Data Privacy

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed under this text.

Data Collection on this Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operators (Cereno Group). Their contact details can be found in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in our contact form. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior. However, we mainly use your data to process your contact requests.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. You can contact us at any time at the address given in the imprint for this and for further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. For details, please refer to the data protection declaration under 'Right to restriction of processing'.

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

The host is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

The website is hosted on its own servers.

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

Cereno Group

Email: contact@cerenogroup.com

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Storage period

Unless a more specific storage period has been specified in this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

General information on the legal basis for data processing

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 para. 1 GDPR. In the case of express consent to the transfer of personal data to third countries, data processing is also based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g. via device fingerprinting), the data processing is additionally based on § 25 para. 1 TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary for the fulfillment of a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. The data processing can also be based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this data protection declaration.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 ABS. 1 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedy.

The data protection authority responsible for us in Austria is:

Data Protection Authority Barichgasse 40-42 1030 Vienna Phone: +43 1 52 152-0 Email: dsb@dsb.gv.at Website: https://www.dsb.gv.at/

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.

What data is collected via the contact form:

• Name (mandatory field)
• Email address (mandatory field)
• Subject of the request (mandatory field)
• Message text (mandatory field)
• Timestamp of the request
• IP address (for security purposes)

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Social media links

Our website contains links to social networks (Instagram). These links take you to the respective platforms. When you click on these links, you will be redirected to the external platforms. We have no influence on the data processing of these providers.

The linking to the social media is done via simple HTML links. There is no automatic data transfer or loading of external content as long as you do not actively click on the links. Only when you click on a link do you leave our website and are redirected to the corresponding social media platform.

Instagram:

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy: https://help.instagram.com/519522125107875

Information on the handling of your personal data when using the social networks can be found in the respective data protection declarations of the providers.

Cookies

IMPORTANT NOTE: This website currently does NOT use cookies. We do not use tracking cookies, analysis cookies or advertising cookies. The website functions completely without storing cookies on your end device.

Internet pages sometimes use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Since we do not currently use cookies, you do not need to make any settings regarding cookies. Should we use cookies in the future, we will inform you accordingly and ask for your consent.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Local Storage and Session Storage

This website currently does not use local storage or session storage to store data in your browser.

JavaScript

This website uses JavaScript for interactive functions such as the contact form and video player. JavaScript is only used for the basic functionality of the website and does not collect any additional personal data.

E-mail dispatch via Amazon SES

We use Amazon Simple Email Service (SES) to send e-mails via our contact form. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

Amazon SES is a service for the technical dispatch of e-mails. The data entered via our contact form is processed on Amazon's servers. In this way, Amazon SES can recognize when our e-mails have been opened and which links they contain have been clicked. This allows us to determine which of the messages sent were successfully delivered.

The data processing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in using a secure and efficient e-mail system. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

The content transferred between you and us by e-mail will remain with Amazon until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected.

For more details, please see the Amazon SES privacy policy at: https://aws.amazon.com/de/privacy/

As a data subject, you have the following rights:

• Right to information (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw the data protection declaration of consent

If you would like to exercise your rights mentioned above, please contact:

Cereno Group

Email: contact@cerenogroup.com

Security Measures

We use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Technical and organizational measures

We have taken the following technical and organizational measures:

• Encryption of data transmission (HTTPS/SSL)
• Regular security updates of the software used
• Restriction of access to personal data to authorized persons
• Regular data backups
• Secure password policies
• Logging and monitoring of system access

Changes to this Data Protection Declaration

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.

We will inform you of any significant changes to this data protection declaration by e-mail, if we have your e-mail address, or by means of a prominent notice on our website.

This data protection declaration is currently valid and is dated 16.8.2025.

Questions about Data Protection?

If you have any questions about this data protection declaration or would like to learn more about the processing of your personal data, please do not hesitate to contact us:

Cereno Group

Email: contact@cerenogroup.com

We take data protection seriously and will be happy to answer your questions within 30 days.