Skip to content
Legal

Privacy Policy

Last updated: January 2026

01

Data Controller

Data controller pursuant to Art. 4(7) GDPR: BOTFORCE Technology GmbH, Wienerbergstraße 11/12A, A-1100 Vienna, Austria. Managing Director: Robert Aksan. Phone: +43 (0) 664 1213 139, Email: datenschutz@botforce.at, Website: www.botforce-technology.com

02

Types of Data Processed

We process the following categories of personal data:

  • Master data: Name, company, address, email address, phone number
  • Usage data: Access times, pages visited, time spent
  • Technical data: IP address, browser type, operating system, device type
  • Communication data: Content of contact inquiries, email correspondence
  • Contract data: Subject matter, duration, payment information
03

Legal Bases for Processing

Your data is processed based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): You have given consent to processing (e.g., newsletter registration)
  • Art. 6(1)(b) GDPR (Contract): Processing is necessary for contract performance
  • Art. 6(1)(c) GDPR (Legal Obligation): Processing is necessary to comply with a legal obligation
  • Art. 6(1)(f) GDPR (Legitimate Interest): Processing is necessary for legitimate interests
04

Hosting and Infrastructure

Our website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Data processed: IP address, access time, data volume transferred, referrer URL. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR). Data transfer to the USA is based on the EU-US Data Privacy Framework.

05

Contact Form and Email

When you contact us via contact form or email, we process your name, company, email address, phone number (optional), message content, and time of inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Your data will be deleted after your inquiry has been fully processed, unless statutory retention obligations apply.

06

Newsletter and Lead Magnets

With your consent, you can subscribe to our newsletter. We process your email address (required), name and company (optional), and registration time and IP address (to verify consent). Registration uses double opt-in. Legal basis: Consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time — every newsletter includes an unsubscribe link. For downloading free materials (e.g., RPA Readiness Guide, ROI Calculator), we collect your email address based on your consent.

07

Cookies and Tracking

Cookies are small text files stored on your device. We use technically necessary cookies (session/1 year, Art. 6(1)(f) GDPR) for basic functions like language settings, analytics cookies (up to 2 years, Art. 6(1)(a) GDPR) for usage statistics, and preference cookies (1 year, Art. 6(1)(a) GDPR) to store settings. You can manage or block cookies in your browser settings. Blocking certain cookies may limit website functionality.

08

Web Analytics

We use Google Analytics 4 for website analysis. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data processed: Anonymized IP address, usage behavior, device information. IP anonymization is enabled (last octets are anonymized). Legal basis: Consent (Art. 6(1)(a) GDPR). You can opt out of data collection by Google Analytics via a browser add-on.

09

Artificial Intelligence (AI) Services

Our services may include AI-powered features. For certain analysis functions, we use Anthropic, PBC (Claude API), based in San Francisco, USA. Purpose: Document analysis, process optimization, automation recommendations. Data is transmitted to servers in the USA for processing. Important: Anthropic does not use API requests for training their models (as of January 2026). Legal basis: Explicit consent (Art. 49(1)(a) GDPR). Please do not upload documents containing personal data to AI-powered systems unless explicitly requested to do so.

10

Third-Party Services

We use the following third-party services: Vercel Inc. (USA) for website hosting and deployment. Supabase Inc. (USA) for database, authentication, and file storage. Resend Inc. (USA) for transactional and newsletter emails. Cloudflare Inc. (USA) for Turnstile CAPTCHA protection. Google LLC (USA) for Google Analytics (only with your consent). Anthropic, PBC (USA) for AI-powered features (Claude API). Google Fonts: We host Google Fonts locally — no data is transmitted to Google. UiPath: As a UiPath Silver Partner, we use UiPath technologies for RPA solutions. Separate data protection agreements apply for implementations. Calendly: We use Calendly LLC (USA) for appointment scheduling. Data processed: Name, email, selected appointment, optional additional information. Legal basis: Contract performance (Art. 6(1)(b) GDPR).

11

Data Transfer to Third Countries

Some of our service providers are based outside the EU/EEA. Data transfer is based on:

  • Adequacy decisions for countries with adequate data protection levels
  • EU-US Data Privacy Framework for certified US companies
  • Standard contractual clauses pursuant to EU Commission decisions
  • Explicit consent for AI services (Art. 49(1)(a) GDPR)
12

Data Retention

We store personal data only as long as necessary for the respective purposes: Contact inquiries for 6 months after completion, contract data for 10 years (tax and commercial retention obligations), newsletter data until revocation, web server logs for 7 days, analytics data for 26 months, invoices for 10 years (§ 132 BAO), assessment and learning data until account deletion. You may request deletion of your account and all associated data at any time through your profile settings or by contacting us. You may also export all your personal data at any time.

13

Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): Confirmation and information about processed data
  • Right to rectification (Art. 16 GDPR): Correction of inaccurate or completion of incomplete data
  • Right to erasure (Art. 17 GDPR): Deletion of your data, provided no retention obligations apply
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21 GDPR): Object to data processing at any time
  • Right to withdraw consent (Art. 7(3) GDPR): Revoke given consent at any time
  • Right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at
14

Data Security

We employ comprehensive technical and organizational measures to protect your data:

  • SSL/TLS encryption for all data transmissions
  • Encrypted storage of sensitive data
  • Regular security updates and penetration testing
  • Access control and authorization management
  • Regular employee training on data protection
  • Backups and disaster recovery measures
15

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or our services. The current version is always available on this page. For material changes, we will notify you separately (e.g., by email or a notice on our website).

16

Contact for Data Protection Inquiries

For questions about data protection, to exercise your rights, or for complaints, please contact: BOTFORCE Technology GmbH, Data Protection Officer, Wienerbergstraße 11/12A, A-1100 Vienna, Austria. Email: datenschutz@botforce.at, Phone: +43 (0) 664 1213 139. We will respond to your inquiry as soon as possible, but no later than within one month.