NUTRIX24

Privacy Policy

1. General Information

 

Controller

 

The “Controller” within the meaning of the General Data Protection Regulation (GDPR) is:

 

Nutrix24 Group

(c/o F-97 Holding GmbH)

Tuchlauben 7a

1010 Vienna, Austria

Email: sell@nutrix24.com

 

Changes and Updates to this Privacy Policy

We kindly ask you to regularly review the content of this Privacy Policy, as only the current version is legally binding.

If changes to our data processing activities make it necessary to update this Privacy Policy, we will adapt it accordingly.

If your participation or consent is required for such changes, or if individual notifications are legally necessary, we will contact you directly.

 

2. Processing of Personal Data

 

2.1 Categories of Processed Personal Data

 

We process different categories of data, including inventory data, contact data, content data, and usage data.

 

Inventory data refers to any master data of a natural or legal person as understood in the context of data management.

Contact data includes communication details such as email, telephone, fax, etc.

Content data refers to photos, videos, text entries, audio recordings, and similar content.

Usage data includes information such as access times and websites visited.

Metadata refers to data about data, e.g., the date and time of website access.

 

2.2 Purposes of Processing

 

We process personal data for the following purposes and on the corresponding legal bases:

 

General administration of the company

Legal basis: Art. 6 para. 1 lit. c and f GDPR; Art. 9 para. 2 lit. b GDPR

Ensuring the company’s legal compliance and lawful conduct

Legal basis: Art. 6 para. 1 lit. c and f GDPR

Optimization of customer experience and business processes

Legal basis: Art. 6 para. 1 lit. a and f GDPR

Processing and transmission of data in the context of business relationships with customers and suppliers, including automatically generated and archived text documents (e.g., correspondence)

Legal basis: Art. 6 para. 1 lit. a, b, c and f GDPR

Recruitment and personnel acquisition

Legal basis: Art. 6 para. 1 lit. a, b and f GDPR

Fulfilment of sales and distribution of products and services

Legal basis: Art. 6 para. 1 lit. a and b GDPR

Electronic communication via the internet (email, messenger platforms, contact forms, forums, etc.) for informational, pre-contractual, and contractual purposes

Legal basis: Art. 6 para. 1 lit. a, b, c, d and f GDPR

Operation of a company website for marketing, public representation, and contact (including contact forms, blog, and advertising).

Legal basis: Art. 6 para. 1 lit. a and f GDPR

Regular information and current offers to customers and interested parties, including third-party offers

Legal basis: Art. 6 para. 1 lit. a and f GDPR

Marketing and advertising for goods, services, and corporate communication, including customer acquisition, CRM, and newsletter distribution

Legal basis: Art. 6 para. 1 lit. a and f GDPR

 

2.2.1 Legitimate Interests according to Art. 6 para. 1 lit. f GDPR

 

Our legitimate interests regarding the above processing activities include:

 

Ensuring the legal compliance of our business activities.

Fulfilling contractual obligations and maintaining the principle of “pacta sunt servanda” (contractual fidelity).

Enhancing customer experience and optimizing our external presentation in marketing and communication.

Only essential data required for functionality are processed without explicit consent; all other data are processed only with consent.

 

2.3 Categories of Recipients

 

While we aim to process your data internally, this is not always possible. Therefore, we use selected data processors that process data on our behalf.

The categories of recipients include:

 

Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Tax advisors

Legal counsel (where necessary)

Authorities (where necessary)

 

2.4 Data Transfers to Third Countries

 

Our carefully selected processors are mostly located within the European Union.

Thus, no adequacy decision or standard contractual clauses are required for intra-EU data transfers.

For data transfers outside the EU (to third countries), we rely on EU Standard Contractual Clauses (SCCs), as the former EU–US Privacy Shield has been invalidated.

Copies of the Standard Contractual Clauses we have concluded with our partners are available upon request.

 

2.5 Storage Period / Criteria for Determination

 

We retain personal data only for as long as necessary for the purposes for which they are processed.

Data related to customer relationships are retained until the relationship ends and beyond only for the duration of statutory retention periods.

Data linked to offers or contracts are generally stored for seven years after contract fulfillment.

In exceptional cases, data may be retained longer if legal claims exist or disputes are pending.

When data are no longer needed, they are either deleted or anonymized.

 

3. Rights of Data Subjects

 

3.1 General Provisions

 

All communications in relation to your data subject rights will be provided in a concise, transparent, and easily understandable form.

If we have reasonable doubts about your identity, we reserve the right to request proof of identification.

In principle, exercising your rights is free of charge. However, for manifestly unfounded or excessive requests, we reserve the right to:

 

Charge a reasonable administrative fee, or

Refuse to act on the request.

 

3.2 Data Subject Rights

 

You have the following rights, which you may exercise directly with us:

 

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object (Art. 21 GDPR)

 

In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

 

3.2.1 Right of Access (Art. 15 GDPR)

 

You have the right to request confirmation as to whether we process personal data concerning you.

Upon request, we will provide information about:

 

the data processed,

processing purposes,

categories of personal data,

recipients or categories of recipients,

intended storage period or the criteria used to determine it,

the existence of rights to rectification, erasure, restriction, and objection,

your right to lodge a complaint with a supervisory authority,

the source of the data (if not collected directly from you),

and, where applicable, the existence of automated decision-making, including profiling.

 

If data are transferred to third countries, you also have the right to be informed of the appropriate safeguards under Art. 46 GDPR.

 

3.2.2 Right to Rectification (Art. 16 GDPR)

 

You have the right to obtain the immediate correction of inaccurate personal data concerning you and to have incomplete data completed.

 

3.2.3 Right to Erasure (Art. 17 GDPR)

 

You have the right to request the deletion of your personal data under the conditions set out in Art. 17 para. 1 GDPR.

This right does not apply if processing is necessary for exercising freedom of expression, compliance with a legal obligation, public interest reasons, or the establishment, exercise, or defense of legal claims.

If you request deletion during an ongoing contractual relationship, please contact your responsible case handler to discuss the implications.

 

3.2.4 Right to Restriction of Processing (Art. 18 GDPR)

 

You have the right to request restriction of processing if one of the following conditions applies:

 

You contest the accuracy of your personal data (for a period enabling verification).

The processing is unlawful, and you oppose deletion, requesting restriction instead.

We no longer need the data for processing, but you require them for legal claims.

You have objected to processing, pending the outcome of a balancing of interests.

 

If processing is restricted, we may still process your data for legal claims.

You will be notified before the restriction is lifted.

 

3.2.5 Right to Data Portability (Art. 20 GDPR)

 

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to have those data transmitted to another controller where technically feasible.

 

3.2.6 Right to Object (Art. 21 GDPR)

 

You may object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR.

If you withdraw consent, we will delete the affected data immediately unless there is another lawful basis for processing.

Withdrawal of consent does not affect the legality of processing carried out before withdrawal.

Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen

Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.