Privacy policy

1.            Information about the controller

Hofmann Architektur & Value Added ZT GmbH

FN 552138 v HG Wien

Margaretenplatz 5 Top 5, 1050 Vienna

[email protected]

+43 664 5009449

2.            Data processing

2.1         Purpose of processing and legal bases on the website

In connection with the use of our website, data is processed in order to be able to provide and use the website to you and to be able to compile usage statistics. Depending on the method of collection and the purpose, the processing is carried out on the basis of your consent, for the performance of a contract, for the fulfilment of a legal obligation or on the basis of a legitimate interest to which we are entitled.

Processing on the basis of your consent (Art. 6 para. 1 lit. a GDPR): The processing of your personal data may also be carried out on the basis of your consent, which can be revoked at any time. In this case, we will process your personal data in accordance with the consent you have given us.

Contractual relationship (Art. 6 para. 1 lit. b GDPR): As the controller, we process your (personal) data in particular in the context of a business relationship with you (or with a company represented by you). The processing of the data is carried out on the basis of the contractual (as well as pre-contractual in the case of the initiation of a business relationship) (e.g. when submitting an offer via our contact form, see point 3.2). In particular, your name, your contact details (such as e-mail address, telephone number, residential address), if applicable, account data, any information regarding your creditworthiness, if necessary your social security data, as well as information from you in connection with the fulfilment of the contractual relationship (in particular analogue and electronic documents, certificates, correspondence, etc.) will be processed.

Processing on the basis of statutory / regulatory obligations (Art. 6 para. 1 lit. c GDPR): Processing of your personal data may be necessary for the fulfilment of a legal or regulatory/judicial obligation to which we are subject (e.g. due to statutory retention obligations and accounting regulations or reporting obligations to authorities on the basis of a legal basis).

Processing based on legitimate interest (Art. 6 para. 1 lit. f GDPR): In addition, processing may take place on the basis of our legitimate interest in processing (e.g. in the case of the processing of data by the log file when you visit our website, see point 3.1). In such a case, the processing will be carried out in accordance with the necessary, proportionate safeguarding of our legitimate interests as a controller or the legitimate interests of a third party, such as, in particular, for the safeguarding of business interests, the assertion, exercise or defence of legal claims and, if there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, and also to prevent physical damage or financial losses, for the implementation of direct advertising (marketing and information measures, in particular about services offered by us), for IT security and technical administration as well as for the purposes of file management, client, applicant and supplier management. The processing here covers all data processed within the framework of the contractual relationship if this is necessary to achieve the purpose.

Apart from using your personal data for the purposes described above, we do not sell, trade or disclose your personal data to third parties without first informing you.

2.2         Potential recipients of personal data

In particular, we transmit personal data to the following categories of recipients within the meaning of Art. 13 (1) (e) GDPR

  • Processors engaged by us as controllers (in particular suppliers, IT and back-office service providers, accountants, tax advisors and auditors).
  • Courts and authorities
  • (judicial and extrajudicial) Expert
  • Third-party providers and cooperation partners (in particular business and contractual partners)
  • Lawyers and law firms regarding the examination or consultation on legal issues
  • Advertising and web analytics partners
  • Third-party providers (e.g. Google regarding Google Maps)
  • Furthermore, it may be necessary to transmit your personal data to third parties in the course of our service provision (in particular counter-representatives and counterparty(s), or other third parties related to the situation).

2.3         Storage and retention of personal data

In accordance with Art. 5 (1) (e) GDPR, we are obliged to delete personal data of you as a data subject if the purpose for storing the data no longer exists, there is no legal basis for storing your personal data and there is no consent to further processing of your data.

In any case, we will store your data in personal form  for as long as this  is necessary to achieve the purpose, in particular for the complete fulfilment of the entire business relationship (from initiation to processing to termination of the contract) and until the fulfilment of legal obligations in accordance with legally stipulated retention and documentation provisions (e.g. the 7-year retention periods of contracts and other documents as well as the associated correspondence in accordance with the Austrian Commercial Code, BAO, VAT Act, etc.). In addition, the data will be stored until the expiry of applicable compensation and warranty periods for the necessary assertion, exercise or defence of legal claims (in this case until the end of any legal disputes in which the data is required as evidence), whereby the statutory limitation periods according to the General Civil Code – ABGB must be taken into account, which are necessary for the retention of necessary documents for up to 30 years after the termination of the contractual relationship.

The respective duration of the storage of your data is therefore determined by various criteria (in particular the legal basis on which the processing is based, the purpose to be achieved and, where applicable, your consent). In particular, this results in the following storage periods:

  • If your personal data is processed on the basis of your consent, the storage and processing will take place in any case for as long as your consent has been given (and no objection has been received by us from you).
  • In the case of the processing of your personal data on the basis of contractual (business) relationships, the data will be stored for the duration of the contractual relationship or, in accordance with the general storage period for business letters, for a period of seven years, unless a longer storage period (such as warranty and compensation claims) is required from the content of the communication and/or from the contract. In addition, in the event of a legal dispute, at least until the legal dispute has been legally terminated.
  • When processing your personal data on the basis of a legitimate interest, the storage and processing will take place for as long as is necessary for the purpose of the legitimate interest (and there is no objection from you).

Personal data may be processed for two or more purposes. The processing of personal data will therefore take place in any case until the purpose with the longest duration (i.e. the purpose whose duration ends later) no longer exists. However, processing for purposes that have already expired / terminated ends with the termination of the respective purpose.

2.4         How do we protect your personal data?

In order to guarantee the security of your personal data, we have introduced a number of technical and organisational measures within the meaning of Art. 32 GDPR. In addition, we are obliged to adapt the security measures to the respective state of the art. This means that our data security measures are continuously adapted.

Despite these measures, every time you provide personal information on the Internet, there is a risk that it will be intercepted and used by third parties beyond our control. Although we do everything in our power to protect your personal information and privacy, it is not possible to guarantee the security of your information that you provide over the Internet.

3.            Data collection on our website

3.1         (automatic) Data collection from visitors to our websites

When you visit our website, a connection is established between your device and our servers. As part of this connection, data is automatically transmitted to us, which may also contain personal data. This data is stored on our server in a log file (log) for <90 days.

The processing of this data is carried out on the basis of our legitimate interest in the proper and secure operation of our websites in accordance with Art. 6 para. 1 lit. f GDPR. The data in these log files will not be passed on to third parties. However, we reserve the right to pass on this data in the event of illegal use of our website, in particular to law enforcement authorities, legal advisors and IT forensic experts.

The data transmitted include, in particular:

  • Dates and time of your visit.
  • The website visited (including the subpages visited).
  • The device you use when you visit the website.
  • The browser you use when you visit the website (including the version of the browser).
  • The operating system on your device used by you when you visit the website (including the version of the operating system).
  • Visited link (incl. corresponding reference link)

3.2         Cookies

In addition to the data mentioned above, information is collected and stored on your computer when you use our website. This information is known as "cookies". "Cookies" are small (text) files that allow us to store specific information related to you on your device. Cookies cannot run programs. They serve to determine the frequency of use and the number of users of the Internet pages, to make our websites more user-friendly and effective and to compile statistics.

Duration of storage: Cookies have different storage periods. There are cookies that are automatically deleted when you close your browser (so-called "session cookies"), and there are also cookies that are stored for a certain period of time.

Please note that all essential cookies are also set without your consent, as we use and process them on the basis of our legitimate interest in using these cookies. The __cf_bm cookie is used for the website in question.

Deleting and blocking cookies: All common web browsers offer functions to prevent the general storage of cookies or the storage of cookies from third parties (e.g. advertising partners) and to delete cookies at any time, to restrict them to certain websites or to set the web browser so that you are notified as soon as a cookie is sent. For information on how to prevent cookies in your browser settings, please refer to your browser's help menu.

3.3         Google Maps

For the display of geo-data, we use the map service "Google Maps" of Google Ireland Limited, or its parent company Google LLC (600 Amphitheatre Pkwy, Mountain View, CA 94043, USA).

We use Google Maps to visually display geographic information on an interactive map on our website. In order to use the functions of Google Maps, it is necessary that information about the use of the website (including your IP address) is stored or transmitted to Google. This information is usually transmitted to a Google server and stored there. Google may also transfer this information to third parties. We have no influence on this data transfer. By using Google Maps, it is also possible that in addition to the information listed above under point 3.3 The cookies listed above may be used to create additional cookies through the use of the Service.

Please note that this third-party service provider is headquartered outside the EU . On 10.07.2023, the European Commission adopted an implementing decision on the adequacy of the level of protection of personal data under the EU-US data protection framework (Commission Implementing Decision [EU] 2023/1795 of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the level of protection of personal data under the EU-US data protection framework).

The U.S. Department of Commerce has published a list of U.S. companies that have self-certified and committed to complying with the principles of the EU-US data protection framework (https://www.dataprivacyframework.gov/list). Google LLC is also included in the list.

For more information on data protection in connection with Google Maps, please refer to Google's privacy policy: https://policies.google.com/privacy.

4.            Data transfer to third countries

As a matter of principle, data is not transferred to third countries. In a few cases, however, the use of our services on the website requires a transfer to third countries (e.g. Google Maps). Data transfer to third countries takes place exclusively on the basis of the provisions of Art. 45ff GDPR.

5.            Rights of data subjects

5.1         General

You are entitled to the following rights, with the exceptions provided for in the respective provisions and the restrictions described in Art. 23 GDPR, within the meaning of the GDPR, about which we inform you below:

Right to information (Art. 15 GDPR): You have the right to request confirmation from us as the controller at any time as to whether we are processing personal data concerning you and, if this is the case, to obtain information free of charge about the personal data processed about you and a copy of this information. If this right to information is unduly exercised by sending us requests for information in an excessive manner, we may charge a fee customary in the area for the administrative costs of the information.

Right to rectification (Art. 16 GDPR): You have the right to demand that we (as the controller) rectify inaccurate personal data concerning you without undue delay.

Right to erasure (right to be forgotten) (Art. 17 GDPR): You have the right to demand from us (as controller) that the personal data concerning you be deleted without undue delay, provided that the data is not necessary for the purposes for which it was collected or otherwise processed and there is no legal reason to prevent the deletion. If you request deletion, we will check the aforementioned legal requirements and inform you about this.

Right to restriction of processing (Art. 18 GDPR): You have the right to demand that we (as the controller) restrict the processing of personal data concerning you.

Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us (as a controller) in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller to whom you have provided your personal data without hindrance from us.

Right to object (Art. 21 GDPR): If we process personal data that is based on a public interest or in the exercise of official authority or is necessary on the basis of a legitimate interest, you have the right to object to this processing of your data at any time due to your particular situation. In this case, your data will only be processed if there are compelling legitimate grounds for the processing.

Right to withdraw consent (Art. 7 para. 3 GDPR): You have the right to revoke a previously given consent to data processing at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

Right not to be subject to a decision based on automated processing (Art. 22 GDPR): You have the right, in certain circumstances, not to be subject exclusively to a decision based on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint and the right to an effective remedy (Art. 77f GDPR): If you are of the opinion that the processing of your personal data violates data protection regulations or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna. (Phone: +43 1 52 152-0, E-Mail: [email protected], Website: https://www.dsb.gv.at)

Without prejudice to any other administrative or extrajudicial remedy and the right of appeal, you have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning you.

Your rights or the exercise of your rights are subject to certain exceptions to protect the public interest (e.g. the prevention or investigation of crime), our interests (e.g. processing for the fulfilment of contractual and legal obligations) or the rights and freedoms of others. In the event that you assert one or more of your rights, we will review your request and respond immediately, but no later than within the legal period of one month. This deadline may be extended by a further two months if necessary, taking into account the complexity and the number of applications. In the event of such an extension of the deadline, we will inform you of the extension of the deadline and the reasons for the delay within one month of receiving your message.

If you exercise any of these rights, we will check your eligibility and respond as soon as possible, but no later than within one month. In complex cases or with a high number of requests, this deadline can be extended by up to two months. In such a case, we will inform you accordingly."

5.2         Exercise of a data subject's right

If you have any questions about data protection or how to exercise the above-mentioned rights, please contact us.

6.            Changes

Our privacy policy is updated continuously (in accordance with our obligation under Art. 32 GDPR to adapt data processing to the current state of the art). At the bottom of this page you will find the date of the last update of our privacy policy.

Last updated on: May 18th 2025