Privacy policy
Privacy policy
Information on Data Protection
With this privacy notice, we inform you about our handling of your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
The entity responsible for data processing is dotsandlines GmbH (hereinafter referred to as “we” or “us”).
Contents
I. General Information
1. Contact
2. Legal Bases
3. Duration of Storage
4. Categories of Data Recipients
5. Data Transfers to Third Countries
6. Processing in Connection with the Exercise of Your Rights
7. Your Rights
8. Right to Object
II. Data Processing on Our Website
1. Contact Options and Enquiries
2. Newsletter
3. Cookies
4. Consent Management Tool
5. Analytics, Tracking & Retargeting
A.) Google Analytics
B.) Google Ads
C.) Meta Pixel
D.) LinkedIn Insight Tag
III. Data Processing on Our Social Media Pages
1. Visiting a Social Media Page
A.) Facebook and Instagram
B.) LinkedIn
2. Comments and Direct Messages
I. General Information
1. Contact
If you have any questions or suggestions regarding this information, or if you wish to exercise your rights, please direct your request to:
dotsandlines GmbH
Mollardgasse 70C/5, 1060 Vienna, Austria
Tel.: +43 1 890 809 3
E-mail: office@dotsandlines.io
2. Legal Bases
The term “personal data” refers to all information relating to an identified or identifiable natural person.
We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the Austrian Data Protection Act (hereinafter “DSG”).
We process personal data only on the basis of a legal authorisation.
Accordingly, we process personal data only:
with your consent (§ 7 para. 2 point 2 DSG or Art. 6 para. 1 lit. a GDPR), for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract at your request (Art. 6 para. 1 lit. b GDPR), for compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR), or where processing is necessary for the purposes of our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, override those interests (Art. 6 para. 1 lit. f GDPR).
3. Duration of Storage
Unless otherwise stated in the following provisions, we store data only as long as necessary for the purpose of processing or for the fulfilment of our contractual or legal obligations.
Such statutory retention obligations may, in particular, arise from commercial or tax law.
From the end of the calendar year in which the data was collected, we will retain:
personal data contained in our accounting records for ten years, and personal data contained in commercial correspondence and contracts for six years. Furthermore, we will retain data related to consent documentation and to claims or complaint management for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.
4. Categories of Data Recipients
In the course of processing your data, we engage processors. Processing activities performed by such processors include, for example, hosting, e-mail delivery, maintenance and support of IT systems, customer and order management, accounting and billing, marketing activities, or document and data carrier destruction.
A processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the controller. Processors do not use the data for their own purposes but only carry out processing for the controller and are contractually obligated to implement appropriate technical and organisational data protection measures.
In addition, we may transmit your personal data to entities such as postal and delivery services, our house bank, tax or auditing firms, or the tax authorities.
Further recipients may be specified in the following sections.
5. Data Transfers to Third Countries
Our data processing activities may involve the transfer of certain personal data to third countries—i.e. countries where the GDPR does not constitute applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is ensured in that third country.
If no adequacy decision exists, personal data will be transferred to a third country only where appropriate safeguards under Art. 46 GDPR are in place, or if one of the conditions under Art. 49 GDPR applies.
Unless otherwise stated below, we rely on the EU Standard Contractual Clauses as appropriate safeguards for the transfer of personal data to third countries. You may obtain or review a copy of these EU Standard Contractual Clauses by contacting us at the address provided under “Contact”.
Where you consent to the transfer of personal data to third countries, the transfer is based on Art. 49 para. 1 lit. a GDPR.
6. Processing in Connection with the Exercise of Your Rights
If you exercise your rights under Articles 15 to 22 GDPR, we process the personal data transmitted to us for the purpose of implementing these rights and to be able to demonstrate such implementation.
Data stored for the purpose of providing information and its preparation will be processed solely for this purpose and for data protection supervision, and otherwise restricted in accordance with Art. 18 GDPR.
These processing activities are based on Art. 6 para. 1 lit. c GDPR in conjunction with Articles 15 to 22 GDPR.
7. Your Rights
As a data subject, you have the right to exercise your data subject rights against us, in particular the following rights:
You have the right, pursuant to Art. 15 GDPR and § 44 DSG, to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to such data and further information.
You have the right, pursuant to Art. 16 GDPR, to obtain rectification of inaccurate data concerning you.
You have the right, pursuant to Art. 17 GDPR and § 45 DSG, to obtain the erasure of your personal data.
You have the right, pursuant to Art. 18 GDPR, to restrict processing of your personal data.
You have the right, pursuant to Art. 20 GDPR, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller.
If you have given us consent to process your data, you may withdraw this consent at any time pursuant to Art. 7 para. 3 GDPR.
Such withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.
8. Right to Object
Pursuant to Art. 21 para. 1 GDPR, you have the right to object, on grounds relating to your particular situation, to processing based on Art. 6 para. 1 lit. e or f GDPR.
Where personal data is processed for direct marketing purposes, you may object to such processing at any time pursuant to Art. 21 paras. 2 and 3 GDPR.
II. Data Processing on Our Website
When using our website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected during your visit. Under data protection law, IP addresses are generally considered personal data. An IP address is assigned to every device connected to the Internet by the Internet service provider in order to enable it to send and receive data.
1. Contact Options and Enquiries
Our website contains contact forms through which you can send us messages. The transmission of your data is encrypted (recognisable by “https” in the browser’s address bar). All data fields marked as mandatory are required in order to process your request. Failure to provide these may mean that we cannot process your enquiry. The provision of further information is voluntary. Alternatively, you can also send us a message by e-mail. We process the data for the purpose of responding to your enquiry.
If your enquiry relates to the conclusion or performance of a contract with us, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Otherwise, we process the data based on our legitimate interest in communicating with interested parties; in such cases, the legal basis for processing is Art. 6 para. 1 lit. f GDPR.
2. Newsletter
We offer the option to subscribe to our newsletter on our website. After subscribing, we will regularly inform you about current news regarding our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a confirmation e-mail containing a link you must click to complete your subscription (double opt-in).
When you subscribe to the newsletter, we process personal data such as your e-mail address and name on the basis of the consent you have given. The processing is based on Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time with future effect, for example via the “unsubscribe” link in the newsletter or by contacting us using the contact details above. The lawfulness of processing carried out before withdrawal remains unaffected.
When subscribing, we also store the IP address as well as the date and time of registration. Processing of this data is necessary to be able to prove consent given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).
We also analyse reading behaviour and open rates of our newsletter. We evaluate the data generated during the delivery and retrieval of our e-mails both in aggregated and anonymised form (delivery rate, open rate, click rate, unsubscribe rate, bounce rate, visits, conversions) to measure usage and effectiveness. Additionally, we evaluate data generated when you open and use these e-mails (time of opening, clicked hyperlinks, downloaded documents) and movement data on downstream websites in connection with your e-mail address in order to provide you with future individualised information best suited to your interests and needs. Both anonymised and personal data collected are used to deliver personalised content and tailored information in our marketing e-mails and related web pages.
The legal basis for this analysis is Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time with future effect, for example via the “unsubscribe” link in the newsletter or by contacting us through the channels above. Please note that, in this case, you will no longer receive our newsletter.
3. Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small data files stored by your browser when you visit a website. They allow the browser to be recognised by web servers. You have full control over the use of cookies through your browser settings. You can delete cookies at any time in your browser’s security settings and block their use generally or for specific cases.
Some cookies are technically necessary for the operation of our website and are therefore permitted without user consent. In addition, we may use cookies to provide special functions and content, as well as for analytical and marketing purposes. This may include third-party cookies (“third-party cookies”). Such non-essential cookies are only used with your consent pursuant to § 7 para. 2 DSG and, where applicable, Art. 6 para. 1 lit. a GDPR.
Information regarding the purposes, providers, technologies used, stored data, and storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool. The link can be found at the bottom left of each page, indicated by a blue circular symbol. Click on it to open your cookie preferences.
4. Consent Management Tool
This website uses a Consent Management Tool to manage cookies.
The consent banner enables visitors to our website to give consent to certain data processing operations or to withdraw previously given consent. By clicking the “I accept” button or saving individual cookie settings, you agree to the use of the associated cookies.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
In addition, the banner helps us fulfil our obligation to demonstrate proof of consent. For this purpose, we process information about the declaration of consent and related log data. Cookies are also used for collecting this data. Processing of this information is necessary to demonstrate that consent was obtained. The legal basis arises from our legal obligation to document consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).
You can withdraw your consent for cookies here: the link can be found at the bottom left of every page, indicated by the blue circular symbol. Click on it to open your cookie preferences. Here you can withdraw all or individual cookies.
5. Analytics, Tracking & Retargeting
A.) Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited (Google Ireland/EU).
Google Analytics enables us to collect and analyse data regarding visitors’ behaviour on our website. For this purpose, Google Analytics uses cookies that allow analysis of website usage. Personal data such as online identifiers (including cookie identifiers), IP addresses, device identifiers, and information on user interaction with our website are processed.
Some of this information is stored directly on your device. Google Analytics may also store or access further information on your device; such storage or access occurs only with your consent.
Google Ireland processes the data collected on our behalf in order to evaluate the use of our website, compile reports on website activity, and provide other services related to website and internet usage. Pseudonymous user profiles may be created from the processed data.
The setting of cookies and related processing of personal data occur with your consent. The legal basis for data processing in connection with Google Analytics is therefore Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with future effect via our Consent Management Tool.
Personal data processed for the provision of Google Analytics may be transferred to any country where Google Ireland or its sub-processors maintain facilities. Please refer to the section “Data Transfers to Third Countries” above.
We use Google Analytics only with IP anonymisation enabled. This means that users’ IP addresses are truncated by Google Ireland within member states of the European Union or in other contracting states of the European Economic Area. The IP address transmitted by your browser is not merged with other data. Further information on data use for advertising purposes can be found in Google’s privacy policy at www.google.com/policies/technologies/ads/ (http://www.google.com/policies/technologies/ads/).
We use Google Analytics 4, which enables us to track interaction data from various devices and sessions, allowing us to contextualise user actions and analyse long-term relationships.
User activity data is stored for 14 months and then automatically deleted. All other event data is stored for 2 months and then automatically deleted. Deletion of data whose retention period has expired occurs automatically once per month.
We have linked Google Analytics with Google Optimize, which allows us to test, optimise, and personalise different versions of our website.
We also use Google Analytics Advertising Features (Remarketing). This function enables us to display targeted advertisements and to show users relevant ads based on their interests. Remarketing allows users to see ads and products they previously showed interest in on other websites within the Google Network. Through this feature, audiences created in Google Analytics Remarketing can be linked with cross-device functions of Google Ads, enabling personalised advertising across different devices.
If you have given appropriate consent, Google links your web and app browsing history with your Google Account, allowing the same personalised ads to appear on all devices where you are signed in with that account. The combination of data in your Google Account occurs solely on the basis of your consent, which you may give or withdraw directly from Google. For these linked services, Google Analytics collects data for advertising purposes using Google-authenticated user IDs temporarily linked with our Google Analytics data to define and create audiences for cross-device advertising.
Further information: https://support.google.com/analytics/answer/7667196 (https://support.google.com/analytics/answer/7667196)
B.) Google Ads
We use the online advertising service Google Ads, provided by Google Ireland Limited (Ireland, EU), through which we place advertisements on the Google search engine. When you access our website via a Google ad, Google places a cookie on your device (“conversion cookie”). Each Google Ads customer receives a different conversion cookie, so cookies cannot be tracked across different Ads clients. The information obtained through the cookie is used to compile conversion statistics. We learn the total number of users who clicked on our ad but receive no information that identifies individual users.
Your data is processed based on your consent under Art. 6 para. 1 lit. a GDPR. The setting of cookies occurs with your consent, which you may withdraw at any time with future effect through the Consent Management Tool. Data transfer to the USA cannot be excluded when using this service. Please refer to the section “Data Transfers to Third Countries”. Further information on data protection at Google is available at https://policies.google.com/privacy#infocollect (https://policies.google.com/privacy#infocollect).
C.) Meta Pixel
We use the Meta Pixel, a business tool from Meta Platforms Ireland Limited (Meta Platforms Ireland Ltd./EU). Information on Meta’s contact details and data protection officer can be found in Meta’s Data Policy at https://www.facebook.com/about/privacy (https://www.facebook.com/about/privacy).
The Meta Pixel is a JavaScript code snippet that allows us to track visitor activities on our website (“conversion tracking”). The Meta Pixel collects and processes the following information (“event data”):
Information about actions and activities of visitors on our website (e.g. viewing or purchasing a product);
Specific pixel information such as the pixel ID and Facebook cookie;
Information on buttons clicked by visitors;
Information contained in HTTP headers such as IP address, browser information, page location, and referrer;
Information on the status of ad-tracking settings.
Some of this event data consists of information stored on your device. Meta Pixel also uses cookies that store information on your device. Such storage or access takes place only with your consent.
Event data collected through the Meta Pixel is used to target advertisements and improve ad delivery on Meta products such as Facebook and Instagram, to personalise content and features, and to enhance and secure Meta’s products. These event data are transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data are carried out jointly by us and Meta Platforms Ireland Ltd. as joint controllers.
We and Meta have concluded a Joint Controller Agreement defining the allocation of data-protection responsibilities. In this agreement:
we are responsible for providing you with all information pursuant to Articles 13 and 14 GDPR regarding joint processing;
Meta Platforms Ireland Ltd. is responsible for enabling data-subject rights under Articles 15 to 20 GDPR for the personal data it stores following joint processing.
The agreement can be viewed at: https://www.facebook.com/legal/controller_addendum (https://www.facebook.com/legal/controller_addendum).
For subsequent processing of transmitted event data, Meta Platforms Ireland Ltd. acts as sole controller. Further information on how Meta processes personal data, including the legal basis and options for exercising your rights, can be found in Meta’s Data Policy: https://www.facebook.com/about/privacy (https://www.facebook.com/about/privacy).
We have also engaged Meta Platforms Ireland Ltd. to prepare campaign reports and analytics based on event data collected via the Meta Pixel. For this purpose, personal data contained in the event data is transmitted to Meta Platforms Ireland Ltd., which processes such data as our processor to provide us with the reports and analyses.
Collection and transmission of personal data to Meta Platforms Ireland Ltd. and subsequent processing for analytics and campaign reporting take place only if you have given consent. The legal basis is Art. 6 para. 1 lit. a GDPR.
Data processed on our behalf by Meta Platforms Ireland Ltd. is transferred to Meta Platforms, Inc. in the USA based on processor-to-processor Standard Contractual Clauses, or other transfer mechanisms recognised under the GDPR.
D.) LinkedIn Insight Tag
We use the LinkedIn Insight Tag, a marketing product of LinkedIn Ireland Unlimited Company (LinkedIn Ireland/EU). Information on LinkedIn’s contact details and data protection officer can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy (https://www.linkedin.com/legal/privacy-policy).
The LinkedIn Insight Tag is a JavaScript code snippet that triggers a cookie on your device when you visit our website. Such storage or access and further processing of personal data occur only with your consent. The legal basis for collecting and transmitting personal data to LinkedIn Ireland is Art. 6 para. 1 lit. a GDPR.
Through the LinkedIn Insight Tag, we can perform several functions:
LinkedIn Conversion Tracking allows us to analyse visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent), and timestamp. IP addresses are truncated or, where used for cross-device targeting, hashed. LinkedIn does not provide us with personal data but only aggregated reports on website audience and ad performance. This allows us to measure the effectiveness of LinkedIn advertising for statistical and market-research purposes.
Direct identifiers of members are removed within seven days to pseudonymise data, which LinkedIn then deletes within 180 days. This processing serves to obtain information on our website audience and reports on LinkedIn campaign effectiveness.
We also use LinkedIn Matched Audiences to target our advertising campaigns to specific audiences based on data we provide (e.g. company lists, hashed contact details, device identifiers, or event data such as visited pages).
This processing is carried out for the purpose of marketing our services through targeted advertising.
We have concluded a Joint Controller Agreement with LinkedIn defining the allocation of responsibilities, available here: https://legal.linkedin.com/pages-joint-controller-addendum (https://legal.linkedin.com/pages-joint-controller-addendum).
Please note that, according to LinkedIn’s privacy policy, personal data may be processed in the USA or other third countries. LinkedIn transfers personal data only to countries with an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards under Art. 46 GDPR.
III. Data Processing on Our Social Media Pages
We maintain company pages on several social media platforms. In doing so, we aim to provide additional ways to inform you about our company and to enable interaction.
Our company maintains corporate pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile generally constitutes personal data. This also includes messages and statements made using the profile. Furthermore, when visiting a social media profile, certain information—often automatically collected—may also constitute personal data.
1. Visiting a Social Media Page
A.) Facebook and Instagram
When visiting our Facebook or Instagram page, through which we present our company or individual products from our portfolio, certain information about you will be processed.
The sole controller responsible for processing personal data in this context is Meta Platforms Ireland Limited (Ireland, EU – “Meta”).
Further information on Meta’s processing of personal data can be found at: https://www.facebook.com/privacy/explanation (https://www.facebook.com/privacy/explanation).
Meta provides options to object to certain data processing activities; details and opt-out options are available at: https://www.facebook.com/settings?tab=ads (https://www.facebook.com/settings?tab=ads).
Meta provides us with anonymised statistics and insights (so-called “Page Insights”) for our Facebook and Instagram pages, which help us understand the types of actions people take on our pages. These Page Insights are created based on certain information about individuals who visit our pages.
This processing of personal data is carried out jointly by Meta and us as joint controllers.
The processing serves our legitimate interest in evaluating user interactions and improving our pages accordingly. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
We cannot associate information obtained through Page Insights with individual user profiles that interact with our Facebook or Instagram pages.
We have entered into a Joint Controller Agreement with Meta that defines the allocation of data protection responsibilities between Meta and us.
Details regarding the processing of personal data for Page Insights and our agreement with Meta can be found at:
https://www.facebook.com/legal/terms/information_about_page_insights_data (https://www.facebook.com/legal/terms/information_about_page_insights_data).
With regard to these data processing activities, you may exercise your data subject rights (see “Your Rights”) against Meta as well. Further information can be found in Meta’s Privacy Policy:
https://www.facebook.com/privacy/explanation (https://www.facebook.com/privacy/explanation).
Please note that, according to Meta’s privacy policy, user data may also be processed in the USA or other third countries.
Meta transfers user data only to countries with an adequacy decision under Art. 45 GDPR or based on appropriate safeguards under Art. 46 GDPR.
B.) LinkedIn
The controller responsible for processing personal data when visiting our LinkedIn page is primarily LinkedIn Ireland Unlimited Company (Ireland, EU – “LinkedIn”).
Further information on LinkedIn’s processing of personal data can be found at:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy).
When you visit, follow, or interact with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights (so-called “Page Insights”).
These insights give us information about user interactions on our page.
For this purpose, LinkedIn processes data that you have provided in your profile, such as your role, country, industry, seniority, company size, and employment status.
LinkedIn also processes information about how you interact with our page (e.g. whether you follow us).
We receive only aggregated Page Insights and have no access to personal data of individual members.
We cannot draw any conclusions about specific users.
This processing of personal data for Page Insights is carried out jointly by LinkedIn and us as joint controllers.
The processing serves our legitimate interest in evaluating interactions on our LinkedIn page and improving our presence accordingly. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR.
We have entered into a Joint Controller Agreement with LinkedIn defining the allocation of data protection responsibilities, available at:
https://legal.linkedin.com/pages-joint-controller-addendum (https://legal.linkedin.com/pages-joint-controller-addendum).
Under this agreement:
LinkedIn is responsible for enabling you to exercise your rights under the GDPR.
You can contact LinkedIn online via this link: https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en)
or via the contact details provided in the Privacy Policy.
LinkedIn’s Data Protection Officer can be contacted here: https://www.linkedin.com/help/linkedin/ask/TSO-DPO (https://www.linkedin.com/help/linkedin/ask/TSO-DPO).
You may also contact us using the contact details provided in this Privacy Policy regarding the exercise of your rights in relation to the processing of personal data in connection with Page Insights; in such cases, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing Page Insights processing.
You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie (http://www.dataprotection.ie/)) or with any other supervisory authority.
Please note that, according to LinkedIn’s privacy policy, personal data may also be processed in the USA or other third countries.
LinkedIn transfers personal data only to countries with an adequacy decision under Art. 45 GDPR or based on appropriate safeguards under Art. 46 GDPR.
2. Comments and Direct Messages
We also process information that you provide to us through our company page on the respective social media platform.
Such information may include your username, contact details, or any message you send to us.
These processing activities are carried out by us as the sole controller.
We process this data based on our legitimate interest in communicating with individuals who contact us.
The legal basis for processing is Art. 6 para. 1 lit. f GDPR.
Further data processing may take place where you have given consent (Art. 6 para. 1 lit. a GDPR) or where it is necessary to comply with a legal obligation (Art. 6 para. 1 lit. c GDPR).
Last updated: October 2025