Privacy

Privacy policy.

Last updated · April 2026

This page explains what personal data we process when you visit mashedlab.com or work with us directly, why we process it, and how you can exercise your rights under the General Data Protection Regulation (GDPR / DSGVO) and the Austrian Data Protection Act (DSG).

Data controller

Company
Mashed Software Solutions GmbH
Chief Executive
Manuel Penaloza
Address
Kasernstraße 30b / Top 104, AT-8010 Graz, Austria
Email
[email protected]

What we process, and why

Contact form & email

When you send us an inquiry through the contact form or via email, we process the name, email address, company, and the content of your message. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (our legitimate interest in answering your request). We keep the message as long as needed to answer it and for any resulting engagement.

Server logs

Our hosting provider records anonymised access data (IP address, date/time, requested URL, user agent) for security and operational diagnostics. Logs are rotated and deleted after a short retention window. Legal basis: Art. 6(1)(f) GDPR.

Analytics & tag management

We use Google Tag Manager to load measurement tags. Tag Manager itself does not collect personally identifiable information, but tags loaded through it may — for example, Google Analytics records anonymised usage statistics (pages viewed, clicks, approximate region). Analytics only runs if you consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR (your consent). Data processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies

We use a small number of cookies and similar storage mechanisms:

  • Essential — required to operate the site (e.g. consent state). No consent needed.
  • Analytics — only after you grant consent; anonymised aggregate usage data.
  • Marketing — never set by us; may appear only if you consent to third-party marketing via the cookie banner.

You can update or withdraw consent at any time through the cookie preferences link in the footer.

Third parties & data transfers

We rely on a small set of processors to deliver the site and our services — hosting and CDN infrastructure, transactional email, tag management, and analytics. Where a processor operates in a jurisdiction outside the EEA, we rely on EU Standard Contractual Clauses and supplementary technical measures as required by the GDPR. A full list of subprocessors is available on request.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you (Art. 15)
  • request correction of inaccurate data (Art. 16)
  • request deletion of your data (Art. 17)
  • restrict processing (Art. 18)
  • data portability in a common machine-readable format (Art. 20)
  • object to processing based on legitimate interest (Art. 21)
  • withdraw consent at any time, without affecting prior lawful processing

To exercise any of these rights, email [email protected]. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) — dsb.gv.at.

Retention

We keep personal data only as long as we need it for the purposes set out above or as required by law (accounting records: seven years under §132 BAO). After that, data is deleted or anonymised.

Security

We use TLS in transit, keep software up to date, and limit internal access to personal data. If a breach meaningfully impacts your rights, we notify you and the supervisory authority as required by Art. 33/34 GDPR.

Changes to this policy

We update this policy when our processing or legal obligations change. Significant changes are communicated on this page with a revised "last updated" date above.

Questions about any of the above? Get in touch — we'd rather answer directly than have you guess.