Skip to main content
LUFTEX Logo

Privacy Policy

1. Controller

chromulus GmbH (LUFTEX)
Simon-Denk-Gasse 1–3/46
1090 Vienna, Austria

Email: info@luftex.eu
Phone: +43 677 610 275 60

LUFTEX is a brand of chromulus GmbH and is aimed exclusively at business customers (B2B), in particular engineering offices, plant constructors, operators and other companies in the field of air conditioning technology and air distribution.

Data protection officer / contact

No data protection officer has been appointed within the meaning of Art. 37 GDPR, as there is no legal obligation to do so.

For all questions regarding data protection and to exercise your rights, you can contact us at:
info@luftex.eu

2. Purposes, legal bases and storage periods

2.1 Visiting the website / hosting (Netlify)

When you visit our website, technical data is automatically processed by our hosting and CDN provider Netlify, Inc. (USA), in particular:

  • IP address
  • Date and time of access
  • Pages and files accessed
  • Browser type and version, operating system
  • Referrer URL
  • Device information

Purposes of processing:

  • Technical provision of the website
  • Ensuring IT security (e.g. defence against attacks, misuse attempts)
  • Performance optimisation (content delivery network)

Legal basis:
Legitimate interest in the secure, stable and efficient operation of our website (Art. 6 (1) lit. f GDPR in conjunction with § 165 TKG 2021).

Our legitimate interest lies, in particular, in ensuring the technical functionality, IT security and optimisation of the performance of our website.

Storage period:
Log data is generally only stored for as long as is necessary for the purposes stated. Further storage only takes place on an exceptional basis (e.g. in the context of security incidents or legal disputes).

2.2 Contact form and callback requests

Via our contact form, we collect in particular:

  • Name
  • Company
  • Email address
  • Telephone number
  • Address (optional or project-specific)
  • Content of your enquiry
  • Optional file attachments (e.g. PDF, DOC(X), images, CAD files, Excel, ZIP)

Purposes of processing:

  • Receipt and response to enquiries
  • Preparation and execution of projects and contracts
  • Documentation of communications (e.g. to track projects)

Legal bases:

  • Pre-contractual measures and performance of a contract (Art. 6 (1) lit. b GDPR), insofar as your enquiry is aimed at the conclusion or performance of a contract
  • Legitimate interest in the efficient handling of B2B enquiries and business contacts (Art. 6 (1) lit. f GDPR)

Storage period:

  • Enquiries related to offers or contracts are stored for up to 7 years where they are relevant for accounting purposes, in accordance with statutory retention obligations.
  • Other communication is generally stored for 7 years from the last contact in order to be able to handle follow-up enquiries and defend legal claims.

2.3 Wash service form

Via the wash service form we additionally collect:

  • Installation address (street, house number, postal code, city, country)
  • Information on textile diffusers (number, diameter, length, positions)
  • Selected shipping option (collection by LUFTEX / own shipping)

Purposes of processing:

  • Planning, preparation of quotations and performance of the washing and cleaning service
  • Logistics (collection, shipping, return delivery)
  • Documentation (maintenance log, service history)

Legal basis:
Performance of a contract and pre-contractual measures (Art. 6 (1) lit. b GDPR).

Storage period:
Data from wash service enquiries and orders is stored for up to 7 years in line with statutory retention obligations, in particular under tax and commercial law.

2.4 Configurator enquiries (external configurator)

Our configurator is provided by an external technical service provider. The data entered there (e.g. project-related information, technical parameters) is not permanently stored by the provider, but is transmitted to us exclusively by email.

Purposes of processing:

  • Development of technical solutions
  • Preparation of quotations
  • Project planning and documentation

Legal bases:

  • Pre-contractual measures and performance of a contract (Art. 6 (1) lit. b GDPR)
  • Legitimate interest in the efficient handling of quotations and projects (Art. 6 (1) lit. f GDPR)

Storage period:
As with contact and quotation enquiries, in particular up to 7 years where related to offers/contracts.

3. Business processing and service providers

3.1 Invoicing, accounting and tax consultancy

For preparing quotations, issuing invoices and performing accounting, we use:

  • sevDesk as a cloud-based invoicing and accounting system (service provider in the EU; processor under Art. 28 GDPR with data processing agreement)
  • Mondsee Treuhand as a tax consultancy and auditing firm (Austria; separate controller)

Purposes of processing:

  • Preparing quotations and issuing invoices
  • Financial accounting
  • Fulfilment of tax and company law obligations

Legal bases:

  • Performance of a contract (Art. 6 (1) lit. b GDPR)
  • Legal obligation (Art. 6 (1) lit. c GDPR, in particular under the Federal Fiscal Code (BAO), VAT Act (UStG) and company law)

Storage period:
At least 7 years in accordance with statutory tax and commercial retention obligations.

3.2 CRM (Pipedrive)

To manage our B2B contacts and sales activities we use the CRM system Pipedrive (Pipedrive OÜ, EU).

Purposes of processing:

  • Management of customer and prospect data
  • Tracking enquiries, quotations and projects
  • Sales control and reporting

Legal bases:

  • Performance of a contract / pre-contractual measures (Art. 6 (1) lit. b GDPR)
  • Legitimate interest in efficient customer and sales management (Art. 6 (1) lit. f GDPR)

Our legitimate interest lies in structuring our sales processes, maintaining customer relationships and documenting projects in the B2B sector in a traceable manner.

Storage period:

  • For the duration of the business relationship
  • After its end, generally 7 years, unless longer statutory retention periods apply; thereafter deletion or anonymisation

3.3 Microsoft 365 and Dropbox

For internal communication and storage we use:

  • Microsoft 365 (e.g. Outlook, Teams, OneDrive)
  • Dropbox for file uploads submitted via the contact form

Purposes of processing:

  • Email communication and collaboration
  • Storage and organisation of quotation, project and communication documents
  • Processing of file uploads (e.g. plans, CAD data, project documents)

Legal bases:

  • Performance of a contract / pre-contractual measures (Art. 6 (1) lit. b GDPR)
  • Legitimate interest in efficient and secure internal communication and document management (Art. 6 (1) lit. f GDPR)

Storage period:
In accordance with the above-mentioned periods for projects, accounting and communication (in particular up to 7 years for accounting-relevant documents).

4. Web analytics and cookies

4.1 Google Tag Manager & Google Analytics 4

We use Google Tag Manager and Google Tag. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Depending on the consent you have given, the following data is processed, among others:

  • Pages and events accessed (e.g. clicks, scroll behaviour)
  • Duration of use and interactions
  • Browser and device characteristics
  • Approximate location (based on IP)
  • Referrer URL

Purposes of processing:

  • Analysis and statistical evaluation of the use of our website
  • Improvement of content, usability and performance
  • Optimisation of our online presence for the B2B target group

Legal basis:
Your consent via our cookie banner (Art. 6 (1) lit. a GDPR in conjunction with § 165 TKG 2021). Without consent, Google Tag and Google Analytics 4 are not loaded.

We configure GA4 in a data protection-friendly way (e.g. no parallel use of Universal Analytics, no user ID; no or restricted advertising features, as far as technically implemented).

Storage period:
Data in GA4 is generally stored for 14 months (depending on the settings chosen in our Analytics account).

Third country transfers:
Google may transfer data to third countries, in particular the USA.

  • Google LLC is certified under the EU-US Data Privacy Framework.
  • In addition, Standard Contractual Clauses (SCC) and technical and organisational measures are used to ensure an adequate level of data protection.

Withdrawal / change of consent:
You can withdraw or adjust your consent at any time with effect for the future by re-opening the cookie settings on our website.

4.2 Necessary cookies and similar technologies

We use technically necessary cookies and similar technologies (e.g. local storage mechanisms) in order to:

  • Provide basic functions (navigation, form submission, session management)
  • Ensure the security and stability of the website
  • Deliver content via our hosting provider Netlify

Legal basis:
Legitimate interest in providing a functional website (Art. 6 (1) lit. f GDPR in conjunction with § 165 TKG 2021). These cookies are technically necessary and cannot be deactivated without impairing the function of the website.

4.3 Google Ads (advertising campaigns)

We use Google Ads to measure and optimise our advertising campaigns. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Depending on the consent you have given, the following data is processed, among others:

  • Conversion events (e.g. form submissions, button clicks)
  • Advertising interactions
  • Approximate location (based on IP)

Purposes of processing:

  • Measuring the effectiveness of advertising campaigns
  • Optimising ad placement
  • Improving Return on Ad Spend (ROAS)

Legal basis:
Your consent via our cookie banner (Art. 6 (1) lit. a GDPR in conjunction with § 165 TKG 2021). Without consent, Google Ads cookies are not set.

Storage period:
Data is stored in accordance with Google Ads retention policies (generally 90 days for conversion data).

Third country transfers:
Google may transfer data to third countries, in particular the USA.

  • Google LLC is certified under the EU-US Data Privacy Framework.
  • In addition, Standard Contractual Clauses (SCC) and technical and organisational measures are used to ensure an adequate level of data protection.

Withdrawal / change of consent:
You can withdraw or adjust your consent at any time with effect for the future by re-opening the cookie settings on our website.

5. Embedded content & external services

5.1 LinkedIn

We include a link on our website to our company profile on LinkedIn (LinkedIn Ireland Unlimited Company).

When you simply visit our website, no social media plugins from LinkedIn are loaded. Data is only transmitted to LinkedIn when you actively click on the link and access our LinkedIn page.

LinkedIn alone is responsible for data processing on LinkedIn. For further information, please refer to LinkedIn's privacy policy.

6. Direct marketing (existing customers)

We use contact data of existing business customers (in particular email address and postal address) in order to send them information about our own, similar products and services.

Legal bases:

  • Legitimate interest in direct marketing in the B2B sector (Art. 6 (1) lit. f GDPR)
  • § 174 TKG 2021 (email marketing to existing customers for similar products/services, provided the email address was collected in connection with a sale and you have not objected)

You can object to the use of your data for direct marketing at any time (see section "Your rights").

7. Newsletter

We are currently not sending a regular newsletter.

If we introduce newsletters or similar email marketing measures in future, the following applies:

  • Emails will only be sent after you have given your explicit consent (double opt-in).
  • At the time of subscription we will inform you about the purpose, frequency and any service providers used.
  • Each email will contain a simple unsubscribe option.

The legal basis would then be your consent (Art. 6 (1) lit. a GDPR) and, where applicable, § 174 TKG 2021.

8. Recipients and third country transfers

Depending on the processing activity, personal data is transmitted to the following categories of recipients:

  • IT and hosting service providers (e.g. Netlify, Microsoft 365, Dropbox, Pipedrive)
  • Accounting and tax service providers (sevDesk, Mondsee Treuhand)
  • Analytics and marketing service providers (Google Tag / Google Analytics 4, Google Ads)

Transfers to third countries (in particular the USA) only take place if:

  • An adequacy decision of the EU Commission exists for the recipient (e.g. EU-US Data Privacy Framework), or
  • Appropriate safeguards within the meaning of Art. 46 GDPR are in place (in particular Standard Contractual Clauses), and
  • Additional technical and organisational measures have been taken to minimise risk.

9. Your rights

As a data subject you have the following rights, subject to the statutory requirements:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on Art. 6 (1) lit. e or lit. f GDPR (Art. 21 GDPR), in particular to direct marketing
  • Right to withdraw consent at any time with effect for the future (Art. 7 (3) GDPR)

To exercise your rights, you can contact us at any time at info@luftex.eu.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

In Austria, this is the Austrian Data Protection Authority (www.dsb.gv.at).

10. Obligation to provide data

For certain processing activities, the provision of personal data is required by law or by contract:

  • To use our wash service, to prepare quotations and to carry out projects, it is necessary to provide contact data, company data and project-related information. Without this data we cannot process your enquiry or conclude/perform a contract.
  • For invoicing and accounting, we are legally obliged to collect and retain certain data (e.g. invoice data). Without this data we cannot issue proper invoices.

In other cases, the provision of your data is voluntary, but may be necessary in order to use certain functions or services (e.g. callback request, contact form).

11. Automated decision-making / profiling

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

12. Changes to this privacy policy

We reserve the right to amend this privacy policy if the legal situation, our data processing operations or technical developments change.

The version published on this website at the time of your visit shall apply.