Data Privacy Notice – EVIGLARA GmbH (in formation)

As of January 2026

EVIGLARA GmbH (in formation), Gaullachergasse 33/29, 1160 Vienna ("EVIGLARA", " we ", " us ") takes the protection of your personal data very seriously. Therefore, compliance with data protection regulations, in particular the General Data Protection Regulation (" GDPR "), the Austrian Data Protection Act (" DSG ") and the Telecommunications Act 2021 (" TKG 2021 "), is a matter of course for us.

Personal data is information about data subjects (natural persons) whose identity is determined or at least determinable (e.g., name, email address, or IP address). This privacy policy informs you about the type, scope, and purposes of the collection and processing of your personal data in connection with your visit to and use of our website.

Data of the responsible party:

Name: EVIGLARA GmbH (in formation)

Address: Gaullachergasse 33/29, 1160 Vienna

Email address: office@eviglara.com

1. What data do we collect from users of our website?

1.1. Contacting us

Data categories and purpose: When you contact us via our email addresses or our contact form, we process your personal data (name, email address or telephone number as well as the content of your request, further correspondence regarding your request; in the case of accreditations, additionally your profession and company) for the purpose of processing and responding to your request.

Legal basis: The legal basis is the fulfillment of our (pre-)contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR or our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the prompt processing and response to any queries.

Data retention period: We store your data for six months in connection with initial contact so that we can respond appropriately to follow-up questions. Data will only be stored for a longer period if a business relationship develops subsequently, due to legal retention obligations, or for defense in the event of legal disputes.

1.2. Newsletter

Data categories and purpose: When you subscribe to our newsletter about our services and offers, we process your email address, the newsletter category you clicked on, the time of your registration and the newsletter open rates.

Legal basis: The processing for sending the newsletter is based on your voluntary and explicit consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with § 174 TKG 2021. You can revoke your consent at any time with effect for the future (e.g. by email to office@eviglara.com or via the unsubscribe link which you will find in every newsletter).

Storage period: We process your personal data for newsletter subscriptions until you withdraw your voluntary consent, but for no longer than three years from your last contact with us.

1.3. Online shop and ordering goods

Data categories and purpose: When you order goods, we process the personal data necessary for processing your order. This includes your first and last name, email address, and billing or shipping address. We also process the goods you have selected and the time of your order in order to fulfill the order and send you an order confirmation. Depending on your chosen payment method, the data necessary for payment processing will also be processed by the respective payment service provider. Furthermore, when you register on our website, we process your title, telephone number, date of birth, and the (encrypted) password you choose, provided you voluntarily provide this information.

Legal basis: The processing of your personal data is necessary for the performance of our (pre-)contractual obligations pursuant to Article 6(1)(b) GDPR. Without this data, we cannot conclude the contract with you. Furthermore, we process this data to the extent legally required for the fulfillment of our corporate and tax law obligations pursuant to Article 6(1)(c) GDPR. The data you optionally provide us with during registration is processed on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR in order to contact you by telephone if necessary and to provide you with a user account for easier ordering.

Storage period: We store your personal data for the duration of the contractual relationship and beyond, for as long as necessary to fulfill our legal retention obligations. Contract, payment, and billing data are stored for seven years (§ 132 BAO, §§ 190 and 212 UGB, § 11 para. 2 UStG).

1.4. Social Media

Data categories and purpose: You can interact with us on our social media pages by commenting on our posts, reacting to them (e.g., via the " Like " button), sharing them, or sending them to other users. In doing so, we process your interactions, your username, and, where applicable, personal data of invited third parties. This data may also be processed by the platforms themselves. In this case, the respective platform and we are joint controllers pursuant to Article 26 of the GDPR. We have therefore entered into joint controllership agreements.

Legal basis: The data processing serves to answer your questions, to give you the opportunity to express your views and to respond to your opinions and feedback, as well as to promote our services. The processing is therefore based on both our and your legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and for the fulfillment of our (pre-)contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR.

Further information on data processing by the platforms, including storage duration, can be found at:

1.5. Provision of the website and creation of log files

Data categories and purpose: The following technically necessary data within the meaning of Section 165 Paragraph 3 of the Telecommunications Act 2021 (TKG 2021) are automatically collected during your visit to our website in order to display the website to you and to ensure its stability and security:

  • Information about the browser type and version used,
  • the user's operating system,
  • the user's internet service providers,
  • the IP address of the user,
  • Date and time of access,
  • Content of the request (specific page),
  • Websites from which the user's system accessed our website.

Legal basis: Your web browser transmits all this data when you access our website. We process this data solely for the purpose of providing the website and for operational security, and it is therefore technically necessary within the meaning of Section 165 Paragraph 3 of the Austrian Telecommunications Act 2021 (TKG 2021). This processing is based on our legitimate interests pursuant to Article 6 Paragraph 1 Letter f of the GDPR and also includes logging system usage, user authorization processes, and evaluating server logs for problem analysis.

Storage period: We generally store your usage data from your visit to the website for a period of one year. This data is not stored together with other personal data of the user.

1.6. Cookies

A complete list of cookies can be found in the cookie banner. The cookie banner appears automatically the first time you visit our website. You can also access the cookie banner at any time via the "Cookies" menu item in the website footer. Further information about the use of cookies can be found in our Cookie Policy.

2. Recipients of personal data

We treat your personal data with the utmost confidentiality. Therefore, we deliberately keep the number of recipients of your data to a minimum.

To operate our website and app, we use service providers who also have access to personal data in order to provide the contracted services. Our data processors are primarily IT service providers:

  • Software and service providers, as well as providers of tools and solutions that support us in providing the website and delivering our services,
  • General IT administration (including support, software and maintenance, data center).

These data processors process your data only on our behalf, based on our instructions, and for the provision of the services mentioned above. We have concluded data processing agreements with all our data processors in accordance with Article 28 of the GDPR.

Furthermore, we will transmit your personal data to the following recipients to the extent necessary, if required:

  • to external third parties to the necessary extent based on our legitimate interests (e.g. auditors, debt collection agencies, insurance companies in the event of an insurance claim, legal representatives in the event of an incident, etc.);
  • to authorities and other public bodies to the extent required by law (e.g., tax authorities, data protection authorities, etc.).

Your personal data will not be passed on to any other third parties for their own purposes without your consent.

3. Storage duration

We generally only store your personal data for as long as we need it to fulfill the purposes described. If we no longer need your personal data, we delete it from our systems or anonymize it so that you can no longer be irrevocably identified.

Information on specific retention periods can be found above under the respective purpose.

If data processing is carried out in our legitimate interest or that of a third party, your personal data will be deleted as soon as this interest ceases to exist, unless legal retention obligations require us to store it for a longer period. This also applies to data processing based on consent you have given. As soon as you withdraw this consent for the future, your personal data will be deleted immediately, unless there is a legal obligation to retain it for a longer period.

Furthermore, when determining the storage period, we take into account the statutory limitation periods, which, for example, according to the Austrian General Civil Code (ABGB), are usually 3 years, but in certain cases up to 30 years (§ 1489 ABGB).

We store your data relating to the exercise of data subject rights for 18 months to prove that your request has been processed, based on our legitimate interests (Art. 6 para. 1 lit. f GDPR).

This applies without prejudice to cases where longer retention is required for legal disputes, requests from the competent authorities or under applicable law.

4. International Data Transfers

Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) that offer an adequate level of data protection, as determined by adequacy decisions of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Your personal data will only be transferred to countries outside the EU/EEA that do not guarantee an adequate level of protection if the data controller and the recipients of the data have concluded the European Commission's Standard Contractual Clauses (SCCs) as appropriate safeguards for the protection of your personal data, have carried out a Transfer Impact Assessment and implemented supplementary security measures, or if you have given your explicit voluntary consent.

5. Data security

We have implemented appropriate technical and organizational security measures in accordance with Article 32 GDPR to ensure the confidentiality and security of your personal data.

6. Rights of data subjects

You have the right to information about your personal data processed by us as the data controller (Art. 15 GDPR). In addition, you have the right to rectification of inaccurate data and erasure of your data ("right to be forgotten") (Art. 16 and 17 GDPR). You may also have the right to restriction of processing of your data (Art. 18 GDPR) and the right to receive the data you have provided in a structured, commonly used, and machine-readable format ("data portability", Art. 20 GDPR). Furthermore, you can withdraw your freely given consent to the processing of personal data at any time with effect for the future, e.g., by email to office@eviglara.com (Art. 7 para. 3 GDPR).

Furthermore, you have the right to object to direct marketing activities and to the processing of your personal data at any time on grounds relating to your particular situation (Art. 21 GDPR). In this case, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

If you believe that we are processing your personal data unlawfully, you also have the right to lodge a complaint with the competent supervisory authority or to seek a judicial remedy (Art. 77 GDPR). In Austria, this is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Email: dsb@dsb.gv.at

You can also lodge a complaint with the supervisory authority of the EU country where you have your habitual residence or work, or with the supervisory authority of the place where the alleged infringement took place.

To exercise these rights, you can contact us at any time, for example by email at office@eviglara.com.

7. Changes

The ongoing development of our services may lead to changes. We will, of course, keep our privacy policy up to date and amend it as necessary. The current version of the privacy policy is available on our website under "Privacy Policy," and we will notify you separately of any significant changes. We also recommend that you check the current version regularly.