Privacy Policy

1. Controller

Optima Solutions - EST Ventures GmbH

Hauptstraße 22, 9545 Radenthein, Austria

E-Mail: office@optima-solutions.at

As of March 12, 2026

2. Website delivery and server log files

When you visit our website for informational purposes, we process technically required connection and log data. This includes in particular your IP address, date and time, requested URL, referrer, status code, and information about your browser, device, and operating system.

• Purposes: secure delivery of the website, stability, troubleshooting, abuse prevention, and IT security.
• Legal basis: Art. 6(1)(f) GDPR.
• Our legitimate interest is the secure and reliable operation of the website.

3. Contact requests and ongoing communication

If you contact us via contact form, email, or phone, we process the information you provide, in particular your name, company, email address, phone number, message, and the metadata required for communication.

• Purposes: handling your inquiry, taking pre-contractual steps, coordinating offers and projects, and documenting the communication.
• Legal bases: Art. 6(1)(b) GDPR for contractual or pre-contractual inquiries, otherwise Art. 6(1)(f) GDPR.
• Mandatory data: fields marked as required are necessary so that we can handle your inquiry.

4. Invitation-based onboarding (Art. 14 GDPR)

If we invite you to our digital onboarding flow, we may already process business contact data before your first visit, such as your name, business email address, phone number, company, and basic project-related details.

• Source of the data: usually your company, a contact person on the client side, or prior business communications in the context of contract initiation or project preparation.
• Purposes: inviting you to onboarding, preparing the collaboration organizationally, and taking pre-contractual or contractual measures.
• Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for efficient communication with business contacts.

5. Digital onboarding, terms acceptance, and signature

During onboarding we process the confirmed contact details, project description, comments, links to offers or project materials, the status of the terms acceptance, the selected signature method, your drawn or typed signature, the completion timestamp, and the generated PDF document.

Prefilled onboarding data in personalized invitation links is transmitted in the fragment part of the URL (`#...`). That part is not sent to our web server on the initial page request and is read locally in the recipient’s browser.

• Purposes: contract initiation, contract documentation, proof of declarations, project setup, and organizational preparation of service delivery.
• Legal bases: Art. 6(1)(b) GDPR; where statutory retention or proof obligations apply, additionally Art. 6(1)(c) GDPR.

6. Transactional emails and delivery

After contact requests or within the onboarding flow we send transactional emails, such as confirmations, invitation links, or the final onboarding documents. This involves processing the email content, recipient details, and technical delivery data.

Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

We do not currently operate a separate marketing newsletter. Resend is currently used only for transactional messages.

7. CRM, scheduling, collaboration, cloud, and AI tools

To organize inquiries, customer data, appointments, projects, and files, we use additional business systems. This may involve processing master and contact data, communication content, appointment details, project information, files, drafts, and contract documents.

• Attio for CRM, lead management, and customer management.
• Microsoft 365 for email, calendars, Office documents, and internal communication.
• Cal.com, if you book an appointment with us, for scheduling and calendar management.
• Figma for concepts, designs, comments, and project coordination.
• Apple iCloud for file storage, synchronization, and backups as part of our business operations.
• OpenAI and Anthropic as AI service providers where we use them for structuring, analysis, prototyping, automation, or service delivery.

Legal bases: Art. 6(1)(b) GDPR for pre-contractual or contractual services and Art. 6(1)(f) GDPR for efficient business organization, appointment management, project coordination, and the use of modern work tools.

Please do not send special categories of personal data within the meaning of Art. 9 GDPR through general contact or onboarding channels unless this is explicitly required and agreed in advance.

8. Optional voice assistant

Our voice assistant is embedded as a widget on the website. Before a voice session starts, ElevenLabs may display an additional notice or a separate activation step inside the widget.

• Loading the widget or its script may already transmit technical connection data such as your IP address, browser, device, and usage data to ElevenLabs or the script CDN unpkg.com. If you use the voice assistant, any spoken or typed content you voluntarily provide may be added.
• Legal bases: Art. 6(1)(f) GDPR for the technical provision of the widget; Art. 6(1)(a) GDPR to the extent that you actively start a voice session within the widget or voluntarily transmit content.

9. Cookies and similar technologies

We currently do not use analytics or marketing cookies. However, the integrated voice assistant may load external resources from ElevenLabs and unpkg.com.

Fonts and static media are served by us or through our hosting setup. If we add optional tracking or marketing technologies in the future, we will update our consent mechanisms beforehand.

10. Recipients and processors

We use service providers only to the extent necessary for operating the website, handling communications, or running onboarding.

• Vercel Inc. for hosting, delivery, and technical infrastructure. Vercel Privacy Policy
• Resend, Inc. for transactional email delivery. Resend Privacy Policy
• Attio for CRM, lead management, and customer management. Attio Privacy Policy
• Microsoft for Microsoft 365 (email, calendars, documents, and internal communication). Microsoft Privacy Statement
• Cal.com for appointment booking and calendar organization if you book a meeting with us. Cal.com Privacy Policy
• Figma for design, concept, and coordination files. Figma Privacy Policy
• Apple for iCloud-based storage, synchronization, and backups. Apple Privacy Policy
• OpenAI for AI-assisted analysis, structuring, prototyping, and automation where required for inquiries or projects. OpenAI Enterprise Privacy
• Anthropic for AI-assisted analysis, structuring, prototyping, and automation where required for inquiries or projects. Anthropic Privacy Center
• For the embedded voice assistant: ElevenLabs, Inc. and the script CDN unpkg.com. ElevenLabs Privacy Policy

11. Third-country transfers

Some service providers may process data outside the EEA, in particular in the United States. Where no adequacy decision under Art. 45 GDPR applies, we rely on appropriate safeguards under Art. 46 GDPR, in particular standard contractual clauses and supplementary measures.

Further information on the safeguards used in each case is available on request or in the privacy notices of the relevant providers.

12. Retention

We store personal data only for as long as necessary for the respective purposes. Contact requests are generally deleted or anonymized after completion unless statutory retention duties or legitimate reasons require longer storage.

Onboarding and contract documents are stored for the duration of the business relationship and beyond that only to the extent required by statutory retention periods, evidentiary obligations, or limitation periods.

13. Provision of data and no automated decisions

You are not legally required to provide personal data to us. However, without the information necessary for an inquiry, onboarding, or contract conclusion, we may not be able to provide the relevant service in full or at all.

We do not carry out automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

14. Your rights

Subject to the applicable legal requirements, you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interests. You may also withdraw any consent at any time with future effect.

For privacy-related inquiries, contact us at office@optima-solutions.at.

You also have the right to lodge a complaint with the Austrian Data Protection Authority: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at, www.dsb.gv.at.