Privacy policy

The controller within the meaning of the GDPR and other data protection laws is Rieger Systems GmbH, represented by managing director Tobias Rieger.

Rieger Systems GmbH

Fernpaß-Straße 4a, A-6465 Nassereith, Austria

Email: kontakt@rieger-systems.eu

Website: https://www.rieger-systems.eu

Represented by managing director: Tobias Rieger

Purposes: providing the website, IT security, error handling, responding to enquiries, spam and abuse prevention.

Categories of personal data: inventory and contact data (for enquiries), usage/metadata (e.g. truncated IP), technical log data.

Data subjects: website visitors and communication partners.

Legal bases (Art. 6 GDPR):

• Art. 6(1)(b) GDPR (pre-contractual communication, contact requests)
• Art. 6(1)(f) GDPR (legitimate interests: IT security, error handling, spam prevention, server logs)
• Art. 6(1)(c) GDPR (legal obligations, e.g. disclosure to authorities)
• Art. 32 GDPR (security of processing) as the framework for protective measures

This website is hosted with a European provider (Hetzner). Processing takes place exclusively in data centres within the EU.

A data processing agreement pursuant to Art. 28 GDPR is in place with the host. The host processes server log data and metadata required for secure and stable operation (typically retained for up to 30 days to ensure IT security and error management).

When you access the site we automatically process: truncated IP address (last octet masked, e.g. 192.168.0.xxx), date/time, requested resource, referrer, user agent.

Purpose/interest: operation, security, error analysis (Art. 6(1)(f) GDPR).

Retention: generally up to 30 days, then deletion/anonymisation unless a security incident requires longer retention.

To protect our forms from automated abuse we use FriendlyCaptcha. When you submit a form, a cryptographic challenge is solved.

Data processed may include technical information about the puzzle-solving process (e.g. an anonymous puzzle ID, timestamp, possibly a truncated IP as part of technical delivery).

The legal basis is our legitimate interest in preventing spam and abuse and maintaining system integrity (Art. 6(1)(f) GDPR).

A data processing agreement pursuant to Art. 28 GDPR is in place with FriendlyCaptcha. To our knowledge processing takes place within the EU/EEA; transfers to third countries do not occur unless expressly stated in an individual case.

Further information: https://friendlycaptcha.com/legal/privacy-end-users/

When you contact us we process the data you provide (e.g. name, email, phone, message) to handle your request.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual communication) and/or Art. 6(1)(f) GDPR (efficient communication).

Email security: transport encryption (TLS). Our domains use SPF/DKIM/DMARC to reduce abuse.

Deletion: after your request is completed unless statutory retention obligations apply; possibly longer to assert or defend legal claims (reviewed regularly).

Only strictly necessary cookies/mechanisms are used (e.g. session/state until the end of the session, FriendlyCaptcha token briefly for verification).

Legal basis: legitimate interest in security and operation (Art. 6(1)(f) GDPR).

A detailed directory will be added if further necessary cookies are introduced in the future.

We use an Alpine background image from Pixabay. Pixabay images are generally published under a licence that does not require attribution; we still name the source voluntarily for transparency.

No personal data is processed beyond delivering the image itself.

In addition to the hosting provider we use only service providers required to operate and secure the website who process data solely on our instructions (Art. 28 GDPR).

Hosting: Hetzner (EU) – DPA in place

Contact form email delivery: LetterMint (EU/Netherlands), servers in the Netherlands, processing exclusively in the EU, DPA in place.

Further information: https://lettermint.co/privacy-policy

LetterMint is a European email service provider with servers in the Netherlands. Processing takes place exclusively in the EU. A data processing agreement pursuant to Art. 28 GDPR is in place.

Spam/abuse protection: FriendlyCaptcha (EU); a DPA is in place.

Transfers to third countries do not take place unless we expressly indicate otherwise in an individual case.

Server logs: generally up to 30 days (longer only in security cases)

Contact requests: until completion + statutory retention; then deletion/anonymisation

Technically necessary cookies/tokens: session/short-term according to purpose

You may request access, rectification, erasure, restriction, data portability and object to processing based on legitimate interests.

We respond to requests within one month (Art. 12(3) GDPR). Where processing is based on consent you may withdraw it at any time with effect for the future.

Objection (Art. 21 GDPR): you may object at any time on grounds relating to your particular situation.

You have the right to lodge a complaint with a supervisory authority. In Austria this is the Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.

We implement technical and organisational measures including TLS encryption (HTTPS), access controls, firewalls, regular updates and monitoring/logging to detect security incidents (Art. 32 GDPR).

Our website may contain links to third-party websites. We have no influence over the content of linked pages and therefore accept no liability for their content.

The respective provider or operator of the linked pages is always responsible for their content.

We update this policy when technical or legal developments require it. Changes affecting consent take effect only after this page is updated.

Last updated on 30 October 2025.

No data protection officer has been appointed because there is no legal obligation to do so.

Please note that we need certain information to process your request.

Please note that we need certain information to process your request.

We do not use automated decision-making, including profiling.

Our website is not directed at children within the meaning of Art. 8 GDPR; we do not knowingly process corresponding data.