Data Privacy Policy

Data Controller Information

This privacy policy applies to the processing of personal data by brightflowhubex AG, a company registered in Austria. We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR) and Austrian data protection laws.

Data Collection

We collect and process the following types of personal data when you interact with our website and services:

Information You Provide Directly

The data we collect includes personal information you voluntarily provide when contacting us or using our services:

• Name and contact details (email address, phone number)
• Company name and professional information
• Messages and communications you send to us
• Information provided during consultations and meetings
• Business requirements and project specifications

Information Collected Automatically

When you visit our website, we may automatically collect certain technical information:

• IP address and browser information
• Pages visited and time spent on our website
• Referral sources and website navigation patterns
• Device type and operating system information

How We Use Your Information

We process your personal data for the following purposes, based on legitimate legal grounds under GDPR:

Service Provision

We use your data to provide our corporate expense management system evaluation and advisory services, including:

• Responding to your enquiries and providing consultations
• Conducting system analysis and preparing recommendations
• Managing client relationships and project delivery
• Providing ongoing support and advisory services

Business Operations

We may use your information for legitimate business purposes such as:

• Improving our services and website functionality
• Conducting market research and business analysis
• Maintaining accurate business records
• Complying with legal and regulatory requirements

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our cookie policy page.

Types of Cookies Used

• Necessary Cookies: Essential for website functionality and security
• Analytics Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for advertising and remarketing purposes

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to third parties except in the following circumstances:

Service Providers

We may share your data with trusted third-party service providers who assist us in operating our website and conducting our business, including:

• Web hosting and technical support providers
• Email communication services
• Analytics and marketing platforms
• Professional advisors (legal, accounting, consulting)

Legal Requirements

We may disclose your information when required by law or to protect our legal rights, including:

• Compliance with court orders or legal processes
• Protection against fraud or security threats
• Enforcement of our terms and conditions

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our typical data retention periods are:

• Client Data: Retained for the duration of the business relationship plus 7 years for legal and tax purposes
• Website Analytics: Retained for up to 26 months
• Marketing Data: Retained until you withdraw consent or for 3 years, whichever is sooner
• Contact Enquiries: Retained for 2 years unless a business relationship is established

Your Rights

Under GDPR and Austrian data protection law, you have the following rights regarding your personal data:

Access and Portability

• Right to access your personal data and receive a copy
• Right to data portability in a structured, machine-readable format

Correction and Deletion

• Right to rectify inaccurate or incomplete personal data
• Right to erasure ('right to be forgotten') in certain circumstances
• Right to restrict processing in specific situations

Consent and Objection

• Right to withdraw consent for processing based on consent
• Right to object to processing based on legitimate interests
• Right to object to direct marketing at any time

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@brightflowhubex.world. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure backup and disaster recovery procedures

International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure adequate protection through:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Binding corporate rules or certification schemes

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without proper consent, we will delete such information promptly.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this privacy policy or our data protection practices, please contact us:

Supervisory Authority

If you believe that our processing of your personal data violates data protection law, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde):