Privacy Policy

Last updated: 16.03.2026

1. Controller

The controller responsible for data processing on this website is:

Zen-Work Software e.U. – Johannes Joestar
Unternberg 26
4710 Grieskirchen
Austria

Email: datenschutz@zen-work.at

2. Overview of Processing

The following overview summarizes the types of data processed:

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email, phone numbers)
  • Content data (e.g., form entries)
  • Usage data (e.g., pages visited)
  • Meta/communication data (e.g., IP addresses)
  • Contract data (e.g., subject matter)
  • Payment data (e.g., bank details)

3. Legal Bases

We process personal data based on:

  • Consent (Art. 6(1)(a) GDPR) – You have given consent
  • Contract (Art. 6(1)(b) GDPR) – Processing for contract performance
  • Legal Obligation (Art. 6(1)(c) GDPR) – Processing for legal compliance
  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing for our legitimate interests

4. Rights of Data Subjects

You have the following rights:

Right of Access

Request confirmation of data processing

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your data

Right to Restriction

Request restriction of processing

Right to Data Portability

Receive data in structured format

Right to Object

Object to data processing

Right to Complaint

Lodge complaint with supervisory authority

5. Cookies

We use cookies for site functionality.

Necessary Cookies

Required for basic site functionality:

Cookie Purpose Duration
XSRF-TOKEN CSRF protection Session management
zenwork_session Session management 2 hours

6. Hosting and Servers

Our website is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). Servers are located in Germany (EU). Privacy policy Hetzner: hetzner.com/legal/privacy-policy

With each access to our website, information is automatically collected (server log files):

  • IP address (anonymized)
  • Date and time
  • Timezone
  • Requested page
  • HTTP status
  • Data transferred
  • Referrer
  • Browser and OS

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

7. Registration and User Account

During registration, we collect:

  • Name
  • Email address
  • Password (encrypted)

Legal basis: Art. 6(1)(b) GDPR (contract)
Deletion: Upon account deletion or after 3 years of inactivity

8. Contact Form

When you contact us via the contact form on our website, the following data is processed:

  • Name
  • Email address
  • Your message

Data is sent to contact@zen-work.at and used exclusively to process your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest)
Retention period: After final processing of your inquiry, at the latest after 3 years

9. Sign in with Google (Social Login)

Our website offers the option to sign in with a Google account (social login). When you sign in with your Google account, the following data is transmitted to us:

  • Name
  • Email address
  • Google profile picture (if stored in your Google account)

Provider: Google LLC / Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Art. 6(1)(a) GDPR (consent through active use of the login function)
Google Privacy Policy: https://policies.google.com/privacy

Alternatively, you can also register using email and password.

10. Transactional Emails

As part of using our platform, we send automated emails to registered users. These emails are required for the operation of the service and include:

  • Invoices and payment confirmations
  • Payment reminders and dunning notices
  • Notifications about quotes and contract documents
  • Expiry warnings for assets (domains, licenses, etc.)
  • System notifications (mentions, tickets, project updates)
  • Security notifications (e.g., suspicious logins)

Emails are sent via our own mail server operated on the infrastructure of Hetzner Online GmbH (see section 6).

Legal basis: Art. 6(1)(b) GDPR (contract performance) for contract-related emails; Art. 6(1)(f) GDPR (legitimate interest) for security notifications

11. Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter "Google").

Google Analytics uses cookies that enable an analysis of your use of our website. The information generated by these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use IP anonymization, so your IP address is truncated by Google within the EU and a direct personal assignment is excluded.

Legal basis: Art. 6(1)(a) GDPR (consent)
Google Analytics Privacy Policy: https://policies.google.com/privacy

You can prevent the collection of your data by Google Analytics by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout

We have concluded a data processing agreement with Google (Art. 28 GDPR).

12. Payment Processing

We use Stripe for payment processing.

Legal basis: Art. 6(1)(b) GDPR (contract)
Privacy Policy: https://stripe.com/at/privacy

13. Data Security

We employ security measures:

  • SSL/TLS encryption
  • Encrypted data storage
  • Regular security updates
  • Access restrictions
  • Regular backups

14. Changes to this Privacy Policy

We may update this privacy policy to comply with legal requirements.

Back to top