Privacy Policy

Privacy Policy

Last updated: 26.06.2026

1. Controller (Verantwortlicher)

Bytamic GmbH, Albertgasse 35, 1080 Wien, Austria (further offices: Warsaw and Poznań, Poland), email
office@bytamic.com, phone +43 676 6188005.

2. Processing activities, purposes and legal bases (Art. 6 GDPR)

  • Server logs / website operation — secure, stable operation; legal basis:
    legitimate interest (Art. 6(1)(f)). Data: IP address, browser, time, requested page.
    Retention: 30 days.
  • Contact form / email enquiries — responding to enquiries (partnership, project,
    consulting, support); submitted via a Forminator form and stored in WordPress.
    Legal basis: pre-contractual measures / legitimate interest (Art. 6(1)(b)/(f)).
    Retention: 6 months.
  • Job applications via Careers — recruitment; applications to listed positions
    (job listings via the AWSM Jobs plugin) and open applications (CV upload) are submitted via a
    Forminator form and stored in WordPress. Legal basis: pre-contractual measures
    (Art. 6(1)(b)) and consent (Art. 6(1)(a)) for any talent-pool retention.
    Retention: 6 months after the process.
  • Consent management (Cookiebot) — obtaining, signalling and documenting your
    cookie consent. Cookiebot stores a consent key (the CookieConsent cookie) recording
    which categories you accepted, together with a consent record (anonymised IP, browser/user agent,
    timestamp, consent state) kept as proof of consent. Legal basis: legal obligation and legitimate
    interest in documenting consent (Art. 6(1)(c)/(f)); the underlying consent itself is Art. 6(1)(a).
    Retention: the consent cookie and record are stored for up to 12 months, after which you are asked again.
  • Web analytics (Google Analytics 4) — measuring how the website is used (pages
    viewed, clicks on contact/LinkedIn/mailto links, form submissions, scroll depth) to improve our
    content. Cross-domain measurement is configured between www.bytamic.com and support.bytamic.com.
    Data: online identifiers, truncated IP address, device/browser, interaction events.
    Legal basis: consent (Art. 6(1)(a)); set only via the Cookiebot banner.
  • Behavioural analytics (Microsoft Clarity) — heatmaps and aggregated session
    analysis to understand usability. Data: interaction data, clicks, scrolling, masked page content,
    device/browser. Legal basis: consent (Art. 6(1)(a)).
  • B2B visitor identification (Leadfeeder / Dealfront) — identifying the companies
    (not individuals) visiting the website, based on IP address, for sales and marketing. Data: IP
    address, pages viewed, visit time and duration. Legal basis: consent (Art. 6(1)(a)) for the tracker
    cookie; Dealfront processes on our behalf on the basis of legitimate interest (Art. 6(1)(f)).
  • Cookie mechanics — see section 5.

3. Recipients and processors (Auftragsverarbeiter, Art. 28 GDPR)

We use the following service providers under data processing agreements:

  • Hosting: self-hosted WordPress (Elementor; React app via the custom bytamic-landing-plugin).
    Hosting provider: https://www.world4you.com/; Server location: EU
  • Email: office@world4you.com
  • Tag management: Google Tag Manager (container GTM-PGF4RJMW), Google Ireland Ltd.
  • Consent management: Cookiebot CMP, provided by Usercentrics A/S (Cybot A/S), Havnegade 39,
    1058 Copenhagen, Denmark. Consent data is processed on Google Cloud infrastructure with servers
    located in the EU (Germany and Belgium).
  • Web analytics: Google Analytics 4, Google Ireland Limited (Google LLC, USA) — see section 4.
  • Behavioural analytics: Microsoft Clarity, Microsoft Corporation (USA) — see section 4.
  • B2B visitor identification: Leadfeeder tracker, Dealfront Finland Oy, Helsinki, Finland; data
    hosted in the EU (AWS, Ireland). DPO: dpo@dealfront.com.
  • Website forms & jobs: Forminator (contact and application forms) and AWSM Jobs (job listings) —
    processed within the self-hosted WordPress; no separate third-party transfer.

4. Third-country transfers (Art. 44 ff. GDPR)

The following services transfer personal data (e.g. IP address, device and usage data) to the
United States:

  • Google — Google Tag Manager and Google Analytics 4, provided by Google Ireland
    Limited, with processing by Google LLC in the USA.
  • Microsoft — Microsoft Clarity, provided by Microsoft Corporation in the USA.

Both Google LLC and Microsoft Corporation are certified under the EU–US Data Privacy Framework,
for which the European Commission adopted an adequacy decision on 10 July 2023; the transfers are
therefore based on Art. 45 GDPR, with the EU Standard Contractual Clauses (Art. 46 GDPR) as an additional
safeguard. These services load only after your consent via the Cookiebot banner (Art. 6(1)(a) GDPR); if
you do not consent, no such transfer takes place.

Our other processors keep data within the EU/EEA: Leadfeeder / Dealfront hosts data in the EU
(AWS, Ireland), and Cookiebot (Usercentrics) stores consent data on EU servers (Germany and Belgium).

5. Cookies and access to terminal equipment (§ 165 Abs. 3 TKG 2021)

This website uses the Cookiebot consent management platform (CMP) to obtain and manage your consent.
Cookiebot automatically scans the site, categorises all cookies and trackers, blocks non-essential ones
until you consent, and maintains an up-to-date cookie declaration listing each cookie, its provider,
purpose and duration.

  • Technically necessary cookies (session, load-balancing, CSRF, and the
    CookieConsent cookie that stores your choice) are set without consent.
  • All non-essential cookies and similar technologies are set only after
    your prior, active, informed consent    , collected via the Cookiebot banner. These include
    Google Analytics 4 (e.g. _ga), Microsoft Clarity (e.g. _clck,
    _clsk) and the Leadfeeder / Dealfront tracker (_lfa). Rejecting is as easy
    as accepting; no such scripts load before you make a choice; all non-essential categories are off by
    default. The full, current list is in the Cookiebot cookie declaration on this page.
  • You can withdraw or change your consent at any time with effect for the future by reopening the
    Cookiebot banner via www.bytamic.com.
  • Legal basis: § 165 Abs. 3 TKG 2021 for storage of / access to information on your device;
    Art. 6(1)(a) GDPR for any related processing of personal data.

6. External links and affiliated sites

Our website links to separately operated sites that have their own privacy notices, in particular
bytamic.ai and support.bytamic.com (each opens in a new tab), and the office addresses link to Google
Maps. We are not responsible for the data processing on those external sites.

7. Your rights (Art. 15–21 GDPR)

You have the right of access, rectification, erasure, restriction, objection and data
portability, and the right to withdraw consent at any time with effect for the future. You may
lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at),
Barichgasse 40–42, 1030 Vienna.

8. Changes

We may update this policy to reflect changes to the website or legal requirements.

 

Current version: 26.06.2026.