Legal
Privacy Policy
Last updated: February 7, 2026
1. Data Controller
EnFera GmbH (in formation)
Marxergasse 24/2
1030 Vienna
Austria
Contact:
Email: contact@enfera.at
Website: www.enfera.at
Authorized representative:
DI Christopher Gradwohl
2. General Information
We take the protection of your personal data very seriously. We treat your data confidentially and in accordance with applicable data protection regulations and this privacy policy.
This privacy policy informs you about the nature, scope, and purpose of the collection and use of personal data on our website.
Legal bases:
- General Data Protection Regulation (GDPR - EU 2016/679)
- Austrian Data Protection Act (DSG)
- Telecommunications Act 2021 (TKG 2021)
3. Automatic Data Collection When Visiting the Website
3.1 Server Log Files
When you visit our website, the following data is automatically collected:
- IP address
- Date and time of access
- Pages visited
- Browser type and version
- Operating system
- Referrer URL (previously visited page)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing the website and ensuring IT security)
Storage duration: 30 days, followed by automatic deletion or anonymization
4. Contact & Demo Requests
4.1 Contact Form & Email
When you contact us via the contact form or by email, the following data is processed:
- Name
- Email address
- Company (optional)
- Phone number (optional)
- Message content
- Time of inquiry
Legal basis:
- Art. 6(1)(b) GDPR for demo/pricing inquiries (pre-contractual measures)
- Art. 6(1)(f) GDPR for general inquiries (legitimate interest in responding)
Purpose: Responding to your inquiry and conducting pre-contractual communication
Storage duration: 6 months after completion of correspondence; in case of contract conclusion, in accordance with statutory retention periods
4.2 Demo Requests & Appointment Bookings (Calendly)
We use the service Calendly for booking demos and consultation meetings.
Provider: Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA
Data processed:
- Name
- Email address
- Selected appointment
- Time zone
- Optional: phone number, company
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures)
Data transfer: USA - Safeguards through EU Commission Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR
More information:
Calendly Privacy: Privacy Notice | Calendly
Storage duration: 12 months after the booked appointment, followed by automatic deletion
5. Newsletter
5.1 Newsletter Subscription
You can subscribe to a free newsletter on our website. For this, we require your email address.
Provider: Mailchimp (The Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA)
Data processed:
- Email address
- Name (optional)
- IP address at the time of registration (proof of consent)
- Time of registration and confirmation
Double opt-in procedure:
After registration, you will receive a confirmation email. Your subscription will only be activated after clicking the confirmation link. This serves security purposes and prevents misuse.
Legal basis:
- Art. 6(1)(a) GDPR (consent)
- § 107 TKG 2021
Purpose: Sending information about EnFera products, updates, and events
Data transfer: USA - Safeguards through EU Commission Standard Contractual Clauses
5.2 Newsletter Analysis
Mailchimp records whether and when you open newsletters and which links you click. This is used for statistical evaluation and improvement of our newsletters.
Tracking technologies:
- Tracking pixels (web beacons) in emails
- Individual tracking links
Objection: You can deactivate tracking by disabling images in your email program by default.
5.3 Unsubscribing from the Newsletter
You can unsubscribe from the newsletter at any time:
- Link at the bottom of each newsletter
- Email to contact@enfera.at
- Via your Mailchimp preference center
More information:
Mailchimp Privacy: Global Privacy Statement | Intuit
Storage duration: Until withdrawal of consent (unsubscription), followed by immediate deletion
6. Cookies & Tracking
6.1 What Are Cookies?
Cookies are small text files stored on your device. They help us make the website functional and improve your user experience.
6.2 Essential Cookies
Purpose: Technically necessary for the website to function
Examples:
- Session cookies (session management)
- Cookie consent (storage of your cookie preferences)
- Security cookies (CSRF protection)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Storage duration: Session or up to 12 months
6.3 Google Analytics
We use Google Analytics to analyze website usage.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Parent company: Google LLC, USA)
Data processed:
- Anonymized IP address (last octet removed)
- Device information (browser, operating system, screen resolution)
- Pages visited and time spent
- Interactions (clicks, scroll behavior)
- Approximate location (based on IP)
- Referrer source
Legal basis:
- Art. 6(1)(a) GDPR (consent via cookie banner)
- § 165(3) TKG 2021
IP anonymization: We have configured Google Analytics with the anonymizeIP extension. Your IP address is truncated before storage.
Data transfer:
- Primary: EU servers (Ireland)
- Secondary: USA (Google LLC) - Safeguards through Standard Contractual Clauses pursuant to Art. 46 GDPR
Data Processing Agreement: Concluded with Google Ireland Limited pursuant to Art. 28 GDPR
Storage duration: 14 months (user and event data per Google standard), followed by automatic deletion
Opt-out options:
- Reject cookie settings on our website
- Browser add-on: Google Analytics Opt-out Browser Add-on
- Browser settings: Block cookies
More information:
Google Analytics Privacy: Safeguarding your data - Analytics Help
7. Hosting & Technical Service Providers
7.1 Vercel (Hosting)
Our website is hosted by:
Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA
Server location: Frankfurt am Main, Germany (EU)
Data processed:
- IP address
- HTTP requests
- Timestamps
- Geographic location (for CDN routing)
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing the website)
Data transfer:
- Primary: Germany/EU
- Edge functions may temporarily process data in US data centers
- Safeguards: Standard Contractual Clauses
Data Processing Agreement: Concluded pursuant to Art. 28 GDPR
More information:
Vercel Privacy: Privacy Policy
8. Data Transfer to Third Countries
Some of our service providers are based outside the European Union or the European Economic Area.
Affected services:
- Google Analytics (USA)
- Mailchimp (USA)
- Calendly (USA)
- Vercel Edge Functions (USA)
Safeguards for an adequate level of data protection:
Standard Contractual Clauses (SCC):
We have concluded EU Commission Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR with all third-country service providers.
Additional protective measures:
- Technical encryption (TLS/SSL)
- IP anonymization (Google Analytics)
- Pseudonymization where possible
- Data minimization
Transfer Impact Assessment:
We have reviewed the legal situation in the USA and consider the safeguards in place to be adequate.
Copies of the safeguards: Can be requested at contact@enfera.at.
9. Your Rights as a Data Subject
You have the following rights:
9.1 Right of Access (Art. 15 GDPR)
Right to information about your stored data and processing purposes.
9.2 Right to Rectification (Art. 16 GDPR)
Right to correct inaccurate or complete incomplete data.
9.3 Right to Erasure (Art. 17 GDPR)
Right to deletion of your data, provided no statutory retention obligations apply.
9.4 Right to Restriction (Art. 18 GDPR)
Right to restrict processing in certain cases.
9.5 Right to Data Portability (Art. 20 GDPR)
Right to receive your data in a structured, machine-readable format.
9.6 Right to Object (Art. 21 GDPR)
Right to object to processing based on your particular situation.
9.7 Right to Withdraw Consent (Art. 7(3) GDPR)
Right to withdraw consent at any time (e.g., newsletter, cookies).
Exercising your rights:
Email to contact@enfera.at
We will respond to your request within one month.
9.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the data protection authority:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at
10. Data Security
We employ technical and organizational security measures:
- SSL/TLS encryption for all data transfers (recognizable by https://)
- Encrypted data storage on servers
- Access restrictions - authorized personnel only
- Regular security updates
- Automatic backups
- Firewall protection
- Security monitoring
Despite all due care, no transmission method on the internet can be 100% secure. You transmit data at your own risk.
11. External Links
Our website contains links to external websites (e.g., LinkedIn, GitHub).
Important: After leaving our website, the privacy policies of the respective providers apply. We have no influence on their data processing.
Our profiles:
- LinkedIn: https://www.linkedin.com/company/enfera
13. No Automated Decision-Making
We do not use automated decision-making or profiling pursuant to Art. 22 GDPR.
14. Minors
Our services are intended for businesses and individuals over 18 years of age. We do not knowingly collect data from minors under 14 years of age.
15. Changes to This Privacy Policy
We reserve the right to update this privacy policy to adapt it to changes in the legal situation or changes to our services.
The current version is always available at www.enfera.at/privacy.
In case of material changes, we will inform you through a prominent notice on the website.
16. Contact
If you have any questions about data protection, you can contact us at any time:
Data Protection Contact:
Email: contact@enfera.at
Post: EnFera GmbH, Marxergasse 24/2, 1030 Vienna, Austria
As of: February 7, 2026
© 2026 EnFera. All rights reserved.