Decora logo Decora dark logo
office@decoramalerei.com
Decora Wortmarke

Privacy Policy




1. General information

Protecting your personal data is very important to us. We treat your personal data confidentially and in accordance with the applicable data protection regulations (GDPR, Austrian Data Protection Act (DSG), Telecommunications Act (TKG 2003)) as well as this Privacy Policy.

Personal data includes all information that can be used to identify you as an individual, e.g. name, contact details, IP address, or the content of inquiries or offer documents.

In this Privacy Policy, we explain which data we process on this website, for which purposes and on which legal basis this is done, how long we store the data and which rights you have.

2. Controller

The controller responsible for data processing on this website is
Decora Malerei KG
Klederinger Straße 69–73/17
1100 Vienna
Austria

Tel.: +43 664 418 37 14
E-mail: office@decoramalerei.com
Web: www.decoramalerei.com

3. Hosting and server log files

Our website is hosted by an external service provider (web host). The host provides the technical infrastructure (web server, storage space, database, etc.). We have concluded a data processing agreement with the hosting provider pursuant to Art. 28 GDPR.

When you visit our website, the web server automatically records certain information in so-called server log files:

  • IP address of the accessing device
  • Date and time of access
  • Page/file requested (URL)
  • Referrer URL (previously visited page, if transmitted)
  • Browser type and version, operating system
  • Hostname of the accessing computer
  • Transferred data volume and HTTP status code

This data is technically necessary to correctly deliver the contents of the website, to ensure the stability and security of the system (e.g. detection of attacks or abuse) and, if necessary, to analyze faults.

The legal basis is our legitimate interest in a secure and stable operation of our website in accordance with Art. 6(1)(f) GDPR. The log files are usually stored by the provider for a few weeks and then automatically deleted, unless a longer retention period is required to clarify specific security incidents.

4. What are cookies?

Our website uses “cookies”. Cookies are small text files that are stored on your device by your browser when you visit websites. They typically contain:

  • a randomly generated identifier (cookie ID)
  • the name of the website from which the cookie originates
  • information on the cookie’s lifetime
  • optional additional information (e.g. settings)

Cookies can serve different purposes:

  • Technically necessary cookies ensure that a website can function at all – for example for security, form protection or saving a language setting.
  • Analytics/statistics cookies are used to analyze user behavior and improve the website.
  • Marketing cookies are used to track users across websites and display interest-based advertising.

In addition, the following distinctions are common:

  • Session cookies: stored only for the duration of a session and automatically deleted when the browser is closed.
  • Persistent cookies: remain on your device beyond a session for a defined period of time until they automatically expire or you delete them.
  • First-party cookies: set directly by our website.
  • Third-party cookies: set by third-party services integrated into our website (e.g. Google).
Cookie notice (Light, English) Cookie notice (Dark, English)

How can you control cookies?

You can configure your browser so that:

  • you are informed when cookies are set,
  • cookies are only allowed in individual cases,
  • the acceptance of cookies is excluded for certain cases or in general,
  • cookies are automatically deleted when the browser is closed.

The exact procedure depends on the browser you use (e.g. Chrome, Firefox, Safari, Edge). You can find the relevant instructions in the help menu of your browser. Please note that if you deactivate cookies, some functions of our website may only be available to a limited extent.

The legal basis for the use of technically necessary cookies is our legitimate interest pursuant to Art. 6(1)(f) GDPR in conjunction with Section 165 TKG 2003. For non-essential cookies we would require your consent (Art. 6(1)(a) GDPR); we are currently not using such cookies.

5. Contact via form, e-mail or telephone

Contact form

If you use the contact form on our website, we process the data you enter:

  • Name
  • E-mail address
  • Phone number (optional)
  • Your message or inquiry

We use this data exclusively to answer your inquiry, prepare an offer or clarify follow-up questions. Depending on the purpose of the inquiry, processing is based on Art. 6(1)(b) GDPR (pre-contractual measures or performance of a contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication with customers).

We store your inquiry for as long as necessary to process it and as long as no statutory retention obligations conflict with this. Inquiries that do not result in a contract are regularly deleted or anonymized after a maximum of 12 months, unless another legal basis requires longer storage.

E-mail

If you contact us directly by e-mail, the e-mail and any personal data contained in it (e.g. name, contact details, content, attachments) are stored in our e-mail inboxes. E-mails are processed as part of our normal business correspondence and – as far as necessary – also included in project/contract documents.

The legal basis here is also Art. 6(1)(b) GDPR (contract/offer) or Art. 6(1)(f) GDPR (communication with customers and interested parties), depending on the context. E-mails are generally stored for the duration of statutory retention periods (e.g. typically 7 years under Austrian tax and commercial law – BAO/UGB) if they are relevant for accounting or billing purposes, or otherwise deleted once they are no longer required for the stated purposes.

Telephone contact

If you contact us by telephone, we process the data you provide during the call (e.g. name, contact details, information about your project). In addition, your telephone or our telephone system processes your phone number, date and time of the call and the duration of the call.

We do not record calls automatically (no call recording), unless this is explicitly agreed with you in exceptional cases and we provide separate information.

Notes taken during calls are only kept for as long as is necessary to process your inquiry or to prepare an offer or contract. Again, the legal basis is Art. 6(1)(b) or Art. 6(1)(f) GDPR.

6. Google reCAPTCHA

To protect our forms (especially the contact form) against spam and abuse, we use the “Google reCAPTCHA” service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as a visitor accesses a page with an embedded reCAPTCHA or interacts with the reCAPTCHA element. For the analysis, reCAPTCHA evaluates, for example:

  • IP address
  • Time spent on the page
  • Mouse movements and scrolling behavior
  • Browser and device settings
  • Referrer URL

The data collected during the analysis is transmitted to Google. The evaluation by Google is solely used to determine whether an entry has been made by a human or by an automated program.

The use of reCAPTCHA is based on our legitimate interest in protecting our website from abusive automated spying and from spam in accordance with Art. 6(1)(f) GDPR.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at https://policies.google.com/privacy and https://policies.google.com/terms .

7. Google Maps

Our website includes a map from the “Google Maps” service so that you can easily find our location in Vienna and plan your route. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The map is embedded directly into the page as an <iframe>. As soon as you access the relevant page, a connection is established to Google’s servers and the map is loaded. In doing so, in particular the following data is transmitted to Google:

  • IP address of the device
  • Date and time of page view
  • Requested URL (our page with the Maps integration)
  • Browser information (type, version, language)
  • Operating system and, where applicable, device settings

Google can combine this data with other information stored in your Google account, provided you are logged in. Data may also be processed on servers outside the EU/EEA (in particular in the USA).

We use Google Maps to provide a user-friendly presentation of our location and to improve the findability of our company. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If you have given Google or your browser/device settings consent to certain data processing (e.g. location services), Art. 6(1)(a) GDPR may also be applicable.

If you do not want Google to collect and process data about you via our website, you can restrict the loading of iframes from third parties in your browser settings or use a script/tracking blocker. Please note that in this case the map functionality may not be available or only to a limited extent.

Further information on data processing by Google can be found in Google’s Privacy Policy at https://policies.google.com/privacy .

8. Social media (Facebook & Instagram)

8.1 Links to our Facebook and Instagram profiles

On our website you will find references to our presences on social networks, in particular on Facebook and Instagram. These are currently implemented as simple links or icons (e.g. the Facebook or Instagram symbol in the contact section).

When you click on such an icon or a corresponding text link, you are taken directly to the respective external platform. Only at that moment is a connection established between your browser and the servers of the respective provider. We have no influence on the type and scope of the data processing that then takes place there; only the privacy policies of the respective platform apply.

The linking to our social media presences is based on Art. 6(1)(f) GDPR. Our legitimate interest is to present our company in a contemporary way beyond our website, to communicate with existing and potential customers and to increase awareness of our services.

8.2 Use of Facebook social plugins

Our website may in future use so-called social plugins (“plugins”) of the social network Facebook. The operator is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). Such plugins may include, for example, “Like” buttons, comment fields or the embedding of posts and page content.

At present, to the best of our knowledge, there are no active Facebook social plugins installed on our website in the sense of directly embedded like, share or comment functions. Should we implement such plugins in the future, the following applies:

If a Facebook plugin is embedded on one of our pages, your browser establishes a direct connection to Facebook’s servers when you access that page. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website by it. As a result, Facebook receives the information that your browser has accessed the corresponding page of our website – even if you do not have a Facebook account or are not currently logged in.

If you are logged in to Facebook, Facebook can associate your visit to our website directly with your Facebook account. If you interact with the plugins, for example by clicking the “Like” button or leaving a comment, this information is transmitted directly from your browser to Facebook and stored there. Depending on your Facebook settings, further usage data (e.g. IP address, browser information, time of page visit, possibly location data) may be processed.

We have no influence on the scope of the data that Facebook collects and processes using these plugins. You can find details in Facebook’s data policy. There you will also find more information about your rights and settings options for protecting your privacy.

If we use Facebook social plugins on our website, this is based on Art. 6(1)(f) GDPR. Our legitimate interest is to ensure an appealing presentation of our online offering and to efficiently promote our company and services via social media and interact with users. Insofar as Facebook processes data for its own purposes beyond this, in particular for analytics or advertising (e.g. for creating usage profiles), Facebook is responsible for such processing.

If you do not want Facebook to directly assign the data collected via our website to your profile, please log out of your Facebook account before visiting our website. You can also restrict the loading of Facebook plugins with appropriate browser extensions (e.g. script blockers).

8.3 Use of Instagram content and plugins

Our website may also integrate functions and content from the Instagram service. Instagram is likewise provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).

Currently, to the best of our knowledge, we only use links to our Instagram profile on the website (e.g. via the Instagram icon). When you click on this icon, you are redirected to the Instagram platform. In this case, any data processing takes place exclusively on the systems of Instagram; the privacy policy of Instagram/Meta applies.

Should we in future embed Instagram content directly on our website (e.g. photos, reels or feeds), this is usually done via widgets or plugins. As soon as you access a page with an Instagram element, your browser establishes a direct connection to Instagram’s/Meta’s servers. This informs Instagram/Meta that your IP address has accessed the relevant page of our website. If you are logged in to Instagram, Instagram can assign the visit directly to your account. If you then “like” or comment on embedded content, this information is also transmitted directly to Instagram/Meta and stored there.

Meta may use the data collected in this way for its own purposes, such as analytics, market research and personalized advertising. We have no influence on this. Details on the processing of personal data by Instagram and on your corresponding rights and settings options to protect your privacy can be found in the Instagram/Meta privacy policy.

The embedding of Instagram content and the linking to our Instagram profile is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in an appealing presentation of our services, in strengthening our online presence and in the ability to communicate efficiently with prospects and customers via social media.

If you do not want Instagram/Meta to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account before visiting our site and delete any Instagram cookies that may be stored. In addition, you can restrict the loading of content from Meta services using appropriate browser settings or extensions.

8.4 Joint responsibility and further information

Please note that for certain functions of Facebook and Instagram (e.g. statistics on page views or interactions, so-called “Insights”) we may act jointly with Meta as joint controllers within the meaning of Art. 26 GDPR. The primary responsibility for the processing of personal data on these platforms lies with Meta. Meta is in particular responsible for implementing data subject rights under the GDPR (e.g. right of access, right to erasure).

If you wish to exercise your rights as a data subject in connection with data processing by Facebook or Instagram, it is most effective to contact Meta directly. Of course, you may also contact us at any time with regard to data that is processed within our own area of responsibility (e.g. communication via messaging functions or comments, insofar as we manage them within our pages).

9. Storage period

As a rule, we store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods. In detail, this means in particular:

  • Inquiries without subsequent contract: deletion or anonymization usually within 12 months.
  • Contract and offer documents, invoices: retention in accordance with commercial and tax law requirements (in Austria typically 7 years under BAO/UGB).
  • Server log files: usually stored by the provider for a few weeks, then automatically deleted.

After expiry of the respective periods, the data is routinely deleted, unless it is still required for the performance of the contract, the enforcement or defense of legal claims.

10. Your rights as a data subject

In connection with the processing of your personal data, you have the following rights:

  • Right of access to the data we process about you (Art. 15 GDPR)
  • Right to rectification of inaccurate or incomplete data (Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”, Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to certain processing activities (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR)

If you wish to exercise any of these rights, please contact us at office@decoramalerei.com or by post at the above address. For security reasons, we may request additional information in individual cases in order to verify your identity.

Right to lodge a complaint with the supervisory authority

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna
Web: www.dsb.gv.at

11. Data security

We use technical and organizational security measures to protect your data as effectively as possible against loss, misuse and unauthorized access. This includes in particular:

  • the use of SSL/TLS encryption (https)
  • regular updates of the systems and software used
  • access restrictions for internal systems
  • careful handling of e-mails and attachments

Please note that data transmission over the internet (e.g. communication by e-mail) can have security vulnerabilities. Complete protection of data against access by third parties is technically not possible.

12. Updates and changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy where necessary, for example if we change our website, our services or the tools used, or if the legal framework changes.

The current version is always available on our website at en/privacy.html.

Last updated: October 2025

Note: This Privacy Policy has been prepared with great care, but does not replace individual legal advice. Despite careful review, we cannot assume any liability for the accuracy, completeness or up-to-dateness of the content.