a) GDPR (for all other cookies)

4.3 Data processing in the USA

When you visit our website, it cannot be precluded that personal data will be transmitted to the USA. Where this is the case, we point this out separately in this Privacy Statement.

In order to transmit personal data to a third country or an international organisation, Art. 46 GDPR specifies that so-called appropriate safeguards must be provided. These do not exist for the USA.

Possible risks which, in conjunction with the aforementioned information, cannot be precluded for you as a data subject at this time, include in particular:

  • Your personal data could possibly be transmitted, for purposes over and above those required for the actual intended transaction, by the service provider in question to other third parties (e.g. to US public authorities).
  • You might not be able to assert or enforce your rights to be informed by the service provider in question.
  • There is potentially a higher probability that data might not be correctly processed, as the technical and organisational measures in place to protect personal data do not fully meet the requirements of the GDPR, both quantitatively and qualitatively.

By giving your consent to have (advertising and marketing) cookies processed, you are consenting explicitly to your data being transferred to the USA. You can delete any cookies stored on your PC at any time, by deleting temporary internet files.

Legal basis: Art. 6(1)(a) GDPR

5. Data Protection Information

The protection of your personal data is especially important to us. We, therefore, exclusively process your data based on legal regulations (GDPR, TCA 2003). The purpose of this data protection information is to inform you of the most important aspects of data processing within the context of our website.

6. Contact support

When you contact us via the website form or email, your provided data (first name, last name, company, email address) must be saved for the purpose of processing the request and in case of follow-up questions since it would otherwise not be possible to process your contact request.


The processing of your data is performed exclusively based on legal regulations, contractual agreements or consent.


If we have already engaged in joint activities such as scientific cooperation or projects, data processing is only performed to the required extent or for the purpose of safeguarding the legitimate interests of contractual partners based on a legal or contractual basis.


Your data is processed until revocation, the failure to establish a business relationship or in case of legal or contractual requirements.


We are not permitted to send information including periodic publications such as newsletters if you have not submitted your consent to the mailing of information.

7. Data protection in research projects

We look forward to you participating in our research projects and thereby contributing to the expansion of human knowledge. EVOMEDIS carries out the processing of research data on the basis of the Austrian and European data protection laws and also on the legal basis of Section 1 of the Austrian Research Organization Act (Forschungsorganisationsgesetz, FOG) in conjunction with Art. 89 Para. 1 GDPR.

8. Data processing when using Hotjar

We use Hotjar, a suite of analytics software provided by Hotjar Ltd. (“Hotjar”) (, Malta, Europe), in order to better understand our users’ needs and to optimise the offerings on this website. With the aid of Hotjar’s technology we gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, what links they click on, what they like and what they don’t like, etc.), and this helps us to align our offerings to the feedback from our users. Hotjar works with cookies and other technologies to collect information about user behaviour and their devices (in particular, the IP address of the device (this is captured and stored in anonymised form only), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for viewing our website). Hotjar stores this information in a pseudonymised user profile. The information is not used by either Hotjar or us to identify individual users or to merge data with other data held on individual users. You can find out more in Hotjar’s Privacy Statement. You can prevent Hotjar from capturing this data by clicking on this link and following the instructions shown: (link to the aforementioned Privacy Statement)

Legal basis: Art. 6(1)(a) GDPR

9. Data processing with Google services

We have a contract with Google Ireland Limited (“Google”), which is a company registered (company register no. 368047) in Ireland and operating under Irish law. The company’s registered office is at Gordon House, Barrow Street, Dublin 4, Ireland. It is nevertheless possible that data from Europe will be relayed to the USA – as a company, we have no influence on this.

Using this service causes personal data to be transmitted to the USA – or, at least, it cannot be precluded that such transmission occurs! – For more information, please see 4.3. of this Statement.

Legal basis: Art. 6(1)(a) GDPR

9.1 Google Analytics

This website uses the “activation of IP anonymization” function (that means, Google Analytics has been enhanced with the code “gat._anonymizeIp();”, which causes IP addresses to be captured anonymously (so-called IP masking)). As a result, your IP address is truncated by Google in member states of the European Union or in states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there.

Google states that it uses the information gleaned in order to analyse your use of the website, compile reports on website activity and provide us with further services linked to website and internet usage. The IP address relayed by your browser and captured by Google Analytics is not amalgamated with other data from Google. Google will, however, pass this information on to third parties in certain circumstances if this is a statutory requirement or where third parties process the data for Google. You can prevent the cookies being stored by adjusting the relevant setting in your browser software. However, we should point out to you that if you do, you may not be able to use all the features of the websites to the full. Furthermore, you can prevent Google from capturing the data relating to your usage of the websites that is generated by the cookie (including your anonymised IP address) and from processing this data by downloading and installing the browser plug-in available through this link (

You will find more detailed information about the terms and conditions of use and about data protection at and

9.2 Google Analytics Conversion Tracking (Google Ads)

This website also uses the Google Conversion Tracking facility. This causes Google Ads to set a cookie on your computer if you came to our website via an advert on Google. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages on an Ads customer’s website and the cookie has not yet expired, Google and the customer can see that the user clicked on the advert and was taken to this page. Every Ads customer receives a different cookie. Cookies can therefore not be tracked and monitored across the websites of Ads customers. The information obtained with the aid of the conversion cookies is used to compile conversion statistics for Ads customers who have signed up for conversion tracking. The Ads customers find out the total number of users who clicked on their advert and were taken to a page which has a conversion tracking tag on it. But they do not receive any information allowing them to identify users personally. If you do not want to be part of the tracking process, you can reject having the required cookie set on your device – for example, through the browser setting that deactivates the setting of cookies in general. You can also deactivate conversion tracking cookies by changing your browser settings to block cookies from the domain “”. Google’s data protection guidance can be found here.


If you use SSL search, Google’s encrypted search function, in most cases the search keywords will not be sent as part of the URL in the referrer URL. There are, however, a few exceptions to this – for example, if you use certain less popular browsers. You can find further information on SSL searches here. Search requests or information in the referrer URL can, in certain circumstances, also be viewed in Google Analytics or an Application Programming Interface (API). Additionally, advertisers may possibly receive information on the exact search keywords used that led to users clicking on an advert.

9.3 Google Fonts

We use Google Fonts. There is no authentication involved in using Google Fonts and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account information is relayed to Google whilst using Google Fonts. Google only records that CSS has been used and which fonts were used, and stores this data securely. More information on this and the answers to other questions can be found here:

You can find out what data is captured by Google and what it is used for here:

9.4 Google APIS/AJAX and JQUERY

In order to optimise loading speed, usability and indexing of our website, we use JavaScript technologies and the corresponding program libraries and CDNs (Content Delivery Networks) provided by third-party suppliers – specifically, the jQuery JavaScript library from the jQuery Foundation, the Google APIs programming interface and the Google AJAX Search API, both from Google. When you visit our website, these third-party suppliers may receive information about your visit to our website containing personal data – in particular, through the transmission of your IP address. It is possible that this data will be processed outside the EU. You can prevent this by installing a JavaScript blocker or by deactivating JavaScript in your browser. Deactivating or blocking JavaScript may lead to functional limitations on internet pages using JavaScript technologies. You can find further information on data processing at/by Google in the Google data protection policies, which can be retrieved currently at; and in the case of jQuery on the JS Foundation website at

9.5 Google+ button

We have integrated the +1 button from Google Plus into our website. If you access our website, your browser establishes a direct link with the Google server. If you do not click on the button, Google states that no personal data will be processed. Personal data will only be processed if you are logged in to your Google Plus account. If you wish to prevent Google Plus from processing your data, you should log out of Google Plus before visiting our website.

9.6 Google Gstatic

Gstatic is a domain used by Google to load static content to another domain name in order to reduce bandwidth usage and to increase network performance for the end user.

9.7 Google Maps

We use the Google Maps service offering on this website. It allows us to show you interactive maps directly in the website and to enjoy convenient usage of the maps function. By visiting the website, Google receives the information that you have accessed the relevant sub-page on our website. In addition, the data described in the section “Use of the website for information purposes” above is transmitted. This happens independently of whether Google is providing a user account that you are logged into, or whether no such user account exists. If you are logged in to Google, your data will be directly attributed to your account. If you do not wish this data to be attributed to your Google profile, you must log out prior to clicking on the button. Google saves your data as a usage profile and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. This analysis is performed in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google directly to exercise this right.

You will find further information on the purpose and scope of the data capture and its processing by the plug-in provider in the provider’s data protection declaration. You will also find further information there on your rights and settings options available to protect your privacy:

9.8 Google Remarketing

We use the Google Remarketing service on this website. Google Remarketing allows the posting of adverts aimed at users who have already visited our website in the past. As a result of this, adverts modified to take account of their interests can be displayed on our page within the Google advertising network. Google Remarketing uses cookies for this analysis.

9.9 Google Tag Manager

We use so-called Google tag managers to identify your user behaviour. Google Tag Manager is a solution allowing marketers to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-free domain and does not capture any personal data. The tool triggers other tags which may themselves capture data. Google Tag Manager does not access this data. If the facility is deactivated at domain or cookie level, it will apply for all tracking tags implemented using Google Tag Manager.

More detailed information can be found here:

Legal basis: Art. 6(1)(a) GDPR

10. Data protection statement for the usage of Facebook plugins (e.g. "Like" button)

Our pages integrate plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. You can recognise Facebook plugins on our site by the Facebook logo or the "Like" button". An overview of Facebook plugins is available here: When visiting our sites, a direct connection is established via the plugin between your browser and the Facebook server. Facebook receives information that you have visited our site with your respective IP address. You can link our pages to your Facebook profile when you click on the Facebook "Like" button while logged in to your Facebook account. Thereby, Facebook can link your visit to our pages to your user account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of transmitted data and its usage by Facebook. Further information is available in Facebook's data protection statement at


Please log out of your Facebook user account if you do not want Facebook to associate your visit to our sites with your Facebook user account.

Source: Facebook disclaimer of

11. Your rights

You have the following rights vis-à-vis our company with respect to your personal data:

  • the right to information, rectification and erasure
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability

Please email any queries or concerns you may have to or contact us by one of the contact methods shown above.

Should you feel that we have infringed Austrian or European data protection legislation in the way we have processed your data and as a result violated your rights, please contact us so that we can investigate and answer any questions.

You also have the right to complain to the supervisory authority in Austria:

Austrian Data Protection Authority [Datenschutzbehörde], Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0


12. Changes to this Privacy Statement

We reserve the right to modify our Privacy Statement from time to time. All changes to our Privacy Statement will be published on this website. Please therefore be sure to refer to the latest version of our Privacy Statement.

Get in touch