Privacy Policy

Last updated: 15 January 2026

Data Controller Information

This Privacy Policy describes how krastoveli.top AG ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website at krastoveli.top or use our services. We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

We collect personal data that you provide to us directly and information that is automatically collected when you visit our website. The data we collect includes the following categories:

Information You Provide to Us

• Contact Information: Name, email address, phone number, company name, and postal address when you contact us or request our services
• Communication Data: Messages, enquiries, and other communications you send to us through our contact forms, email, or phone
• Service Information: Details about your construction projects, bidding requirements, and analytics needs when you engage our services
• Marketing Preferences: Your preferences regarding marketing communications and newsletter subscriptions

Information Automatically Collected

• Website Usage Data: Information about how you interact with our website, including pages visited, time spent, and navigation patterns
• Technical Information: IP address, browser type and version, operating system, device information, and screen resolution
• Cookies and Tracking Data: Information collected through cookies and similar technologies as described in our Cookie Policy

How We Use Your Information

We use the personal data we collect for legitimate business purposes, including how we use your information to provide our construction analytics services and improve your experience with krastoveli.top. Our use of your data is based on the following legal grounds under GDPR:

Service Provision (Contract Performance)

• Providing contractor bid performance analytics and consulting services
• Communicating with you about your projects and service requirements
• Processing payments and managing client accounts
• Delivering reports, recommendations, and analytical insights

Legitimate Business Interests

• Improving our website functionality and user experience
• Conducting market research and analytics to enhance our services
• Protecting our business interests and preventing fraud
• Maintaining records for business and legal purposes

Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Maintaining records required by Austrian and EU business regulations
• Responding to legal requests and protecting legal rights

Consent-Based Processing

• Sending marketing communications and newsletters (where you have opted in)
• Using cookies for analytics and marketing purposes (subject to your cookie preferences)
• Processing special categories of data where required for our services

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner or by visiting our detailed Cookie Policy page.

Our website uses the following types of cookies:

• Necessary Cookies: Essential for website functionality and security
• Analytics Cookies: Help us understand website usage and performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for advertising and personalised content delivery

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers

We may share data with trusted third-party service providers who assist us in operating our website, conducting business, or providing services to you, including:

• Cloud hosting and data storage providers
• Email communication and marketing platforms
• Analytics and website performance services
• Payment processing services

Legal Requirements

We may disclose your personal data if required by law, legal process, or to protect our rights, property, or safety, or that of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the business transaction.

International Data Transfers

As we operate primarily within the European Union, your data is generally processed within the EU/EEA. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules or certification schemes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Our data retention periods are based on:

• Client Data: Retained for the duration of our business relationship plus 7 years for legal and tax compliance purposes
• Marketing Data: Retained until you withdraw consent or for up to 3 years of inactivity
• Website Data: Analytics data retained for up to 26 months; technical logs for up to 12 months
• Communication Records: Retained for up to 5 years for business and legal purposes

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Access and Portability

• Right of Access: Request a copy of the personal data we hold about you
• Right to Data Portability: Receive your data in a structured, machine-readable format

Correction and Deletion

• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances

Processing Restrictions

• Right to Restrict Processing: Request limitation of processing under certain conditions
• Right to Object: Object to processing based on legitimate interests or for direct marketing

Consent Management

• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis
• Right to Lodge a Complaint: File a complaint with the Austrian Data Protection Authority (Datenschutzbehörde)

To exercise any of these rights, please contact us at [email protected] or +43 17263541. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Staff training on data protection and security
• Incident response and breach notification procedures

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice through email or other means.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following information:

Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Austrian Data Protection Authority: