Data Protection Policy

1. Introduction

We respect your privacy and will protect your personal information. Therefore, we process your data exclusively on the basis of the legal regulations (GDPR, Austrian Telekommunikations-Gesetz 2003). In this privacy policy we inform you about the most important aspects of data processing within our website.

2. Contacting Us

If you contact us via the form on our website or by e-mail, your data will be stored in order to process the request and act in regard to further business activities. This information will not be shared with any third party outside of the HOT Energy Group without your explicit consent.

3. Storage and Use of Data

To simplify the registration process for our training activities, the IP data of the subscriber is stored within the scope of cookies. Further registration-related information—such as name, company, address, job title, telephone number, e-mail address, and credit card number (if payment is made via credit card)—is stored as well. The data you provide is required to fulfil the contract and/or to carry out pre-contractual measures. Without this data we cannot conclude the contract with you.

A transfer of data to third parties outside of the HOT Energy Group does not take place, with the exception of the transmission of the credit card data to the processing bank/payment service provider for the purpose of debiting the purchase price, to our tax advisor to fulfil our tax obligations, and to our local representatives for the purpose of customer service. In order to fulfil the contract with you, your personal data will also be shared with the course instructor for administrative purposes.

After cancelling the registration process, the data stored with us during this process will be deleted. In the case of a contract, all data from the contractual relationship is stored until the tax retention period (7 years) has expired. In the case of an active business relationship, the data might be stored longer than that.

We and our external, local representatives may use participant contact information (mail address, email, telephone, mobile number, fax) to provide course participants with updated information related to training courses or to inform (potential) participants regarding future training offers.

We reserve the right to film training sessions and take photos of course participants. Furthermore, we reserve the right to use, edit, or alter these photos and videos for internal and external publication online (e-mails, newsletters, social media platforms, websites of the HOT Energy Group, its affiliated companies, intranet, marketing presentations) and offline (company brochures, sales and/or product brochures, training guides and brochures, exhibition and trade fair appearances, marketing presentations, company profiles).

Data processing takes place on the basis of the statutory provisions of § 96 (3) TKG and Art. 6 (1) lit. a (consent) and/or lit. b (necessary for fulfillment of the contract) of the GDPR.

Our customer login area is designed to provide a secure platform for users to access and share files. When creating an account, users are required to provide their email address for authentication purposes. We take stringent measures to safeguard the information within this login area, but it is important that you refrain from disclosing any sensitive personal data through this system, such as health data, social security numbers, religion, political opinions, etc. Our commitment to data privacy extends to this login area, and we adhere to all relevant regulations, including GDPR, to ensure the protection of user information.

4. Cookies

Our website uses cookies, which are small text files that are stored on your device while using the browser and do not cause any harm. We use cookies to make our offer user-friendly. Some cookies remain stored on your device (until you delete them), which allows us to recognize your browser on your next visit. If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you agree to this only in individual cases. Disabling cookies may limit the functionality of our website.

5. Web Analysis

5.1 Google Analytics

Our website uses features of Google Analytics, a web analytics service provided by Google, Inc. (“Google”), located in the United States. For this purpose, cookies are used that allow an analysis of the use of the website by its users. The information generated thereby is transmitted to the server of the provider and stored there. You can prevent this by setting up your browser so that no cookies are stored.

We have concluded a corresponding data processing contract with the provider. However, in the event that IP anonymization is activated during the use of our website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

Google will use this information on our behalf to evaluate your use of the websites, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting in your browser. However, in this case you may not be able to use all features of our website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.

5.2 Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognises visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies to provide transparency on how our visitors use our website, and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services.

For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

6. Categories of Data

• Website Interaction: Technical usage data (IP address, timestamps, device identifiers, browser type) captured in server logs and security tooling to ensure availability and integrity of our services.
• Business Relationships: Master data (name, role, company, contact details), contract data, project documentation, and communication history collected to prepare, conclude, and fulfil commercial agreements.
• Client Workspaces: Authentication credentials, audit logs, and optional metadata uploaded by authorised users. Sensitive categories of personal data should not be stored within the workspace environment.
• Marketing Communications: Subscription preferences, event participation, download history, and tracking preferences managed through consent-based tools.

7. Purposes & Legal Bases

• Contract Fulfilment: Art. 6(1)(b) GDPR for research projects, laboratory services, and digital platform access.
• Legitimate Interests: Art. 6(1)(f) GDPR for service improvement, information security, and customer relationship management. Legitimate interests are documented within our ISO 9001 risk assessments.
• Consent: Art. 6(1)(a) GDPR for newsletters, optional analytics cookies, and event photography.
• Legal Obligations: Art. 6(1)(c) GDPR for tax, commercial, and export control requirements.

8. Retention & Deletion

• General Retention: Business records are retained in accordance with § 257 HGB and § 147 AO for up to 10 years. Contractual and quality documentation follow ISO 9001 controlled document lifecycles.
• Marketing Data: Stored until consent is withdrawn or inactivity exceeds 24 months, after which records are anonymised or deleted.
• Workspace Accounts: User accounts are deactivated after contract termination and purged within 90 days unless statutory retention requires longer storage.

9. Security & Governance

• Organisational Measures: Access rights management, dual-control approvals, supplier due diligence, and employee awareness programmes are documented within our ISO 9001:2015 quality management system.
• Technical Measures: Encryption in transit, hardened infrastructure, multi-factor authentication for privileged accounts, and regular vulnerability assessments.
• Incident Response: Data breaches are assessed within 24 hours. Reportable incidents are notified to the supervisory authority and affected individuals without undue delay pursuant to Art. 33 & 34 GDPR.

10. Recipients & Transfers

• Internal Recipients: Access to personal data is limited to teams with a documented need-to-know basis, including laboratory operations, engineering, sales, and finance.
• External Processors: We engage certified hosting providers, analytics vendors, and logistics partners under Art. 28 GDPR data processing agreements with confidentiality obligations and audit rights.
• International Transfers: Transfers outside the EU/EEA occur only where adequacy decisions exist or via EU Standard Contractual Clauses supplemented by documented transfer impact assessments.

11. Your Rights

• Data Subject Rights: You may request access, rectification, erasure, restriction, data portability, or object to processing. Requests can be submitted to privacy@fluidxlab.com.
• Withdrawal of Consent: Consent can be withdrawn at any time with effect for the future. Use the unsubscribe function in communications or contact us directly.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority indicated above if you believe your data is processed unlawfully.

12. Updates to this Policy

• Version Control: This policy is reviewed at least annually as part of our ISO 9001 management review and whenever regulatory or technological changes require adjustments.
• Effective Date: Version 2.0 · Effective 01 February 2025.

13. Contact

Data Protection Queries: Email privacy@fluidxlab.com or write to fluidXlab GmbH, Data Protection, Am Stollen 19 B, 38640 Goslar, Germany.

Emergency Hotline: +49 5321 394 77 67 (24/7 incident response coordination)