Privacy Policy

oneSec FlexCo

Adamsgasse 15/Top 3

1030 Vienna, Austria

Email: office@one-sec.eu

When you access the website, technically necessary connection data may be processed. This may include your IP address, access time, requested page, browser, operating system, and transferred data volume.

The website is delivered through Vercel. Vercel may process this data as our processor where necessary for delivery, abuse prevention, error analysis, and security.

The legal basis is our legitimate interest in providing a secure, stable, and efficient website under Article 6(1)(f) GDPR.

When you contact us through a form, we process your name, work email address, optional company and role, selected enquiry type, message, page language, and the source of the enquiry.

We use this information only to handle your enquiry, communicate with you, and where relevant take steps before entering into a contract. The legal basis is Article 6(1)(b) GDPR where your enquiry concerns a potential contract; for other business enquiries, it is our legitimate interest in responding under Article 6(1)(f) GDPR.

Your name, email address, and message are required so that we can identify and respond to your enquiry. Other fields are optional. We cannot process the form without the required information.

We use Vercel for hosting, Supabase to store contact enquiries, Resend to deliver the notification to office@one-sec.eu, and Google reCAPTCHA Enterprise for automated abuse and spam prevention on the contact form. Access is otherwise limited to responsible oneSec personnel where required to handle the enquiry.

These providers process data on our instructions under data-processing agreements. We do not sell contact details or disclose them for third-party advertising.

Where providers process data outside the European Economic Area, transfers rely on an adequacy decision, including the EU-U.S. Data Privacy Framework where applicable, or on the European Commission’s Standard Contractual Clauses and supplementary safeguards.

The public website uses no marketing cookies, web analytics, or advertising trackers. Supabase authentication cookies are not set during an ordinary visit to the public pages.

Google reCAPTCHA Enterprise is loaded when a contact form is displayed. Technical connection, device, and interaction data may be sent to Google and assessed to detect automated or abusive use. The legal basis is our legitimate interest in maintaining the security and availability of the form under Article 6(1)(f) GDPR.

If you expressly select light or dark appearance in the footer, that preference is stored locally in your browser under the key “onesec-theme”. It remains until you select “Auto” or clear browser data and is used only to display the site as requested.

Strictly necessary Supabase authentication cookies are used only in the protected administration area for authorised oneSec personnel. They are not intended for public visitors and are not used to build profiles.

Because the public website does not use tracking or marketing technologies that require consent, we do not display a cookie banner.

Records in the website lead system are deleted automatically twelve months after receipt. Resulting email or business correspondence is retained only for as long as needed for the communication and relevant business purpose.

If an enquiry results in a business relationship, or records are required to establish, exercise, or defend legal claims, relevant records may be retained for the applicable statutory limitation and record-keeping periods.

Technical logs are retained under the hosting provider’s security and retention settings only for as long as needed for operation, error analysis, and abuse prevention.

We do not use data collected through this website for automated decision-making or profiling within the meaning of Article 22 GDPR.

Subject to the GDPR, you may request access, rectification, erasure, restriction, and, where applicable, portability. You may object to processing based on legitimate interests for reasons arising from your particular situation.

To exercise your rights, email office@one-sec.eu.

You may also lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria:

https://www.dsb.gv.at/

We use risk-appropriate technical and organisational measures, including encrypted transmission, access restrictions, data minimisation, and browser security policies, to protect personal data against loss, unauthorised access, and improper alteration.

We update this policy when the website, its service providers, or legal requirements change. The version published on this page is the applicable version.