Data Privacy

1. Controller
80seconds e.U.
Philip Arnhof
Triester Street 16–20/3/33
2334 Vösendorf, Austria
Phone: +43 664 7515 1022
E-mail: [email protected]

2. General Information
We process personal data solely in a B2B context (business contacts, company data).
Purposes: website operation, communication, project execution, billing, marketing, security.
Legal bases (Art. 6 GDPR):
(a) Consent · (b) Contract/pre-contractual · (c) Legal obligations · (f) Legitimate interests (e.g. secure operation, efficient communication, B2B marketing)

3. Your Rights
Access, rectification, erasure, restriction, portability, objection (Art. 21 GDPR), and withdrawal of consent at any time.
You may lodge a complaint with the Austrian Data Protection Authority.
Rights requests: [email protected]

4. Security
SSL/TLS encryption, access controls, role-based permissions, backups, and logging on a need-to-know basis.

5. Hosting (GoDaddy)
Our website is hosted by GoDaddy Operating Company, LLC.
Server logs may include IP address, browser type, OS, access time, requested resource.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, reliable operation).

6. Communication
Contact form / e-mail / phone: we process contact details and inquiry content.
Legal basis: Art. 6(1)(b)/(f) GDPR.
Retention: until completion of the request, max. 6 months unless longer legal duties apply.

7. Project & Customer Tools

GoHighLevel (CRM): communications, pipeline/project organization (no contract data). Legal basis: Art. 6(1)(b)/(f).

sevDesk (Accounting & Contract Data): invoicing, payments, and contract data. Legal basis: Art. 6(1)(c)/(b). Retention: typically 7 years (Austria).

fynk (Contract Management & E-Signature): proposals/contracts, signatures, audit trails. Legal basis: Art. 6(1)(b)/(f).

Loom (Video sharing): project/explainer videos. Legal basis: Art. 6(1)(b)/(f).

Fathom (fathom.video – meeting recorder): recordings, transcripts, metadata. Legal basis: Art. 6(1)(b)/(f).

Frame.io (Production review/feedback): uploads, comments, versions. Legal basis: Art. 6(1)(b)/(f).

Adobe Creative Cloud (Premiere, After Effects, Illustrator etc.): processing and storage of project files, possible sharing via Adobe Cloud links. Legal basis: Art. 6(1)(b)/(f).

Instantly (B2B outreach): business contact data, campaign metadata. Legal basis: Art. 6(1)(f).

Google Workspace (Mail, Drive, Meet): project/communication data, files, calendar entries. Legal basis: Art. 6(1)(b)/(f).

Notion (Project/knowledge management): organizational project and team data. Legal basis: Art. 6(1)(f).

ChatGPT (OpenAI) & Claude (Anthropic): internal assistance for content/workflows; no sensitive data. Legal basis: Art. 6(1)(f).

8. Payments

Stripe: processes payments as an independent controller. Legal basis: Art. 6(1)(b)/(c) GDPR.

Wise: payment services as an independent controller. Legal basis: Art. 6(1)(b)/(c) GDPR.
See each provider’s privacy policy for details.

9. Analytics & Marketing

Google Tag Manager: manages scripts/tags; no profiles itself. Legal basis: Art. 6(1)(f); when deploying tracking tags: Art. 6(1)(a) (consent).

Google Analytics 4: usage metrics (IP anonymization enabled). Legal basis: Art. 6(1)(a). Retention: e.g. 14 months. Opt-out via cookie banner or Google plugin.

LinkedIn Ads (Insight Tag): conversion tracking/remarketing; consent-based. Legal basis: Art. 6(1)(a). Joint controllership with LinkedIn Ireland for collection/transfer.

Meta Ads (Facebook/Instagram Pixel): conversion tracking/remarketing; consent-based. Legal basis: Art. 6(1)(a).

Google Ads (Conversion/Remarketing): measurement/optimization; consent-based. Legal basis: Art. 6(1)(a).

10. Social Media
Embedded elements from LinkedIn/Facebook/Instagram load only after consent (Art. 6(1)(a)). Once activated, providers may receive your IP and associate visits with your account.

11. International Transfers
Where providers are located outside the EEA, transfers rely on EU Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework (DPF). A residual risk of government access cannot be fully excluded.

12. Retention
We store personal data only as long as necessary for the purpose or as required by law.

13. No Automated Decision-Making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

Last update: 19.09.2025