EN

|DE

Privacy Policy

This website is operated by NXAI GmbH, located in Linz. In this privacy policy, we, as the data controller according to Art. 4 (7) GDPR, describe the data we collect during your visit to our website and the purposes for which we process this data.

As the protection of your personal data is of particular concern to us, we strictly adhere to the legal requirements of the DSG (Data Protection Act) and the GDPR (General Data Protection Regulation) when collecting and processing your personal data.

Below, we provide detailed information about the scope and purpose of our data processing, as well as your rights as a data subject. Please read our privacy policy carefully before continuing to use our website and, if necessary, giving your consent to data processing.


Controller under the DSGVO


NXAI GmbH

Peter-Behrens-Platz 2

4020 Linz, Austria

E-Mail: contact@nx-ai.com


Technologies on our Website

Cookies and Local Storage

We use cookies on our website to make our online presence more user-friendly and functional. Some cookies remain stored on your device.

Cookies are small data packets exchanged between your browser and our web server when you visit our website. They do not cause any harm and are only used to recognize website visitors. Cookies can only store information provided by your browser, i.e., information you have entered into the browser or information available on the website. Cookies cannot execute code and cannot be used to access your device.

On your next visit to our website with the same device, the information stored in cookies can be sent back to us ("first-party cookie") or to a third-party application, to which the cookie belongs ("third-party cookie"). The respective web application recognizes, based on the stored and returned information, that you have already accessed and visited the website with the browser of your device.

Cookies typically contain the following information:

  • Cookie name

  • Name of the server from which the cookie originally comes

  • Cookie ID number

  • Date on which the cookie will be automatically deleted


Depending on their purpose and function, we categorize cookies as follows.

Technically necessary cookies: To ensure the technical operation and basic functions of our website. These cookies are used, for example, to maintain your settings while navigating the website or to ensure that important information is retained throughout the session (e.g., login, shopping cart).

Statistical cookies: To understand how visitors interact with our website by collecting and analyzing information anonymously. This provides valuable insights to optimize both the website and our products and services.

Marketing cookies: To set targeted advertising activities for users on our website.

Unclassified cookies: Cookies that we are currently trying to classify together with providers of individual cookies.

Depending on the storage duration, we also classify cookies into session and permanent cookies. Session cookies store information used during your current browser session and are automatically deleted when you close the browser. No information is retained on your device. Permanent cookies store information between two visits to the website. This allows you to be recognized as a returning visitor on your next visit, and the website responds accordingly. The lifespan of a permanent cookie is determined by the cookie provider.

The legal basis for the use of technically necessary cookies is our legitimate interest in the technically flawless operation and smooth functionality of our website according to Art. 6 (1) lit. f GDPR. Our website cannot function properly without these cookies. The use of statistical and marketing cookies requires your consent according to Art. 6 (1) lit. a GDPR. You can revoke your consent to the use of cookies at any time for the future according to Art. 7 (3) GDPR. The consent is voluntary, and if not given, there are no disadvantages. Further information about the cookies we actually use (especially their purpose and storage duration) can be found in this privacy policy.

Please note that a general deactivation of cookies may lead to functional limitations on our website.

We also use so-called local storage functions (also called "local storage") on our website. This involves storing data locally in your browser's cache, which can still be read and accessed even after closing the browser, unless the cache is cleared or it is session storage.

Third parties cannot access the data stored in local storage. If specific plugins or tools use local storage functions, this is described in the respective plugin or tool.

If you do not wish plugins or tools to use local storage functions, you can control this in the settings of your respective browser. Please note that this may lead to functional limitations.

Data Transfer to the USA

We explicitly point out that as of July 10, 2023, the EU Commission has issued an adequacy decision on the EU-US Data Privacy Framework according to Art. 45 (1) GDPR (Data Privacy Framework). Accordingly, organizations or companies (as data importers) in the USA that are registered on a public list as part of the self-certification of the Data Privacy Framework offer an adequate level of protection for data transfers. Whether a specific service provider is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search

The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. Binding guarantees are created to comply with all requirements of the ECJ, such as limiting the access of US intelligence services to EU data to a necessary and proportionate level and establishing a court to review data protection, to which individuals in the EU also have access.

If data transfer by us to the USA occurs or a service provider based in the USA is used by us, we explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).

It should be noted that, aside from significant improvements, the legal situation in the USA may still change, especially in the area of surveillance. We therefore recommend regularly informing yourself about the current legal situation and staying up-to-date on certified service providers.

What can the transmission of personal data to the USA mean for you as a user and what risks are associated with it.

For users, potential risks arise when data importers in the USA are involved, especially those not covered by the Data Privacy Framework. The risks primarily concern the powers of US intelligence agencies and the legal situation in the USA, which, according to the European Court of Justice (ECJ), currently does not ensure an adequate level of data protection. Some key points include.

  • Section 702 of the Foreign Intelligence Surveillance Act (FISA) imposes no restrictions on surveillance measures by intelligence agencies and provides no guarantees for non-US citizens.

  • Presidential Policy Directive 28 (PPD-28) does not offer effective remedies to affected individuals against actions by US authorities and does not establish limits on ensuring proportionate measures.

  • The ombudsman provided for in the Privacy Shield lacks sufficient independence from the executive branch and cannot issue binding orders to intelligence agencies.


Legal transfer of data to the USA based on standard contractual clauses for data importers not covered by the Data Privacy Framework?

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCC) with Decision 2021/914/EU. These clauses provide a new legal basis for data transfers to locations where the same level of data protection does not exist as in the EU.

Legal transfer of data to the USA based on consent?

If data is transferred to a service provider based in the USA not covered by the Data Privacy Framework, and this data transfer is based on explicit consent, we provide explicit information about it in this privacy policy, especially in the description of the technologies used on our website.

What measures do we take to ensure a legally compliant data transfer to the USA?

To make data transfers to the USA legally compliant, we, whenever possible, opt for data processing on EU servers when provided by US providers. This ensures, from a technical standpoint, that the data remains within the European Union, and access by US authorities is not possible.

Hosting

The hosting services used by us serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security and technical maintenance services, which we use for the purpose of operating our website.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data from customers, interested parties, and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 (1) lit. f GDPR in connection with Art. 28 GDPR (conclusion of an order processing agreement).

Contacting Us


Then you contact us (e.g., via contact form or email), we process your details for the purpose of handling the request and in the event that follow-up questions arise.
If the data processing takes place for the purpose of performing pre-contractual measures or fulfilling a contract, the legal basis for this data processing is Art. 6 (1) lit. b GDPR.


We will delete your inquiry and your contact details once your inquiry has been conclusively answered, and there are no legal retention periods preventing deletion, for example, within the context of subsequent contract processing. Typically, this occurs when there has been no contact with you for a continuous period of three years.

Server-Log-Files


The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

  • Browser type and browser version

  • Operating system used

  • Referrer URL

  • Host name of the accessing computer

  • Time of the server request

  • IP address


This data is not merged with other data sources.

This data is collected based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website, for which the server log files must be recorded.

SSL Encryption


For reasons of security and to protect the transmission of confidential content, such as requests that you send to us as the website operator, this website uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

General Information on Data Protection


The following provisions apply, in principle, not only to the data collection on our website but also generally to other processing activities of personal data.

Personal data


Personal data refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Legal Basis for Processing Personal Data


Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.

  • When processing personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis.

  • This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
    Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

  • If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.


Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our home country may apply.

Cooperation with processors


We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a processing contract, this is done in accordance with Article 28 of the General Data Protection Regulation (GDPR).

Transmission to third countries


If we process data in a third country or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this will only take place for the reasons described above for the transfer of data.

Subject to express consent or contractual necessity, we only process or have the data processed in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations in accordance with Art. 44 - 49 GDPR.

Storage duration


If no explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 para. 1 lit. e GDPR as soon as the purpose for processing has ceased to exist. In this context, we would like to point out that statutory retention obligations constitute a legitimate purpose for the processing of personal data.

In principle, we store and retain personal data until the end of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the end of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.

Rights of affected parties


Data subjects have the right:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

  • in accordance with Art. 21 GDPR, insofar as your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

  • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by accessing our cookie settings.

  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

The competent supervisory authority for NXAI GmbH, is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of data subject rights


You yourself decide on the use of your personal data. Should you therefore wish to exercise any of your above-mentioned rights against us, you are welcome to contact us by email at contact@nx-ai.com or by post or telephone.

Please send a copy of an official photo ID together with your request for clear identification and assist us in specifying your request by answering questions from our responsible employees regarding the processing of your personal data. Please indicate in your request in which role (employee, applicant, visitor, supplier, customer, etc.) and during which period you have been in contact with us. This will enable us to process your request promptly.

Protection of personal data


The security of your personal data is of particular concern to us. We therefore take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of data protection through technology design and through data protection-friendly default settings in accordance with Art. 25 GDPR.

We also transfer our understanding of security to the processors we use.

Up-to-dateness of this privacy policy


Due to further developments or changes in legal requirements, it may be necessary to amend this privacy policy from time to time. You can call up and print out the current data protection declaration here on this page at any time.

If you have any questions about data protection, please contact us at contact@nx-ai.com or using the other contact details provided in this privacy policy.

Used Cookies


Our website does not currently use marketing, essential or statistical cookies.

Necessary Cookies


Technically necessary cookies are used to enable the technical operation of a website and to make it functionally usable for you. They are used on the basis of our legitimate interest in offering a technically flawless website. However, you can generally deactivate the use of cookies in your browser.