Data privacy

The protection of users’ personal data is of central importance to CELUM.

This Data Privacy Notice sets forth how CELUM handles your personal data in the following cases and explains your entitled rights. The collection and use of these data are carried out exclusively in compliance with your rights and with statutory provisions according to current versions of the Austrian Data Privacy Act and the GDPR.

With this Data Privacy Notice, CELUM would like to inform you about which specific personal data are collected, for what purpose, in what way and to what extent the data are used.

The responsible entity for purposes of the Data Privacy Act is:

Passaustrasse 26-28
4030 Linz

If you have questions or concerns about data privacy, you are welcome to contact us.
Please find all contact details in the imprint.

Data privacy officer

If you have any questions regarding your data privacy please contact our data privacy officer:

Dr. Georg Schröder, LL.M
legal data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstr. 1
80333 München

Tel.: +49 (0)89 954 597 520
Fax: +49 (0)89 954 597 522



Data privacy For Social Media

Learn what data we collect from you on our social media presences and how we use it.

Table of Contents

Privacy Policy Notice

1. Definitions

“Personal data” is information about a person whose identity is or can be determined. “Affected person” is a specific or identifiable natural person whose data is used.

2. Data collection and its purpose

We limit our data collection to only what is necessary and reasonable.

When we collect your personal data, we explain to you for what purposes your data will be used. We need personal data to facilitate your use of our website, to run our business, to fulfil our contractual obligations and to be able to offer services tailored to your needs. This is how we process your personal data, e.g. when processing your enquiries.

All personal data is captured and synchronised by integrated forms from Hubspot, a service of Hubspot Inc. ( For purposes of analysis, so-called “web-beacons” and “cookies” are created and stored on your computer in order for us to analyse your usage of the website. The collected information (e.g., your IP address, geographical location, type of browser, duration of visit, and pages viewed) is evaluated by Hubspot on behalf of CELUM GmbH in order to provide CELUM GmbH with reports about website visitation.

If you have subscribed to a newsletter, we collect your e-mail address and we can use Hubspot to link a user’s visits to webpages using your personal information (especially your name and e-mail address) on the basis of your expressed consent, thus allowing us to inform you personally and individually about your preferred topics. If a user generally wishes to avoid data collection via Hubspot, the user may deactivate the storage of cookies by adjusting his or her browser settings accordingly. More information about the functionality of Hubspot can be found in Hubspot Inc.’s data privacy notice at

For a demo request and on our general contact form we also collect your job title, business name and telephone number.
It can occur that we link personal data with other data at our disposal in order to optimise our service. We reserve the right to make statistical analyses, especially for the purpose of improving system security and functionality of the website. Your data will be deleted after their purpose has expired, unless their storage continues to serve a legitimate purpose and there is no conflict with lawful records-storage obligations

3. Disclaimer Portals

The CELUM portals and the websites which are linked on them are intended to provide public access to information on them.

CELUM declines to accept any responsibility for this content. The content of a customer’s website is the responsibility of this customer.

CELUM reserves the right to deny, at its sole discretion, any user whatsoever access to the portal (CELUM website) or to a part thereof.

Where a user connects to the site, certain of his/her particulars, such as Internet digital address (IP), navigation around the site, browser used, time spent and other like data are stored on Microsoft Azure Cloud servers (stored in the European Union). CELUM itself does not store any data. These items do not specifically identify the user. The information is only put to internal use of CELUM, for purposes of analysing the traffic on the site and resolving location data (country, region, city.)

Any personal information, such as name, electronic or postal address or other information, which may be supplied when completing the forms stored on this site, is not made available to the public, or disclosed or sold to third parties. CELUM retains the data only for as long as needed for their processing and for the purpose to which consent has implicitly been given. Beyond that, the information is not re-used.

Conversely, CELUM accepts no responsibility as regards the security of the information in question – this policy covers all CELUM websites

Reproduction of material
Unless otherwise indicated, reproduction of material posted on CELUM websites, and reproduction of photographs for which CELUM holds copyright is protected by intellectual property rights of CELUM.

© Photo credit – “All reproduction and representation rights reserved”
Customers photographs marked by a customers are protected by intellectual property rights of each custimef. Similarly, photographs marked © or DR (Droits réservés), followed by the name of an agency or freelance photographer, are protected by intellectual property rights vested in the agencies or persons concerned.

Consequently, none of these photographs may be reproduced, modified, re-circulated, commercially exploited or re-used in any form whatsoever without the prior written consent of the customer, agencies or persons concerned.

Failure to comply with these mandatory conditions will render the offender and any other person responsible, liable to the criminal and civil penalties provided for in law.

4. Policies for processing of personal data

We conform unconditionally to the legal data-protection regulations of the European Union and derivative national laws regarding the retention, processing and use of personal data. The affected user’s legal legitimation or consent forms the legal basis behind the processing of personal data.

Personal data will not be sold, loaned, rented out or by another means transmitted to a third party without your agreement. We will not divulge or transmit your personal data for advertising or marketing purposes to a third party without this being necessary for the provision of the service required of us or without your express consent.

Companies that are directly or indirectly affiliated with us are not considered third parties, accordingly. It is also possible to transfer personal data to outsourcing partners as long as they provide sufficient guarantees for a lawful and secure use of the data and if they are contractually obliged to adhere to the operational principles described herein.

We reserve the right to transfer personal data to other companies within the context of restructuring or corporate mergers if they also comply with the principles of action described herein and are based either in the European Union or in a third country with commensurate data protection.

To the extent that your consent to the processing of your data goes beyond what is contractually required, you may revoke your consent at any time.

If you actively opt to use the social-network functionality offered on our website, your personal data will be forwarded to the respective external providers of these social-networks. Additional information can be found in Section 5 of this Data-Protection Notice.

Furthermore, we reserve the right to pass on personal data to third parties if we are compelled to do so by law, if a legal order is made by a court or authority having proper jurisdiction, or if as a result of acts or omissions on your part we are compelled to lose our rights, our property or to have our assets protected or enforced by the responsible authorities.


5. Your rights

Fundamentally, you have the right to information, rectification, erasure, restriction of processing, data portability and objection. Should you wish to exercise your rights, please contact us.

4.1 Right to information: You can request a confirmation from us of whether your personal data is being processed. If this is the case, you have the right to access information about these personal data and the information described in Article 15(1) of the GDPR (such as purposes of processing, categories of personal data).

4.2 Right to rectification: You have the right to demand that we promptly correct your incorrect personal data.

4.3 Right to erasure: You have the right to have your personal data deleted when, for example:
(a) if the data are no longer necessary for the purposes for which they were collected or otherwise processed; or
(b) if they are unlawfully processed; or
(c) in the case of processing resulting from your giving consent, if you withdraw such consent.

The right to erasure does not apply if the exceptions cited in Article 17(3) of GDPR can be applied, for example if the processing is required to fulfil a legal obligation under EU or Austrian law (e.g., statutory retention requirements) or to establish, exercise, or defend against legal claims.

4.4 Right to restriction of processing: You have a right to restrict processing, if:
(a) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
(b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(d) you have objected to processing pursuant to Article 21(1) pending the verification whether we have legitimate grounds that override yours.

4.5 Right to object: Article 21(2) of the GDPR give you the right to object to processing your personal data, if processing of personal data:
(a) is carried out to safeguard our legitimate interests. We will not process data if you have an overriding interest in protection; or
(b) is for direct marketing purposes. This can be revoked at any time without giving reason.

4.6. Right to data portability: you can request that you receive the personal data you have provided to us in a structured, commonly used and machine-readable format, provided that we process these data on the basis of a revocable consent given by you or to fulfil a contract, and such processing is carried out using automated procedures. You have the right to transmit those data to another responsible party. Provided that it is technically feasible, you have the right to direct transmission from one responsible party to another.

If you believe that the processing of your data infringes upon your data-protection rights or your data-protection entitlements have been in some way violated, you can submit a complaint to the supervisory authority. In Austria, the Data Protection Authority is responsible.

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria
Telephone: +43 1 52 152-0

6. Log data

When each page is viewed, access data is saved in a log file, the Server Log. The recorded data include the following information:

• date and time;
• IP address;
• session ID;
• website visited;
• name of the website from which you accessed our website; and
• the browser used during your visit.

We evaluate these log files only in the event of improper use of our website. We reserve the right to retrospectively review the log files of any users who are strongly suspected of using our website unlawfully or in breach of contract.

7. Hubspot

We employ an analytical tool on our website called Hubspot, a service of Hubspot Inc. It uses so-called “web beacons” and also installs “cookies” on your computer, allowing us to analyse your use of our website. The collected information (e.g., IP address, geographical location, type of browser, duration of visit, and pages visited) are evaluated by Hubspot, under contract with Celum GmbH, in order to create reports about your visit and the content you access. If you have subscribed to a newsletter, Hubspot allows us to correlate the website visitor data with the personal data (especially your name and e-mail address) that you have voluntarily consented to provide us, thus allowing us to provide you with targeted and individualised information. If data collection by Hubspot is generally not desired, the storage of cookies can be prevented at any time by adjusting the appropriate browser settings.

Additional information about the functionality of Hubspot can be found in Hubspot, Inc.’s data-protection policy, found at:

8. Google Fonts

We use external fonts from Google on this website. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: (“Google”).

The integration of these web fonts is done by a server call. This can also be a Google server in the USA. In the process, it is transmitted to the server which of our Internet pages you have visited. The IP address of your terminal device is also processed by Google.

The purpose of using Google Fonts is the uniform display of fonts. The legal basis is your consent in accordance with Art. 6 (1) a) GDPR.

The data collected by Google due to the use of Google Fonts will not be processed by us.

You have the right to object to the creation of these user profiles. This is to be addressed to Google.

You can find more information in Google’s privacy policy, which you can access here:

9. Webinars / Video Conferences

We use a video conferencing system to conduct webinars, trainings and other online events (hereinafter: “Online Events”). The video conferencing system “GoToMeeting” used by us is technically provided by LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. The provider’s privacy policy can be found at

Various types of data are processed when using the video conferencing system. The scope of the data also depends on the data you provide before or during participation in an online event. The following personal data are subject to processing:

User details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional).

Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

If recording (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online event. In this respect, the text entries you make are processed in order to display them in the online event and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the online event. You can turn off or mute the camera or microphone yourself at any time.

To participate in an online event or to enter the “meeting room,” you must at least provide information about your name.

If we want to record an online event, we will inform you transparently and – if necessary – ask for your consent. As a rule, there will be no recording of the online event. This also applies to the chat function.

If your participation in an online event is the subject of a contract with us, the legal basis for data processing is Art. 6 (1) b) GDPR. Otherwise, the legal basis is your consent pursuant to Art. 6 (1) a) GDPR, which you declare by participating in the online event and can revoke at any time with effect for the future.

The provider of the video conferencing system has its headquarters in the USA. Processing of personal data may thus also take place in a third country (a country outside the European Union or the contracting states to the Agreement on the European Economic Area). We have concluded an order processing agreement with the provider that complies with the requirements of Art. 28 GDPR.

In addition, the provider undertakes to conclude so-called EU standard data protection clauses within the meaning of Art. 46 GDPR. Based on this contractual set of rules, the provider is also obligated to comply with a data protection standard in the event of a third country transfer, which essentially corresponds to the European standard. Please note, however, that actual compliance with the EU standard data protection clauses cannot be ensured in every case (e.g., due to official access to the data in the recipient country).

10. Content Delivery Networks (CDN)

For error analysis on our website and in order to be able to correct errors quickly, we use the “Rollbar” service. This service is provided via a so-called Content Delivery Networks (CDN). A CDN is a network of powerful servers that cache content at various locations around the world. A CDN essentially has two tasks: on the one hand, it should provide content in the shortest possible time and, on the other hand, it should relieve the web host by distributing the data traffic. CDNs transmit two types of content: Static and dynamic content. Static content is delivered to all website visitors in the same form, such as video content from streaming services or code frameworks (e.g. Javascript, jQuery). Dynamic content is first adapted to the user and only created at the moment of the request. This includes content that takes place via web applications, email or online shops and is personalised. In order to use the latter, information about the website visitor must first be transmitted to the CDN. The legal basis for the use of a CDN and the transmission of your data to it is Art. 6 para. 1 sentence 1 letter f) GDPR. The legitimate interest results from our need for a technically flawless and fast presentation of our website and the relief of our IT infrastructure.

We use the CDN service “CDNJS” of the company Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Further information on data protection at Cloudflare:

11. Hyperlinks to external websites

So-called hyperlinks to websites of other providers can be found on our website. In these cases, you will be transferred directly from our website to that provider’s website. You recognise this by the change to the URL, among other changes. We assume no responsibility for the confidential handling of your data, because we have no influence as to how the other provider adheres to data-protection regulations. To inform yourself about how these providers handle your personal data, please refer to their websites directly.

12. Security measures used to protect your data

In order to protect your data, we have implemented special technical and operational security measures which are regularly checked and updated with the latest technology. However, we would like to point out that due to the structure of the internet it is possible that the rules of data protection and data security may not be observed by other persons or institutions that are outside of our area of responsibility.

13. Disclosure about your data and contact information

Your trust is important to us. For information and other questions or suggestions, please send us an e-mail to

14. Changes to the data-protection regulations

Because changes to the laws or to our business processes can make it necessary to adjust these data-protection provisions, we reserve the right to do so and ask you to review this data-protection disclosure regularly.

Cookie Policy

Our website uses cookies in order to make useable certain functions on the website, to analyse the visitor’s use of the website, and to be able to offer specific services of third-party providers.

Cookies are small text data files that are installed on your computer. Most of the cookies we employ will be erased from your hard drive when you quit your browser (so-called “session cookies”). Other cookies remain on your computer and enable us to recognise your computer upon your subsequent visit (so-called “persistent cookies”). Additional cookies from third-party providers are also used on our website.

You can generally access our website without consenting to non-essential cookies, however if you wish to use our website fully and comfortably, you should accept those cookies that enable certain functions or make them easier to use. You can restrict how cookies are saved on your computer by adjusting the relevant settings on your browser.

If you do not wish to save our cookies on your computer, please deactivate the saving of cookies on your browser specifically for our website, or in general for all websites. You can also delete previously saved cookies from your browser.
Deactivating the use of cookies may require the storage of a persistent cookie on your computer. If you subsequently delete this cookie, you must deactivate the use of cookies anew.

Our website uses the following categories of cookies:

1. Session cookies

In order to facilitate browsing our website, we install a so-called session identifier (session ID) at the outset of every user’s visit. This session ID is used by our server to identify you or your computer/browser as the same visitor even if the IP address may have changed in the meantime. This session ID enables several related queries from a user to be assigned to a session. The session ID cookie we use expires at the end of a session and is automatically erased when you quit your browser.

2. Persistent cookies

The persistent cookies are the following cookies.