We have prepared this privacy policy (version 18.03.2026-113200868) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we as controllers – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, aims to describe the most important things as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a user-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible when providing the most concise, unclear, and legal-technical explanations, as they are often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information that you did not know before.
If you still have questions, we kindly ask you to contact the responsible entity listed below or in the legal notice, follow the provided links, and view further information on third-party websites. Our contact details can of course also be found in the legal notice.
This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Article 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
In short: This privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the mentioned channels. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the GDPR, that enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this GDPR online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
Additional conditions such as the performance of tasks carried out in the public interest or in the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
If further regional or national laws apply, we will inform you about them in the following sections.
If you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4(7) of the General Data Protection Regulation (GDPR):
MeliorLux
E-mail: office@meliorlux.com
Phone: +43 667 8817719
Legal Notice: https://www.meliorlux.com/privacy-policy-en
As a general rule, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to apply, for example for accounting purposes.
If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.
We will inform you below about the specific duration of the respective data processing, provided we have further information on this.
In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to ensure fair and transparent data processing:
In short: You have rights – do not hesitate to contact the responsible body listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
E-mail:
dsb@dsb.gv.at
Website:
https://www.dsb.gv.at/
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if another legal permission exists. This applies in particular if processing is required by law or necessary for the fulfillment of a contractual relationship, and in any case only insofar as it is generally permitted. In most cases, your consent is the most important reason why we allow data to be processed in third countries. The processing of personal data in third countries such as the USA, where many software providers offer services and have their servers, may mean that personal data is processed and stored in unexpected ways.
We explicitly point out that, according to the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA currently exists only if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored without anonymization. Furthermore, US government authorities may have access to individual data. It may also occur that collected data is linked with data from other services of the same provider if you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.
We will inform you in more detail about data transfers to third countries at the appropriate points in this privacy policy, if applicable.
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to infer personal information from our data within the scope of our capabilities.
Article 25 GDPR refers to “data protection by design and by default” and means that both software (e.g. forms) and hardware (e.g. access to the server room) must always take security into account and implement appropriate measures. Below, we will address specific measures if necessary.
Communication Summary Data subjects: Anyone who communicates with us via phone, email, or online form Processed data: e.g. phone number, name, email address, entered form data. More details can be found under the respective contact type Purpose: Handling communication with customers, business partners, etc. Storage duration: Duration of the business case and legal requirements Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests) |
If you contact us and communicate via telephone, email, or online form, personal data may be processed.
The data is processed for handling and responding to your inquiry and the related business transaction. The data is stored for as long as required for this purpose or as required by law.
All persons who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
If you call us, call data is pseudonymized and stored on the respective end device and by the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent by email and stored for responding to your inquiry. The data is deleted as soon as the business case is completed and legal requirements permit.
If you communicate with us via email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and stored on the email server. The data is deleted as soon as the business case is completed and legal requirements permit.
If you communicate with us using an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted as soon as the business case is completed and legal requirements permit.
The processing of data is based on the following legal bases:
In this section, we would like to explain what a data processing agreement is and why it is required. Since the term “data processing agreement” is quite complex, we will often use the abbreviation DPA in this text. Like most companies, we do not work alone but also use services provided by other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors, with whom we conclude a contract known as a data processing agreement (DPA). The most important thing for you to know is that your personal data is processed exclusively according to our instructions and must be regulated by the DPA.
As a company and website operator, we are responsible for all data we process from you. In addition to controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely, according to the GDPR definition: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a processor. Processors may therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
For a better understanding of the terminology, here is an overview of the three roles in the GDPR:
Data subject (you as a customer or interested party) →
Controller (we as a company and client) →
Processor (service providers such as web hosts or cloud providers)
As mentioned above, we have concluded a DPA with our partners who act as processors. First and foremost, it stipulates that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although electronic contracts are also considered “written” in this context. Personal data is only processed on the basis of this contract. The contract must include the following:
The contract also includes all obligations of the processor. The most important obligations are:
You can view an example of such a DPA at:
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html.
| Cookies Summary Data subjects: Website visitors Purpose: depends on the respective cookie. More details can be found below or from the software provider that sets the cookie. Processed data: depends on the cookie used. More details can be found below or from the software provider. Storage duration: depends on the cookie, may vary from hours to years Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests) |
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More precisely, these are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser (e.g. Chrome) and a web server. The browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.
There are first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other malware. Cookies also cannot access information on your PC.
Example cookie data:
Name: _ga
Value: GA1.2.1326744211.152113200868-9
Purpose: Distinguishing website visitors
Expiration date: after 2 years
Minimum requirements a browser should support:
| Web Hosting Summary Data subjects: Website visitors Purpose: Professional hosting of the website and securing operation Processed data: IP address, time of website visit, browser used, and other data Storage duration: Usually 2 weeks Legal basis: Art. 6(1)(f) GDPR (legitimate interests) |
When you visit websites today, certain information – including personal data – is automatically created and stored. This also applies to this website. This data should be processed as sparingly as possible and only with justification.
To display a website, your browser connects to a web server where the website is stored. During this process, personal data may be processed.
Data is usually stored for two weeks and then automatically deleted.
| Web Design Summary Data subjects: Website visitors Purpose: Improving user experience Processed data: IP address, technical data, browser information Storage duration: Depends on tools used Legal basis: Art. 6(1)(a) GDPR, Art. 6(1)(f) GDPR |
Web design includes the visual, structural, and functional design of a website. Its goal is to improve usability and user experience.
We continuously improve our website to provide you with the best possible experience.
Definition according to GDPR:
A processor is a natural or legal person who processes personal data on behalf of the controller.
Definition according to GDPR:
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.
Definition according to GDPR:
Any information relating to an identified or identifiable natural person.
Definition according to GDPR:
Automated processing of personal data to evaluate personal aspects.
Definition according to GDPR:
The entity that determines the purposes and means of processing personal data.
Definition according to GDPR:
Any operation performed on personal data such as collection, storage, use, or deletion.
Congratulations! If you are reading this, you have made it through our entire privacy policy.
Protecting your personal data is very important to us. We aim to inform you clearly and transparently about data processing.
If you have any questions, please do not hesitate to contact us.
All texts are protected by copyright.
2026 Copyright © MeliorLux | Imprint | Privacy Policy
