Disclosure pursuant to Section 5 of the Austrian E-Commerce Act (ECG), Section 14 of the Austrian Commercial Code (UGB) and Section 25 of the Austrian Media Act (MedienG).
Media owner, service provider and publisher
Workheld GmbH
Rotensterngasse 5
1020 Vienna
Austria
Phone: +43 1 9929028
E-mail: office@workheld.com
Web: https://workheld.com
Authorised representatives and commercial register
Managing Director: Benjamin Schwärzler, MSc.
Commercial register number: FN 432744 p
Commercial register court: Commercial Court of Vienna
VAT ID: ATU69753046
Business activity
Trade: Services in automated data processing and information technology
Activities: Consulting, development and implementation of software and cloud solutions for workforce and workflow management in industrial and production-related services.
Professional regulations and supervisory authority
Applicable regulations: Austrian Trade Act 1994 (Gewerbeordnung 1994 – GewO 1994), available at www.ris.bka.gv.at.
Trade authority: Magistratisches Bezirksamt für den 2. Bezirk, Karmelitergasse 9, 1020 Vienna.
Chamber membership
Vienna Chamber of Commerce – Professional Association for Management Consultancy, Accounting and Information Technology (UBIT).
Editorial policy
Information about Workheld GmbH’s products and services as well as related topics in the areas of industry, maintenance, commissioning, customer service and paperless manufacturing.
Online dispute resolution
The European Commission provides a platform for online dispute resolution (ODR), available at https://ec.europa.eu/consumers/odr/. Workheld primarily addresses business customers and is neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.
Website credits
Website concept and implementation: Michael Kalina and Workheld GmbH.
Image credits: Daniel Gjakoni, Martin Kainz, freepik.com.
Legal notices
Liability for own content
The contents of this website are compiled with the greatest possible care. Workheld nevertheless gives no guarantee for the accuracy, completeness or timeliness of the contents. As a service provider, Workheld is responsible for its own content under Sections 13 et seq. and Section 18 of the Austrian E-Commerce Act (ECG) in accordance with general law.
Liability for links
This website contains links to external third-party websites whose content is outside Workheld’s control. Responsibility for the content of linked pages lies solely with the respective provider or operator. Should Workheld become aware of any legal infringement, the link in question will be removed without delay.
Copyright
All content and works created by Workheld on this website are subject to Austrian copyright law. Reproduction, modification, distribution or any form of use beyond the limits of copyright law require the prior written consent of Workheld. Where content has not been created by Workheld, the copyrights of third parties are observed and indicated as such.
Privacy policy for this website
Last updated: 7 May 2026
This statement describes how Workheld processes personal data on the website workheld.com. The privacy policy for the Workheld platform and apps (logged-in area) is published separately at workheld.com/en/privacy-policy/.
1. Controller and Data Protection Officer
The controller within the meaning of Article 4(7) GDPR is Workheld GmbH, Rotensterngasse 5, 1020 Vienna, Austria, e-mail: hallo@workheld.com.
Data Protection Officer: Dipl.-Inf. Christine Geier, MBA, contactable via Workheld GmbH (postal address as above; e-mail hallo@workheld.com with the subject line “Data Protection”).
2. Legal framework
Personal data is processed on the basis of the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR), the Austrian Data Protection Act (Datenschutzgesetz – DSG, as amended) and the Austrian Telecommunications Act 2021 (TKG 2021).
3. Processing activities at a glance
The following table provides an overview of the personal data processed when you visit this website, the purpose of processing, the legal basis and retention.
| Processing | Data | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Website access (server logs) | IP address (truncated), date/time, requested URL, referrer, user agent, HTTP status | Provision of the website, stability, defence against attacks | Art. 6(1)(f) GDPR (overriding legitimate interest in secure operation) | Max. 14 days |
| Strictly necessary cookies | Session identifier, cookie consent state | Operation of the website and respect for the user’s consent choices | Section 165(3) TKG 2021; Art. 6(1)(f) GDPR | Session, up to 12 months |
| Optional cookies and tracking | See section 5 | Analytics, marketing, embedded third-party content | Art. 6(1)(a) GDPR in conjunction with Section 165(3) TKG 2021 (consent) | See cookie table in the Cookie Settings |
| Contact form / e-mail enquiries | Name, e-mail address, company, message content, optional phone number | Handling of the enquiry and contacting the user | Art. 6(1)(b) GDPR (pre-contractual / contractual); Art. 6(1)(f) GDPR (response) | Up to 24 months after the most recent contact, then deletion unless statutory retention applies |
| Newsletters / marketing e-mails | Name, e-mail address, interaction data | Sending of newsletters, product updates, event invitations | Art. 6(1)(a) GDPR in conjunction with Section 174 TKG 2021 (consent) | Until consent is withdrawn; every newsletter contains an unsubscribe link |
| Demo / meeting bookings (HubSpot Meetings) | Name, e-mail address, company, requested time slot, optional message | Scheduling and preparation of the demo | Art. 6(1)(b) GDPR (pre-contractual measure) | Up to 24 months after the meeting; longer in the event of a contract due to statutory retention |
| Spam and bot protection (reCAPTCHA) | IP address, device/browser data, mouse movements, time stamps | Protection of forms against automated abuse | Art. 6(1)(f) GDPR (overriding legitimate interest in security) | As specified by Google |
4. Cookies and consent management
This website uses cookies and similar technologies (e.g. localStorage). Cookies that are technically necessary to operate the website are set without consent (Section 165(3) last sentence TKG 2021). All other cookies and embedded third-party content are activated only after the user’s express consent given via the consent management tool.
Workheld uses Borlabs Cookie (Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany) to obtain and manage consent. Consent can be reviewed or withdrawn at any time via the Cookie Settings. A complete list of the cookies in use, including provider, purpose and retention, is available in the consent management tool.
5. Service providers and recipients
Workheld uses the following service providers to operate this website. Where required, data processing agreements pursuant to Art. 28 GDPR are in place. Transfers to third countries take place only on the basis of an adequacy decision (e.g. the EU-U.S. Data Privacy Framework, Decision (EU) 2023/1795) or appropriate safeguards under Art. 46 GDPR (in particular Standard Contractual Clauses), supplemented by appropriate additional measures.
| Provider | Purpose | Data processed | Location | Legal / transfer basis |
|---|---|---|---|---|
| InstaWP Inc., USA (managed WordPress hosting) | Hosting of the website (WordPress) | All website data including server logs | EU data centre (confirmed on request) | Art. 28 GDPR; for transfers involving the US parent additionally EU-U.S. Data Privacy Framework and SCCs under Art. 46(2)(c) GDPR |
| HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA | Contact forms, CRM, newsletter delivery, HubSpot Meetings, marketing analytics | Name, e-mail address, company, IP address, interaction and usage data | EU hosting; US parent | Art. 6(1)(b) and (f) GDPR (contract / legitimate interest) or Art. 6(1)(a) GDPR (consent) for newsletters; Art. 28 GDPR; EU-U.S. Data Privacy Framework and SCCs under Art. 46(2)(c) GDPR |
| Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Analytics 4, reCAPTCHA, Google Fonts) | Reach measurement and optimisation (GA4); spam/bot protection for forms (reCAPTCHA); provision of fonts (Google Fonts) | IP address (truncated by default in GA4), device/browser data, usage and interaction data, mouse movements (reCAPTCHA) | EU; US parent Google LLC | Art. 6(1)(a) GDPR in conjunction with Section 165 TKG 2021 (consent) for GA4; Art. 6(1)(f) GDPR for reCAPTCHA and Google Fonts; EU-U.S. Data Privacy Framework and SCCs under Art. 46(2)(c) GDPR |
| Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden | B2B analytics: identifies the companies whose employees visit the website based on IP addresses (reverse-IP lookup) for B2B marketing analysis | IP address, device/browser data, pages visited, dwell time, optional cookie identifier; at company level: company name, industry, size | EU (Sweden) | Art. 6(1)(a) GDPR in conjunction with Section 165 TKG 2021 (consent); Art. 28 GDPR |
| Google Ireland Limited (YouTube – embedded videos) | Playback of embedded videos; in extended privacy mode where possible (youtube-nocookie.com) | IP address, device/browser data, playback data | EU; US parent Google LLC | Art. 6(1)(a) GDPR (consent; click-to-load); EU-U.S. Data Privacy Framework and SCCs under Art. 46(2)(c) GDPR |
| Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (Borlabs Cookie) | Management of cookie consents | Cookie consent state, anonymised usage data | EU (Germany) | Art. 6(1)(c) GDPR in conjunction with Section 165 TKG 2021 (legal obligation to document consent); Art. 28 GDPR |
| Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, Ireland (Facebook, Instagram – only with embedded content and after consent) | Display of embedded social media content (click-to-load) | IP address, device/browser data, optionally profile information for logged-in users | EU; US parent Meta Platforms Inc. | Art. 6(1)(a) GDPR (consent); EU-U.S. Data Privacy Framework and SCCs under Art. 46(2)(c) GDPR |
| X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (formerly Twitter – only with embedded content and after consent) | Display of embedded social media content (click-to-load) | IP address, device/browser data | USA | Art. 6(1)(a) GDPR (consent); SCCs under Art. 46(2)(c) GDPR |
Note on Google Search Console: Google Search Console provides Workheld with aggregated and anonymised statistics on the website’s discoverability in Google Search. No personal data of website visitors is processed in connection with Search Console; it is mentioned here for transparency only.
Embedded third-party content (e.g. social media posts, videos, maps) is loaded only after the user clicks and gives express consent (“click-to-load”). Before the click, no personal data is transmitted to the respective provider.
6. International data transfers
Where Workheld transfers personal data to service providers outside the European Economic Area, this is done either on the basis of an adequacy decision by the European Commission – in particular the EU-U.S. Data Privacy Framework (Decision (EU) 2023/1795) for DPF-certified US recipients – or on the basis of Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. In each case, supplementary technical and organisational measures are reviewed to ensure a level of protection essentially equivalent to that under EU law (Schrems II, CJEU C-311/18).
7. TLS encryption
This website uses TLS encryption (HTTPS) to secure data transmission in accordance with Art. 25(1) and Art. 32 GDPR. You can recognise this by the lock icon in your browser and the https:// prefix.
8. Your rights as a data subject
You have the following rights with regard to the processing of your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing based on legitimate interests (Art. 21 GDPR)
- Right to withdraw a given consent at any time with effect for the future (Art. 7(3) GDPR)
- Right not to be subject to a decision based solely on automated processing (Art. 22 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise these rights, an informal e-mail to hallo@workheld.com is sufficient. Where Workheld has reasonable doubts about your identity, additional information may be requested for identification purposes (Art. 12(6) GDPR). Workheld will respond to requests as a rule within one month; in complex cases this period may be extended by a further two months in accordance with Art. 12(3) GDPR.
The competent supervisory authority in Austria is the Austrian Data Protection Authority (DSB), Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at.
9. Updates to this privacy policy
Workheld will update this privacy policy when this is required by changes in processing activities, new service providers or legal requirements. The version published on this page applies. Users will be informed of material changes in an appropriate manner.
10. Privacy policy for the Workheld platform and apps
The processing of personal data within the Workheld platform (web app, desktop app, mobile app) is governed by a separate privacy policy, available at workheld.com/en/privacy-policy/. Where Workheld processes personal data of end users on behalf of a customer, this is done on the basis of a data processing agreement under Art. 28 GDPR.