Privacy Policy
FESIOS GmbH (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what data we collect when you visit fesios.com, why we collect it, who has access to it, and your rights under the EU General Data Protection Regulation (GDPR).
Effective date: May 1, 2026
Controller
FESIOS GmbH
Am Hochkogl 37, 4810 Gmunden, Austria
FN 531469y, Landesgericht Wels
Email: office@fesios.com
Legal basis (Art. 6 GDPR)
We process personal data on the following legal bases:
- Art. 6(1)(b) — to perform a contract or to take steps at your request before entering into one (handling your inquiry sent via the contact form, scheduling meetings).
- Art. 6(1)(a) — your consent (newsletter subscription).
- Art. 6(1)(f) — our legitimate interest in operating, securing, and improving the website (server logs, anti-spam protection).
What we do not collect or use
To keep this site simple and privacy-friendly, we have removed many of the data flows typically present on marketing websites:
- No tracking cookies. This website does not set any cookies on your device.
- No analytics. We do not use Google Analytics, Google Tag Manager, or any other tracking script.
- No social-media tracking pixels (no Facebook Pixel, no LinkedIn Insight Tag).
- No third-party fonts loaded from external CDNs. The Raleway font is served from our own server.
Data we collect
Contact form
When you fill in the contact form on the home page, we collect:
- First name, last name
- Email address
- Company
- Your message
This information is transmitted to our customer-relationship system (HubSpot, see “Processors” below). We use it solely to respond to your inquiry.
Legal basis: Art. 6(1)(b) GDPR.
Retention: as long as needed to handle the inquiry, then archived for documentation; deleted on request.
Newsletter
If you subscribe to the newsletter, we collect your email address with your consent. You can unsubscribe at any time using the link in every newsletter or by emailing office@fesios.com.
Legal basis: Art. 6(1)(a) GDPR.
Retention: until you unsubscribe.
Meeting scheduler
The “Schedule a Meeting” buttons open external scheduling pages hosted by Pipedrive and HubSpot. Personal data you enter there is processed by those providers under their own privacy policies. We receive only the data you provide on those external pages (typically name, email, and meeting time).
Server logs
Our hosting provider (Cloudflare Pages) automatically logs standard request metadata for security and reliability:
- IP address (truncated for analytics)
- Browser type and version
- Date and time of request
- Requested URL and referring URL
- HTTP status code
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in service operation and abuse prevention).
Retention: Cloudflare’s standard retention; see Cloudflare’s privacy policy.
Processors (third-party services)
We use the following processors. Each acts on our behalf under a Data Processing Agreement (Art. 28 GDPR).
| Processor | Purpose | Region | Privacy policy |
|---|---|---|---|
| Cloudflare, Inc. | Hosting (Cloudflare Pages), CDN, DDoS protection, server logs | Global, EU edge | Cloudflare |
| HubSpot Ireland Ltd. | Contact form + newsletter form submissions, CRM, email delivery | EU (eu1 region) | HubSpot |
| Pipedrive OÜ | “Schedule a Meeting” external link target | EU | Pipedrive |
| HubSpot Meetings | “Schedule a Meeting” external link target on blog posts | EU | HubSpot |
Anti-spam protection
The contact form uses two cookie-free techniques to filter automated submissions:
- A hidden honeypot field that legitimate browsers do not see.
- A submit-time check that rejects submissions made within two seconds of page load.
No personal data is processed for these checks.
Transfers outside the EU
Our processors may transfer data to countries outside the EU/EEA. Where this is the case, transfers are governed by the EU Standard Contractual Clauses (Art. 46 GDPR) or equivalent safeguards as documented in each processor’s policy linked above.
Your rights (Art. 15 – 22 GDPR)
You have the right to:
- access the personal data we hold about you
- rectify incorrect data
- have your data erased
- restrict processing
- receive your data in a portable format
- object to processing
- withdraw consent at any time (without affecting prior lawful processing)
- lodge a complaint with the supervisory authority
The Austrian supervisory authority is the Datenschutzbehörde (dsb.gv.at).
To exercise any of these rights, write to office@fesios.com.
Links to external sites
This site links to external websites we do not control. The privacy policy of each linked site applies once you leave fesios.com.
Children
This website is not directed at children under 16. We do not knowingly collect data from children.
Changes to this policy
We may update this privacy policy from time to time. The current version is always available at fesios.com/privacy-policy with the effective date at the top.
Contact
Questions about this policy? Email office@fesios.com.