Privacy Policy & GDPR Compliance

Last updated: 06.01.2025

1. Controller

Webguardiola FlexCo Untermühl 1/1 4113 Sankt Martin im Mühlkreis Austria Email: hello@webguardiola.com Managing Director: Mag. Fabian Hable

2. General

We take the protection of your personal data seriously. This Privacy Policy explains which data we process when you visit our website and for what purposes.

3. Website hosting / website builder (Wix)

Our website is provided via Wix.com Ltd. (website builder/hosting). Wix processes personal data as a service provider/processor. We have concluded a Data Processing Agreement (DPA) with the provider. This is a contract required by data protection law, which guarantees that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR. Wix may process or store data in third countries as part of its global infrastructure; details are described in Wix’s own privacy information. Where data is transferred to the USA, we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses.

4. Server logs / technical data

When you access the website, technical data may be processed (e.g., IP address, date/time, requested page, referrer URL, browser type/version, operating system). This is necessary to ensure operation, IT security and troubleshooting. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operations).

5. Contact

If you contact us by email or via a contact form, we process the data you provide (e.g., name, email address, message) to handle your request. Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps/contract) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

6. Integration of Forms / Use of mailworx To provide our contact and registration forms (specifically for the "Hacker Challenge" / Phishing Simulation), we use the service mailworx provided by eworx Network & Internet GmbH, Hanriederstraße 25, 4150 Rohrbach-Berg, Austria. When you submit such a form, the data you enter as well as technical log data are transmitted to mailworx servers and stored there for the purpose of processing your request. We have concluded a Data Processing Agreement (DPA) with the provider to ensure the security of your data.

Note regarding the Phishing Simulation: If you register for the simulation via a form, the separate "Privacy Notice" for the simulation (Art. 13 GDPR) applies in addition. There, we explain in detail which specific data is processed within the scope of the simulation.

7. Anti-bot protection & Security (Captchas)

To protect our website and forms from abusive automated requests (bots) and cyberattacks, we use the following services:

Friendly Captcha: For our registration forms (e.g., phishing simulation), we use the privacy-friendly service Friendly Captcha (Friendly Captcha GmbH, Germany). This service verifies requests without setting cookies.
Google reCAPTCHA: Our website provider (Wix) also uses Google reCAPTCHA Enterprise (Google Ireland Ltd., Ireland) in the background to ensure the security and stability of the technical infrastructure.

Legal basis: In both cases, processing is based on our legitimate interest in website security and the prevention of spam and attacks (Art. 6(1)(f) GDPR).

8. Cookies & Cookie Banner

Our website uses cookies and similar technologies. Some of these are strictly necessary to operate the website securely and provide core functionality (e.g., session management, security features, load balancing, language settings, and page rendering). These cookies are required and cannot be switched off.

Depending on the features enabled on our site, we may also use optional cookies (e.g., functional preferences). Such optional cookies are only set if you consent via the cookie banner.

We do not use marketing or tracking cookies (e.g., no Google Analytics/GA4, no advertising or retargeting pixels), unless explicitly stated elsewhere in this privacy policy.

Legal basis:

Strictly necessary cookies: legitimate interests (Art. 6(1)(f) GDPR) and — where applicable — national ePrivacy/cookie rules (necessary to provide the service).
Optional cookies: consent (Art. 6(1)(a) GDPR) and — where applicable — national ePrivacy/cookie rules.

Cookie settings / withdrawal:
You can change your choices at any time via the cookie banner or the cookie settings on the website and withdraw your consent with effect for the future. You can also delete or block cookies via your browser settings. Please note that this may affect the functionality of the website.

Wix notice:
This website is provided via Wix. Wix uses certain cookies to enable website operation and security features. The specific cookies may vary depending on the Wix features used.

9. Recipients / processors

We may use the following processors:

Wix.com Ltd. (website/hosting)
Microsoft Ireland Operations Ltd. (Email Services / Office 365)
Eworx Network & Internet GmbH (Form system / mailworx)
Skillhabit Systems AB (Learning platform / LMS)
FriendlyCaptcha (anti-bot), if enabled Details on sub-processors and international transfers are described by the respective providers.

10. Retention

We process personal data only as long as necessary for the purposes described or as required by law. Contact requests are generally stored as long as needed to handle the request and follow-ups.

11. Your rights

You have the right to access, rectification, erasure, restriction, data portability and—where applicable—objection. You may withdraw consent at any time with effect for the future (Art. 7(3) GDPR).

12. Supervisory authority / complaints

If you believe your data protection rights have been violated, you may lodge a complaint with the Austrian Data Protection Authority: Austrian Data Protection Authority (Österreichische Datenschutzbehörde) Barichgasse 40–42 1030 Vienna, Austria Email: dsb@dsb.gv.at