1. Introduction
Protecting your personal data is of utmost importance to us. This Privacy Policy explains how we process personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws. Personal data refers to any information relating to an identified or identifiable natural person.
Please read this Privacy Policy carefully. It outlines: - Your rights as a data subject - How and why we process personal data - The use of cookies and third‑party services - Data transfers to third countries - Security measures - Contact details of the controller
2. Controller
The controller responsible for the processing of personal data is:
ThioMatrix Forschungs-Beratungs GmbH
Trientlgasse 65
6020 Innsbruck
Austria
VAT ID: ATU57107106
Email: info@thiomatrix.com
At present, no data protection officer is required under Art. 37 GDPR.
3. Rights of the Data Subject
As a data subject, you have the following rights under the GDPR:
3.1 Right of Access (Art. 15 GDPR)
You may request confirmation as to whether your personal data is being processed and obtain access to such data.
3.2 Right to Rectification (Art. 16 GDPR)
You may request the correction of inaccurate or incomplete personal data.
3.3 Right to Erasure (Art. 17 GDPR)
You may request the deletion of personal data where legal grounds apply (e.g., where data is no longer necessary, consent is withdrawn, or processing is unlawful).
3.4 Right to Restriction of Processing (Art. 18 GDPR)
You may request restricted processing under certain conditions.
3.5 Right to Data Portability (Art. 20 GDPR)
You may request your data in a structured, commonly used, and machine-readable format and transmit it to another controller.
3.6 Right to Object (Art. 21 GDPR)
You may object to processing based on legitimate interests or public interest.
3.7 Right to Withdraw Consent (Art. 7(3) GDPR)
You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
3.8 Right to Lodge a Complaint (Art. 77 GDPR)
You may lodge a complaint with the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority (Datenschutzbehörde).
Identity Verification
To exercise your rights, we may require proof of identity to prevent unauthorized access.
4. Categories of Personal Data Processed
We process the following categories of data, depending on the context:
Website usage data (IP address, browser type, operating system, access times, referrer URL)
Cookie and tracking data (subject to consent)
Contact data (if you contact us via email or phone)
Contractual data (if you are a customer or business partner)
We do not process special categories of personal data unless required and lawfully justified.
5. Website Visitors and Server Log Files
When you visit our website, the following data is automatically processed: - Requested URL and file - Date and time of access - Amount of data transferred - Status of request (successful/failed) - Browser type and version - Operating system (if transmitted) - Referrer URL - IP address
Purpose of Processing
Ensuring website functionality and security
Detecting and preventing misuse
Statistical analysis
Legal Basis
Art. 6(1)(f) GDPR — our legitimate interest in securing and optimizing our website.
Storage Period
Log files are stored for 30 days, unless a security‑relevant incident requires longer retention.
6. Cookies and Consent Management
Our website uses cookies to provide essential functionality and, with your consent, to perform analytics and marketing.
6.1 Categories of Cookies
Essential — required for website functionality; legal basis: Art. 6(1)(f) GDPR.
Statistics — optional; used only with your consent under Art. 6(1)(a) GDPR.
Marketing — optional; used only with your consent.
External Media — optional (e.g., YouTube); used only with your consent.
6.2 Consent Withdrawal
You can withdraw or modify your consent at any time through: - Our cookie banner/consent management platform (CMP) - Your browser settings
Withdrawal may impair website functionality.
7. Google Analytics
We use Google Analytics only if you consent to Statistics cookies.
Provider
Google Ireland Limited (for EU services). Data may be transferred to Google LLC in the United States.
Measures Implemented
IP anonymization is enabled before data leaves the EU.
Google Analytics cookies are placed only after explicit opt‑in.
Legal Basis
Art. 6(1)(a) GDPR — your consent.
Data Transfers to the USA
Where data is transferred to the United States, this may involve risks due to the lack of an EU‑equivalent level of data protection. Transfers rely on: - Your explicit consent (Art. 49(1)(a) GDPR), and/or - Standard Contractual Clauses provided by Google.
You can withdraw your consent at any time via the cookie settings.
8. Google Tag Manager
Google Tag Manager is used to manage website tags. It does not store personal data itself but may activate tags that process data.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in efficient website management.
9. Integration of Third‑Party Services
YouTube
We embed YouTube videos in privacy‑enhanced mode. Data is transmitted to YouTube only when you actively play a video.
Legal basis: Art. 6(1)(a) GDPR — your consent.
If you are logged into your Google account, YouTube may associate the playback with your profile. Please log out of Google if you do not wish this.
Data Transfer to Third Countries
YouTube may transfer data to the USA. Transfers rely on: - Your explicit consent (Art. 49(1)(a) GDPR), and/or - Standard Contractual Clauses.
10. Contacting Us
If you contact us by email or telephone, we process: - Name - Contact details - Content of your inquiry
Purpose
Handling and documenting your inquiry.
Legal Basis
Art. 6(1)(b) GDPR — performance of a contract or steps prior to entering into a contract
Art. 6(1)(f) GDPR — legitimate interest in responding to inquiries
Storage Period
Inquiries are stored for 12 months unless longer retention is required by law.
11. Recipients of Personal Data
We may share personal data with: - IT service providers - Tax advisors and legal counsel - Courts, authorities, and public bodies - Contract partners where necessary
Legal bases include Art. 6(1)(a), (b), and (f) GDPR.
12. Data Processing by Processors
We engage processors pursuant to Art. 28 GDPR. We ensure that all processors provide adequate technical and organizational measures to protect personal data.
13. Data Transfers to Third Countries
Where data is transferred outside the EU/EEA, we ensure compliance via: - Adequacy decisions (Art. 45 GDPR) - Standard Contractual Clauses (Art. 46 GDPR) - Your explicit consent (Art. 49(1)(a) GDPR), where applicable
Despite safeguards, third‑country access to data (e.g., by US authorities) cannot be entirely excluded.
14. Technical and Organizational Measures (TOMs)
We implement appropriate security measures, including: - Encryption of data in transit - Access controls and authentication - Backup and recovery procedures - Secure server infrastructure - Regular security updates and audits
15. Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
16. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be published on this webpage.
Last updated: 23.12.2025