Cookie Policy
We use our own cookies and third-party cookies to provide you with the best possible service. You can configure and accept the use of cookies, and modify your consent options, at any time. You can read more information about our Cookie Policy.
Manage settings
Privacy Policy – gehgassi GmbH

Privacy Policy

gehgassi GmbH

The protection of your personal data is of particular importance to us. We therefore process your data exclusively based on the applicable legal provisions (GDPR, TKG 2003). This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within the scope of our services.

The terms used, such as “controller”, “processing”, or “personal data”, are based on the definitions in Article 4 of the General Data Protection Regulation (GDPR).

This privacy policy applies to the entire online presence of gehgassi GmbH, accessible via https://gehgassi.com and its various subdomains.

1. Controller / Data Protection Officer

gehgassi GmbH
FN 580181h
Hiltenwiesen 13
5163 Palting
Managing Directors / Data Protection Officers: Sophie Zimmermann, MAS; Kilian Wirl
Email: office@gehgassi.com

2. Categories of Personal Data Processed

  • 2.1. Master Data: Last name, first name, date of birth, gender, billing address, nationality.
  • 2.2. Contact Details: Email address, phone number.
  • 2.3. Usage Data: Device information, IP address, access time, cookies, log data.
  • 2.4. Other Personal Data: Data that you provide with your consent or in another lawful manner for the purpose of using our services (e.g., bank or credit card information, biometric data, uploaded ID documents such as a passport or identity card).

3. Collection and Processing of Personal Data

Your personal data is processed solely within the legally permitted scope, in particular:

  • when you have given your explicit consent for one or more specific purposes (Art. 6 (1)(a) GDPR),
  • when the processing is necessary for the fulfillment of a legal obligation (Art. 6 (1)(c) GDPR).

We process your data when you register by creating a user account on our website or app, or when you otherwise contact us. The data is used to enable your use of our platform and to communicate with you, such as by sending push notifications or resolving technical issues.

4. Data Processing When Contacting Us or Creating an Account

When you contact us (e.g., by email or via registration on our website or app), your personal data is collected for the purpose of processing your request and for technical administration.

Legal Basis: Art. 6 (1)(f) GDPR – our legitimate interest in responding to inquiries and providing assistance.
When creating a user account, the data is also processed on the basis of your consent (Art. 6 (1)(a) GDPR).

Once your request has been resolved or your user account has been deleted, your data will be erased, provided that there are no legal retention requirements.

5. Contact Form

We provide a contact form on our website at https://gehgassi.com/kontakt/. When you use this form, we process your full name, email address, and optionally your phone number. This information is used exclusively to process your request. Your data will not be shared with third parties.

Legal basis for processing: Art. 6 (1)(a) GDPR, based on your consent when submitting the form. Once your request is resolved, your data will be deleted unless legal retention obligations apply.

6. Data Collection for Service Fulfillment

To provide our services or accept third-party services, we work with the following service providers. Certain personal data is shared with these providers as necessary for service performance:

  • Selected platform users, for service delivery, with your consent
  • Banks and payment providers (e.g. MANGOPAY S.A., PayPal Europe S.à r.l. et Cie, S.C.A.)
  • Verification and legal service providers (e.g. Google Ireland Ltd., legal representatives, public authorities)

Legal basis: Art. 6 (1)(b) and (a) GDPR depending on contractual necessity and explicit consent.

7. Cooperation Partners

To enhance our service offering, we collaborate with partners who receive anonymized usage data. No personal data is disclosed.

8. Newsletter

Upon your explicit written consent, we will send newsletters via email. A double opt-in confirmation is required. We use ActiveCampaign for distribution (activecampaign.com). You may unsubscribe at any time by contacting us or using the unsubscribe link.

9. Online Presence / Social Media

We operate on various platforms to engage with users. The respective platform’s privacy policies apply. We process communication data shared via these platforms.

10. Communication With You

We may contact you via email or app notifications to inform you about services, updates, or issues with your profile. Communication is based on your consent (Art. 6 (1)(a) GDPR).

11. Public Data

Some data is public (e.g. name, gender, language, location, profile photo) to enable platform functionality and user recognition. Sharing further personal data with other users is at your discretion and responsibility.

12. Cookies

Cookies enable recognition and functionality. They can be managed in your settings. For details see our Cookie Policy.

13. Tracking and Analytics Tools

To optimize our website, we use tracking tools. These are based on Art. 6 (1)(f) or (a) GDPR, depending on whether you consented to cookies.

14. Firebase and Google Analytics for Firebase

We use Firebase services (Google Ireland Ltd.) for registration, analytics, crash reporting, etc. Data is anonymized and may be processed in the USA under EU Standard Contractual Clauses. For more information, visit Firebase Privacy.

15. Google Ads

We use Google Ads for marketing purposes. Personal data related to ad interactions may be collected. For details, see Google’s Privacy Policy.

16. Meta Pixel

We use Meta Pixel (Meta Platforms Ireland) for ad conversion tracking. Data like IP address, browser info, and interactions are collected. For more, see Meta Privacy Policy.

17. reCAPTCHA

We use Google reCAPTCHA to prevent abuse. Data collected may include IP address, browser data, and interactions. These may be processed in the USA. For more, visit Google Privacy Policy.

18. Hyperlinks

We use hyperlinks to third-party websites. We are not responsible for their data processing. Please check their privacy policies directly.

19. Plugins

Our website uses plugins from social networks (e.g. Facebook, Instagram). These may link user visits to their social media profiles. We recommend logging out of social networks before visiting our site.

20. User Rights

  • Right to access, rectification, deletion, restriction (Art. 15–18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7 (3) GDPR)
  • Right to lodge a complaint with a supervisory authority: www.dsb.gv.at

21. Right to Object

You may object to processing based on legitimate interests or for direct marketing at any time (Art. 21 GDPR).

22. Data Retention

We delete personal data once it is no longer required. Website operation data may be stored in log files without opt-out. Longer retention may apply where required by law.

23. Data Security

We implement technical and organizational measures to protect your data. However, we cannot guarantee complete security, especially for unencrypted data transmission. Protect your data accordingly.