Back to home

Privacy policy

Data Protection Notice

We take your privacy seriously. This notice explains what personal data we process when you use our website and why we do so. The EU General Data Protection Regulation (GDPR) applies.

Controller

XISTA Innovation GmbH
Am Campus 1, 3400 Klosterneuburg
hello@xista.com
(Art. 4(7) GDPR)

Our website is hosted on servers operated by DigitalOcean in the EU.

No Cookies & No Tracking

We do not use cookies, web analytics, or any form of automated profiling.
(Art. 5(1)(c) GDPR – data minimisation)

What data do we collect and why?

Contact Form

When you contact us, we receive the data you enter (e.g., name, email, message).
Messages are transmitted using Sendgrid (Twilio Inc., USA).

Purpose: Responding to your inquiry
Legal basis:

  • Art. 6(1)(f) GDPR – our legitimate interest in communication
  • Transfers to the USA are based on appropriate safeguards under Art. 46 GDPR.

Newsletter Subscription

If you sign up for our newsletter, we store your email address with Mailchimp (Intuit Inc., USA).
We use this data only to send you the newsletter.

Legal basis:

  • Art. 6(1)(a) GDPR – your consent
  • You may withdraw your consent at any time (Art. 7(3) GDPR).
  • Transfers to the USA are carried out under Art. 46 GDPR (appropriate safeguards).

Storage Period

  • Contact inquiries: retained only as long as needed to process your request (Art. 5(1)(e) GDPR).
  • Newsletter subscription: stored until you unsubscribe.

Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (“right to be forgotten”) (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing based on legitimate interests (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

You also have the right to lodge a complaint with a supervisory authority (Art. 77), such as the Austrian Data Protection Authority.

Data Security

We take appropriate technical and organisational measures to protect your data (Art. 32 GDPR). Processing is limited to what is necessary for the stated purposes (Art. 5(1)(b)(c)).

If you have questions or wish to exercise your rights, contact us at hello@xista.com