fredi

Privacy Policy

Last updated: February 2026

1. Controller

SUPPLiot GmbH

Guntherstraße 6

2301 Groß-Enzersdorf

Austria

Tel.: +43 1 774 03 92 400

Email: privacy@suppliot.eu

VAT: ATU74268749

For privacy-related questions, please contact the above address.

2. Data Collected

We process the following categories of personal data:

Account data: Name, email address, company, phone number upon registration.

Usage data: Log files, IP addresses, browser type, pages visited, access times (for security and error diagnosis).

Payment data: Payment processing is handled exclusively by Paddle. We do not store full credit card details.

Transaction data: Transport orders, tours, addresses and documents captured in the system – this data belongs to the customer (data processing agreement).

3. Legal Bases (Art. 6 GDPR)

  • Contract performance (Art. 6(1)(b)): Providing the platform, billing, support
  • Legitimate interest (Art. 6(1)(f)): Security, fraud prevention, platform improvement
  • Consent (Art. 6(1)(a)): Marketing emails, optional analytics cookies
  • Legal obligation (Art. 6(1)(c)): Retention obligations under applicable law

4. Data Processors

We use the following service providers with whom data processing agreements under Art. 28 GDPR have been concluded:

Service ProviderPurposeLocation
Hetzner Online GmbHHosting & infrastructureGermany (EU)
Paddle.com Market LtdPayment processingUK/USA
[Email Provider]Transactional emailsEU

5. Data Transfers to Third Countries

Paddle is based in the United Kingdom and the United States. For transfers to the USA, Paddle has implemented Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

6. Retention Periods

  • Account data: For the duration of the contractual relationship + 3 years (limitation periods)
  • Invoice data: 7 years (statutory retention obligation)
  • Log files: 90 days
  • Data after cancellation: Available for 30 days, then securely deleted

7. Your Rights (Art. 15–22 GDPR)

You have the right to:

  • Access (Art. 15): What data we process about you
  • Rectification (Art. 16): Correction of inaccurate data
  • Erasure (Art. 17): "Right to be forgotten"
  • Restriction (Art. 18): Restrict processing
  • Data portability (Art. 20): Receive data in machine-readable format
  • Objection (Art. 21): Object to processing based on legitimate interests

To exercise your rights, contact privacy@suppliot.eu.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Datenschutzbehörde (DSB), Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at. In other EU member states, the competent supervisory authority is the data protection authority of your country of residence.

9. Cookies

We use only technically necessary cookies (session cookie for authentication). Optional analytics cookies are only set with your explicit consent.