Why FireStart?

Your data are in safe hands with us! We, FireStart GmbH, Am Winterhafen 1, 4020 Linz, Austria (hereinafter “we”), are committed to protecting your data and take this commitment seriously. Please take the time to read this Privacy Policy and get an idea of why and in what form we process your data.

1. General

1.1. With this Privacy Policy, we would like to inform you about the nature, scope and purpose of the personal data we collect and process. Personal data means any information relating to an identified or identifiable natural person, e.g., name and e-mail address, but also your IP address.

1.2. We process your personal data in accordance with the provisions of the data protection law (in particular GDPR and Data Protection Act (DSG) as amended) and other applicable provisions.

2. Responsible Party for Data Processing

The Controller within the meaning of the GDPR is FireStart GmbH. As the Controller, we are obliged to ensure that all our data processing procedures comply with the legal requirements. You can reach us as follows:

Am Winterhafen 1

4020 Linz

+43 732 9004-10

office@firestart.com

3. Collected Data, Purpose and Legal Basis

3.1. Provision of Products and Services

You can purchase products and services provided by us. You have the option to use the products and services locally or as Software as a Service (SaaS).

For the purpose of the proper fulfilment of orders and requests, we process the personal data that you provide to us by telephone, e-mail, chat or web form. This also includes personal data that you provide to us, for example, in the event of error messages regarding our products and services. The data processed may vary depending on the scope of your information, but in principle the following personal data are processed: name, e-mail address, company, job title, department, industry and country.

The legal basis for the processing of your data for the above-mentioned services is the fulfilment of the contract pursuant to Art. 6 (1) lit. b GDPR. The processing is necessary for the fulfilment of the services requested by you.

For those personal data that you provide as part of the use of our products and services as SaaS, you yourself are the controller of the personal data and we are the processor. In this regard, a separate data processing agreement will be concluded with you.

3.2. Registration for Our Newsletter

You can register for our electronic newsletter via our website.

In this context, the following data will be requested: name and e-mail address.

The legal basis for this data processing is your consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time or unsubscribe from the newsletter via an “Unsubscribe” button contained in every e-mail with which the newsletter is sent to you.

The registration takes place in a so-called double opt-in procedure. After entering your data, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent registration with third-party e-mail addresses.

3.3. Registration for Webinars

You can register for webinars organised by us via the website.

For this purpose, we process the personal data that is necessary for the provision of the service. This includes, in particular, first name, last name, e-mail address, telephone number (optional), company.

Your registration takes place in a so-called double opt-in procedure. After entering your data, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent registration with third-party e-mail addresses.

3.4. Support and General Enquiries

You can also submit support requests and general enquiries to us via our website.

To fulfil your request, we need the following data: Name, e-mail address, telephone number (optional), information about the specific request.

The legal basis for this processing of personal data is the preparation and fulfilment of the contract according to 6 (1) lit. b GDPR.

In addition, we have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in evaluating your enquiries in order to improve and optimise our processes, services and products.

4. Transmission of Data

4.1. Within FireStart GmbH, only those departments or employees receive your data insofar as they require it for processing for the corresponding purposes. In addition, processors commissioned by us (IT service providers, marketing, etc.) receive your data insofar as they require the data to perform their respective services. All processors have been carefully selected and take appropriate technical and organisational measures to ensure that your data is processed in accordance with data protection obligations and that your rights are protected. In particular, the processors are not permitted to use your personal data for their own purposes. In particular, we use the following processors to process your data:

• WIX

WIX secures and ensures the reliability of our websites

We also transfer your personal data to the following recipients to the extent necessary:

• to third parties who assist in the fulfilment of our obligations to you

to other external third parties to the extent necessary on the basis of our legitimate interests (e.g., auditors, lawyers, etc.)

• to authorities and other public bodies to the extent required by law (e.g., tax authorities, courts, etc.)

• to third-party providers that serve to improve customer communication (Google Analytics, Google Ads, LinkedIn, G2, zoom, recruitee, Zapier, HubSpot, Zendesk, etc.)

4.2. In order to answer your support requests as quickly as possible, FireStart GmbH offers a contact option via a support form. This form is operated via an external system by Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA.

Please refer to the data protection information of Zendesk: https://www.zendesk.com/company/customers-partners/privacy-policy/

The use of the support form is optional. Alternative, direct contact options can be found at: https://www.firestart.com/support/

5. International Data Transfers

5.1. Some of the recipients of your data mentioned above may be located outside of Austria or the EU. The level of data protection in third countries may not correspond to that in Austria or the EU.

5.2. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection or we take measures to ensure that all recipients have an adequate level of data protection. For example, we conclude standard contractual clauses for this purpose.

6. Storage Duration

6.1. We will process your personal data for as long as is reasonably necessary to achieve the purposes set out above and, in addition, in accordance with legal retention and documentation obligations or for the assertion, exercise or defence of legal claims.

6.2. In principle, your data will therefore be deleted after withdrawal of your consent or your objection, unless the storage is necessary for the fulfilment of a legal obligation or for the assertion, exercise or defence of legal claims. Further processing will only take place if you have expressly consented to the further use of your data or if we have reserved the right to further data processing that is permitted by law.

6.3. There is the possibility that instead of deletion, anonymisation of the data is carried out. In this case, any reference to a person is irretrievably removed, which is why the deletion obligations under data protection law no longer apply. In this case, no personal reference can be restored.

7. Your Rights

7.1. Withdrawal of Your Consent to Data Processing

Some data processing operations are only possible with your express consent. You can withdraw consent you have already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

7.2. Right to Object to the Collection of Data

If the data processing is necessary for the purposes of our legitimate interests, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing.

7.3. Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

7.4. Access, Deletion and Correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data.

7.5. Right to Restrict the Processing

You have the right to request the restriction of the processing of your personal data. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data held by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

8. Right to Lodge a Complaint with the Competent Supervisory Authority

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can file a complaint with the supervisory authority. In Austria, the Data Protection Authority is responsible.

Austrian Data Protection Authority

Barichgasse 40-42

1030 Wien

Telefon: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

9. Obligation to Provide Data

The provision of your data is generally voluntary. However, some information is necessary for the provision of our services. This information is marked accordingly. If you do not provide your data, we may not be able to provide some of our services properly.

10. Cookie Policy

Our website uses so-called “cookies.” Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or display advertising.

If cookies are used and these do not guarantee basic functionalities of our pages and the optimised presentation of our offer, the data processing is based on your consent. You can withdraw your consent at any time.

Within the framework of a consent management ("cookie banner"), we offer you the possibility to decide on the setting of cookies on our website according to your specifications

You can adjust your browser settings so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. The deactivation of cookies may limit the functionality of the website.