Privacy Policy | Gewista
  • En-De

Privacy and Personal Data Protection Policy

The Gewista Advertising Company is aware of its immense responsibility regarding the processing of personal data and is, therefore, committed to complete adherence of data protection laws within the framework of its social responsibility. Of uppermost priority to us, is the safeguarding of the personal rights and privacy of each individual in the handling of personal data.

We, hereby, conduct ourselves in accordance with the principles of legality, transparency, appropriation, storage limitation and data security.

The existing privacy policy serves to inform our clients and potential clients about all aspects of the processing of their personal data (transparency) and to facilitate access to their rights and options within the framework of data protection regulations. It will also describe those measures that we have put into place in order to protect the security and confidentiality of data. We process personal data solely for the purposes that were determined prior to the collection of data. We only process the type of personal data that is necessary for the implementation of our services and for the administration of clients and potential clients. This only applies when the service is purchased or we are obliged by legal stipulations. The processing of all personal data follows strict observance of current regulations regarding data protection laws. Personal data is neither published nor passed on unauthorized to any third party by us. The processing of data takes place exclusively within the European Union.

This privacy policy applies to our website Single pages may include links to other providers and controllers, to which this privacy policy is not extended. We accept no liability for this content.

Legal Principles of our Data Processing

We process data of clients, as well as potential clients and information purchasers that have made their personal data available to us on the basis of their enquiry.

The data protection is based on the following legal principles:
1. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2. the data subject has given consent to the processing of his or her personal data for one or more specific purposes. This consent may be revoked at any time


Contract Data Processor

A data processing order exists when a data processor is charged with the processing of personal data, without being held responsible for the associated business process. In such cases we reach an agreement with the external data processor regarding a data processing order. In doing so, we maintain full responsibility for the correct implementation of the data processing in accordance with data protection laws. The data processor may only process personal data within the framework of the instructions issued by the person responsible.

We only work with contract data processors (for example, printers or mail-order agencies) that provide sufficient guarantees that suitable technical and organisational measures will be taken in the processing, in accordance with the requirements of the GDPR and, therefore, ensuring the protection of personal data. The processing by a contract data processor only takes place on the basis of a contract with us, that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. All contract data processors that process and check personal data are monitored on a regular basis to verify that they are complying with the stipulations of data protection laws.


Data Types and the Purpose of Processing

The personal data of our clients and potential clients is collected and processed by us for the purpose of service and information provision. The personal data is stored for the duration of their service or information reference and for as long as claims arising from it may exist or legal regulations require the processing.

Duration of Data Storage

We only store personal data for as long as the purpose of processing requires it and legal claims may exist, or for as long as legal regulations stipulate us to. They will be irrevocably deleted afterwards.

For example, the personal data in question must be stored for 7 years due to legal regulations (record preservation obligations) of the Austrian Commercial Code (§ 212) and the Federal Fiscal Law (§ 132) for accounting and financial data.

Collection and processing of personal data when visiting our website.

When you visit our website, our web server stores each request temporarily in a log file. The following data is, thereby, gathered and stored encrypted for 6 months:
• IP-Address of the enquiring computer
• Date and time of the request
• Name and URL of the requested page
• Data quantity transferred
• Report if the retrieval was successful
• Identification data of the browser used and operating system

The processing of this data takes place for the purpose of enabling use of the website, system security, the technical administration of the network infrastructure, as well as the optimisation of the internet presence. The log file will only be analysed in the event of attacks on our network infrastructure.


Our cookie information site explains how we handle cookies, embeddings and other trackers when you use our website, and how you can choose to consent or opt-out.

Pardot - Newsletter

We use the newsletter tool Pardot from Salesforce Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States. The Pardot newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, Pardot may see if and when an e-mail was opened by a data subject. In addition, newsletter tracking is used to determine which links in the email were accessed by the data subject. The data collected by Pardot is also processed in the USA.

Such personal data collected via the tracking pixels contained in the newsletters and the newsletter tracking are stored and evaluated by the controller in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given via the double opt-in procedure to unsubscribe from the newsletter. After a revocation, no further data will be collected and the address will be placed on a blacklist to document the unsubscription and prevent further mailings.
You can find Salesforce's privacy policy at

Web Analysis - Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
On behalf of the operating company of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to website activity and internet usage to the website operating company. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. [You will find information on how to integrate the opt-out cookie at:
We continue to use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not wish for this to happen, you can deactivate it using the Ads Preferences Manager (

Meta Pixel (formerly Facebook Pixel)

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy ( This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. 

We use the advanced matching function within the meta pixel.
Enhanced matching enables us to transmit various types of data (e.g. place of residence, state, zip code, hashed email addresses, name, gender, date of birth or telephone number) of our customers and prospects that we collect via our website to Meta (Facebook). This activation allows us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended comparison improves the allocation of website conversions and expands Custom Audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. 
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: and
You can find further information on protecting your privacy in Facebook's data protection information:
You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at…. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance:

Data Security Measures

Personal data that is processed by us will be stored and secured with particular care, both on a technical and organizational level. You are protected from accidental or unlawful destruction and loss and we ensure that it is used properly and that the data is not accessible to unauthorized persons. All our contract data processors are bound by a contractual agreement with us to adhere to all technical and organizational measures to ensure secure processing. This is verified by us on a regular basis.

Data Protection Officer

The data protection officer works in conjunction with the highest level of the organization and is the first person of contact in matters of data protection. They meet on a regular basis to discuss matters of data security and protection.

He works, when necessary, in conjunction with the supervisory authorityand acts as person of contact for the supervisory authority in matters related to the processing of personal data, inclusive of prior consultation. Persons concerned may consult the data protection officer on any matter relating to the processing of their personal data and the exercise of their rights in relation to any matters that may arise. We ensure that the data protection officer receives no instructions in the fulfillment of his duties. The contact details of our data protection officer can be found in the contact information at the end of the privacy policy.

Communication Obligation

In the event of a personal data breach, we are obliged to notify the supervisory authorityof such a breach immediately. It is likely that such a breach will harm the privacy of persons concerned or the personal data itself, therefore, the supervisory authoritymay require us to communicate the personal data breach to the data subject, after consideration of the probable effects of the breach.

Information regarding the rights of persons concerned

As a data subject you are entitled to a right to information regarding personal data stored about you, a right to rectify incorrect data, to restriction and opposition to processing and to deletion. In order to exercise this right, you must provide a suitable form of identification. Our information will provide the processed data, information about their origin, any recipients or recipients of transfers, the purpose of the use of the data and the legal basis for this in a generally understandable form. On your request, names and addresses of contract processors are also made known. As a solicitor of information, you must participate in the information procedure to an extent that is reasonable to you in order to avoid unjustified and disproportionate efforts on the part of the person responsible for data processing. Within a month following arrival of your request, we will issue the information or state in writing why it cannot be issued or not fully issued. For information about your personal data or their rectification or deletion or if you have further questions about the use of your personal data provided to us, please contact our data protection officer. The contact options can be found at the end of this privacy policy.


The Supervisory Authority

In the case of an alleged inadequacy of the protection of personal data, persons concerned have the possibility to lodge a complaint with the Austrian Data Protection Authority - Datenschutzbehörde (

Modification to this Privacy Policy

As this information is subject to the current legal situation and our services are constantly being further developed, we reserve the right to change this privacy policy accordingly. We recommend reading this privacy policy on a regular basis to stay informed about the personal data we collect.

The company responsible is the Gewista Advertising Company GmbH; Address: Litfaß Straße 6, 1031 Vienna, E-Mail:

Contact address of the data protection officer: