Data protection declaration

Privacy policy

Last updated: 29 October 2025

Thank you for your interest in the information on our website!

With the help of this privacy policy, we would like to inform the users of our website about the type, scope and purpose of the processing of personal data. Personal data in this context is all information with which you as a user of our website can be personally identified (theoretically, possibly via detours or by linking various data), including your IP address. Information that is stored in cookies is generally not personal or only personal in exceptional cases; however, this is covered by a special regulation that makes the permissibility of the use of cookies largely dependent on the user’s active consent, depending on their purpose.

In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including the collection of data on our website. In particular, you as the data subject will be informed of the rights to which you are entitled.

The terms used in our privacy policy and our data protection practices are based on the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legislation.

Person responsible

The controller within the meaning of the GDPR is :

VA Intertrading Aktiengesellschaft
Strasserau 6, 4020 Linz , Österreich

Phone: +43 732 7804 0
E-mail: datenschutz@vait.com

Data Protection Coordinator:
Mr. Dominik Baumgartner

Data collection on our website

On the one hand, personal data is collected from you if you expressly provide it to us; on the other hand, data, in particular technical data, is collected automatically when you visit our website. Some of this data is collected to ensure that our website functions correctly. Other data may be used for analysis purposes. However, you can generally use our website without having to provide any personal data.

Technologies on our website

Cookies and local storage

We use cookies on our website to make our internet presence more user-friendly and functional. Some cookies remain stored on your end device.

Cookies are small data packets that are exchanged between your browser and our web server when you visit our website. They do not cause any damage and are only used to recognise website visitors. Cookies can only store information that is supplied by your browser, i.e. information that you have entered into the browser yourself or that is available on the website. Cookies cannot execute code and cannot be used to access your end device.

The next time you visit our website with the same end device, the information stored in cookies may subsequently be sent back either to us (“first-party cookie”) or to a third-party web application to which the cookie belongs (“third-party cookie”). Through the stored and returned information, the respective web application recognises that you have already accessed and visited the website with the browser of your end device.

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originated
  • Cookie ID number
  • A date on which the cookie is automatically deleted

Depending on their intended use and function, we divide cookies into the following categories:

  • Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to maintain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping basket).
  • Statistics cookies to understand how visitors interact with our website by collecting and analysing information anonymously only. This provides us with valuable insights to optimise both the website and our products and services.
  • Marketing cookies to set targeted advertising activities for users on our website.
  • Unclassified cookies are cookies that we are currently trying to classify together with providers of individual cookies.

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when you close your browser. No information remains on your end device. Persistent cookies store information between two visits to the website. This information is used to recognise you as a returning visitor on your next visit and the website responds accordingly. The lifespan of a permanent cookie is determined by the provider of the cookie.

The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent. You can revoke your consent to the use of cookies at any time for the future. Consent is voluntary. If it is not given, there are no disadvantages. Further information about the cookies we actually use (in particular about their purpose and storage duration) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.

You can also set your Internet browser so that the storage of cookies is generally prevented on your end device or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can delete them at any time. You can find out how all this works in detail in the help function of your browser.

Please note that a general deactivation of cookies may lead to functional restrictions on our website.

We also use local storage functions (also known as “local storage”) on our website. This means that data is stored locally in your browser’s cache and can continue to exist and be read even after you close the browser – unless you delete the cache or it is session storage.

Third parties cannot access the data stored in local storage. If special plugins or tools use the local storage functions, this is described in the respective plugin or tool.

If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

etracker

Provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, e-mail: privacy@etracker.com
Purpose: Analysis and optimisation of website usage
Category: Statistics
Recipient: Germany
Processed data: Pseudonymised IP address, technical information on browser, operating system and end device, location information up to a maximum of city level, URL accessed with page title, referrer website, length of visit, interactions on the website
Data subjects: Users
Technology: JavaScript, pixel technology, local storage
Legal basis: Consent (purpose)
Website: https:www.etracker.com
Further information: https:www.etracker.com/datenschutzerklaerung/https:www.etracker.com/impressum/

We use the etracker service on our website to analyse and optimise our web offering. etracker is an analysis tool that measures and evaluates the performance of our website and online campaigns. It enables us to gain detailed insights into user behaviour and improve our offering accordingly.

etracker works on the basis of pixel technology and uses a cookie-less mode by default. When you use our website, a JavaScript code is integrated into the HTML source code to enable data collection. The following data is collected and processed:

  • Pseudonymised IP address
  • Technical information on browser, operating system and end device
  • Location information up to city level
  • Called URL with page title and optional information about the page content
  • Referrer websiteDuration spent on the website
  • Interactions on the website (e.g. clicks, search terms entered, files downloaded)

All relevant information on any cookies used, including name, purpose of use and storage duration, can be found in our detailed list of cookies.

Local Storage is used by etracker for various purposes. The local storage entries are set in connection with the corresponding opt-in cookies. The use of local storage enables etracker to store certain information on the client side and retrieve it when required without having to send it to the server with every request.

The storage period of the collected data depends on the individual settings. If no specific information is available, the data will only be stored for as long as is necessary to fulfil the purpose or as required by statutory retention obligations. Once these periods have expired, the data will be deleted immediately.

Additional details can be found in the linked further information. We recommend that you check these links regularly for changes in order to stay informed about etracker’s current practices. Additional information on the rights of data subjects and the relevant contact details can be found in the general section of this privacy policy.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA)
Purpose: Protection against misuse, prevention of spam
Category: Technically required
Recipient: EU, USA
Data processed: IP address, details of the website visit
Data subjects: Users
Technology: JavaScript call, cookies, local storage
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centres are located: https://www.google.com/about/datacenters/locations/

The Google reCAPTCHA service is used on our website to protect against misuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google’s servers. This informs Google that our website has been accessed via the IP address of a user.

The purpose of reCAPTCHA is to check whether data is entered on our website by a human or by an automated programme. For this purpose, reCAPTCHA analyses the user’s behaviour based on various characteristics. This analysis begins automatically as soon as the user accesses our website. To analyse this, reCAPTCHA evaluates various pieces of information.

According to our information, the following data is processed by Google:

  • the address of the page from which the user came
  • IP address
  • Information about the operating system
  • Cookies
  • Mouse and keyboard behaviour
  • Date and language settings
  • All Java Script objects
  • Screen resolution

The data collected during the analysis is forwarded to Google and used by Google. The reCAPTCHA analyses run completely in the background.

Cookies are used to process the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services unless a user is logged into their Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user’s device to store data.

Hosting

As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest in optimising our website offering. To provide our online presence, we use the services of web hosting providers to whom we make the above-mentioned data available as part of order processing.

Contact us

Our website offers various options for contacting us, for example via contact forms or e-mail addresses provided. When contacting us, the personal data provided will be processed exclusively for the purpose of processing and responding to the respective enquiry. The processing takes place insofar as this is necessary to carry out pre-contractual measures or to fulfil a contract, or on the basis of legitimate interests, for example to maintain customer relationships or to document processes.

It may be necessary to provide certain data in order to fully process an enquiry. Without this information, it may not be possible to process the enquiry, or only to a limited extent.

Personal data from contact enquiries may also be stored in a customer or prospective customer database on the basis of legitimate interests in order to optimise communication and support. Use for marketing purposes only takes place if separate consent has been obtained or a legitimate interest exists and there are no overriding interests of the data subject that require protection.

Personal data from contact enquiries will only be stored for as long as is necessary for the processing and handling of the enquiry or for as long as statutory retention obligations exist. After final processing of the enquiry and expiry of any legal deadlines, the data will be deleted or anonymised. As a rule, the deletion takes place at the latest after three years without further contact, provided that there are no longer legal or contractual retention obligations.

Further information on the handling of personal data can be found in the website’s privacy policy.

Server log files

For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about access to our website in so-called server log files, which your browser automatically transmits to us.

The access data that we process includes

  • Name of the website accessed
  • Browser type used incl. version
  • Operating system used by the visitor
  • the page previously visited by the visitor (referrer URL)
  • Time of the server request
  • Amount of data transferred
  • Host name of the accessing computer (IP address used)

This data is not assigned to any natural person and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimisation of our Internet offering. This data is only transmitted to our website host. This data is not combined or merged with other data sources. If there is any suspicion of unlawful use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest in the technically error-free presentation and optimisation of our website.

The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data is stored until an incident has been finally clarified.

SSL encryption

When you visit our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest in the use of suitable encryption techniques.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the state of the art.

Webcare

Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent Management
Category: technically required
Recipient: EU, AT
Processed data: IP address, consent data
Data subjects: Users
Technology: JavaScript call, cookies, swarm crawler
Legal basis: Legitimate interest, consent (swarm crawler for analysing search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/company/info

We use the Webcare tool on our website for consent management. Webcare records and stores the decision of the respective user of our website. Our consent banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started if the user has given their express consent to their use.

For this purpose, we store information on the extent to which the user has confirmed the use of cookies. The user’s decision can be revoked at any time by accessing the cookie settings and managing the declaration of consent. Existing cookies are deleted after consent is revoked. A cookie is also set to store information about the status of the user’s consent, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to the DataReporter server when this service is accessed. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service.

With the help of Webcare, our website is regularly analysed for technologies relevant to data protection law. This analysis is only carried out for those users who have expressly given their consent (for statistical or marketing purposes). The search results of the users are evaluated by Webcare in anonymised form and only in relation to technologies and used to fulfil our information obligations. To start the swarm crawler technology, a request is sent to our servers and the IP address of the user is transmitted for the purpose of data transfer. Servers are selected that are geographically close to the respective location of the user. It can be assumed that for users within the EU, a server located within the EU will also be selected. The user’s IP address is not stored and is removed immediately after the end of the communication.

General information on data protection

The following provisions apply not only to the collection of data on our website, but also to the processing of personal data in general.

Personal data

Personal data is information that can be assigned to you individually. Examples of this include your address, your name and your postal address, e-mail address or telephone number. Information such as the number of users who visit a website is not personal data because it cannot be assigned to an individual person.

Legal basis for the processing of personal data

Unless more specific information is provided in this privacy policy (e.g. for the technologies used), we may process your personal data on the basis of the following legal bases:

  • Consent pursuant to Art. 6 para. 1 lit. a GDPR – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Contract fulfilment and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
  • Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR – Processing is necessary for compliance with a legal obligation.
  • Protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR – Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our home country may apply.

Transmission of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the protection of legitimate interests and for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR and this is permitted by law and / or
  • it is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR.

Cooperation with processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of an order processing contract, this is done in accordance with Art. 28 GDPR.

Transmission to third countries

If we process data in a third country or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this will only take place on the basis of the legal bases described above for the transfer of data.

Subject to express consent or contractual necessity, we process or have the data processed in accordance with Art. 44-49 GDPR only in third countries with a level of data protection recognised as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations.

Data transfer to the USA / cancellation of the Privacy Shield

We would like to expressly point out that as of 16 July 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called “Privacy Shield”, an adequacy decision of the EU Commission pursuant to Art 45 GDPR, with which the USA was confirmed to have an adequate level of data protection under certain circumstances, is no longer valid with immediate effect.

The Privacy Shield is therefore no longer a valid legal basis for the transfer of personal data to the USA!

If we transfer data to the USA at all or if we use a service provider based in the USA, we explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).

What can the transfer of personal data to the USA mean for you as a user and what risks exist in this context?

Risks for you as a user are in any case the powers of the US intelligence services and the legal situation in the USA, which, according to the ECJ, currently no longer ensure an adequate level of data protection. These include the following points:

  • Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no restrictions on the surveillance activities of the intelligence agencies and no guarantees for non-US citizens.
  • Presidential Policy Directive 28 (PPD-28) does not provide affected persons with effective legal remedies against measures taken by the US authorities and does not provide any limits for ensuring proportionate measures.
  • the ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the intelligence services.

Legally compliant transfer of data to the USA on the basis of the standard contractual clauses?

The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 5 February 2010), Art. 46 para. 2 c GDPR, are still valid, but a level of protection for personal data must be ensured that corresponds to that in the European Union. Therefore, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisdiction, administrative practice of authorities).

The standard contractual clauses cannot bind authorities in the USA and therefore do not provide adequate protection in cases where the authorities are authorised under US law to interfere with the rights of data subjects without additional action by us and our service provider.

Legally compliant transfer of data to the USA based on your consent?

It is currently disputed whether informed consent and thus a wilful and knowing restriction of parts of your fundamental right to data protection is legally possible at all.

What measures do we take to ensure that data transfers to the USA are legally compliant?

Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities.

We are also carefully examining European alternatives to the US tools used. However, this is a process that does not happen overnight, as it also has technical and economic consequences for us. We will only continue to use US service providers if the use of European tools and / or the immediate shutdown of US tools is impossible for us for technical and / or economic reasons.

We are taking the following measures for the continued use of US tools:

Where possible, your consent will be requested before using a US tool and you will be informed transparently in advance about how a service works. The risks of transferring data to the USA can be found in this section.

We endeavour to conclude standard contractual clauses with US service providers and demand additional guarantees. In particular, we require the use of technologies that make it impossible to access data, e.g. the use of encryption that cannot be broken by US services or anonymisation or pseudonymisation of data where only the service provider can make the allocation. At the same time, we require additional information from the service provider if data is actually accessed by third parties or that the service provider exhausts all legal remedies until access to data is granted at all.

Storage period in general

If no explicit storage period is specified when data is collected (e.g. as part of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 para. 1 lit. e GDPR as soon as the purpose of its processing no longer exists. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected.

In principle, we store and retain data in personal form until the termination of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the termination of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.

Storage duration in particular

As part of the description of individual technologies on our website, you will find specific information on the storage duration of data. Our cookie table informs you about the storage duration of individual cookies. In addition, you always have the option of asking us directly about the specific storage duration of data. To do so, please use the contact details provided in this privacy policy.

Rights of data subjects

Affected persons have the right:

  • (i) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • (ii) in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • (iii) in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us under certain circumstances, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • (iv) in accordance with Art. 18 GDPR, to demand the (temporary) restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it, we no longer need the data but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • (v) in accordance with Art. 20 GDPR, to receive from us your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted directly to another controller; however, this only covers your personal data that we process with the aid of automated procedures on the basis of your consent or on the basis of a contract;
  • (vi) in accordance with Art. 21 GDPR, if your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;
  • (vii) in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by accessing our cookie settings;
  • (viii) pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

The competent supervisory authority for VA Intertrading Aktiengesellschaft is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of data subject rights

You yourself decide on the use of your personal data. Should you therefore wish to exercise any of your above-mentioned rights against us, you are welcome to contact us by e-mail at datenschutz@vait.com or by post or telephone.

Please help us to clarify your enquiry by answering questions from our responsible employees regarding the specific processing of your personal data. If there are justified doubts about your identity, we may request a copy of your ID.

If you have any questions about data protection, please contact us at datenschutz@vait.com or using the other contact details provided in this privacy policy.

Linz, 29 October 2025