DEEN
Over 1,000 satisfied customers
postservice.at
This is a convenience translation. The German version of this page is legally binding.

Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally.

Data Collection on Our Website

Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator:

1010 Works GmbH
Seitenstettengasse 5/37, 1010 Wien
Email: hello@postservice.at

2. General Notes and Mandatory Information

Data Protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Note on the Responsible Controller

The controller responsible for data processing on this website is:

1010 Works GmbH
Seitenstettengasse 5/37, 1010 Wien
Email: hello@postservice.at
Phone: 0699 16181144

3. Legal Bases of Processing

We process your personal data on the basis of the following legal bases pursuant to Art. 6 GDPR:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing to provide our virtual office services, mail acceptance, scan services and billing.
  • Legitimate interests (Art. 6(1)(f) GDPR): Website analysis, fraud prevention, IT security.
  • Consent (Art. 6(1)(a) GDPR): Newsletter, marketing cookies, chatbot usage. You can withdraw your consent at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): Retention of invoice data pursuant to the Austrian Federal Tax Code (BAO) and Commercial Code (UGB).

4. Data Collection on Our Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the technical provision of the website). The data is automatically deleted after 30 days.

Cookies

Our website uses technically necessary cookies as well as analytics cookies. Technically necessary cookies are required for the operation of the website and are set on the basis of Art. 6(1)(f) GDPR. Analytics cookies are only set with your consent (Art. 6(1)(a) GDPR). You can change your cookie settings at any time via the cookie banner or set your browser so that no cookies are stored.

Contact Form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest). Your data will be deleted once the enquiry has been handled, unless statutory retention obligations apply.

5. Processors and Third-Party Providers

We use the following service providers as processors within the meaning of Art. 28 GDPR. Detailed information on registered office, place of processing, data categories and third-country safeguards can be found in Annex 2 of our data processing agreement.

  • Vercel Inc.(USA, processing primarily in the Frankfurt region) – hosting of the website and storage of uploaded documents in Vercel Blob Storage (EU). Transfer on the basis of EU Standard Contractual Clauses.
  • Neon Inc.(USA, processing in the Frankfurt region eu-central-1) – managed PostgreSQL database for the platform. Data remains in the EU; transfer on the basis of EU Standard Contractual Clauses.
  • Microsoft Ireland Operations Limited(Ireland, EU Data Boundary) – business email communication via Microsoft 365 / Exchange Online.
  • Resend, Inc.(USA) – sending of transactional emails. Transfer on the basis of EU Standard Contractual Clauses.
  • Chargebee Inc.(headquartered in the USA, EU branch in Amsterdam, operationally also India) – payment processing and subscription management. Transfer on the basis of EU Standard Contractual Clauses.
  • Cal.com, Inc.(USA) – online booking of onboarding and consultation appointments. Transfer on the basis of EU Standard Contractual Clauses.
  • EVVA Sicherheitstechnologie GmbH(Vienna, Austria) – AirKey/Xesar access system for the business premises and coworking users. No third-country transfer.
  • Google Ireland Limited(Ireland, parent Google LLC, USA) – Google Tag Manager and Google Analytics 4 for pseudonymous reach measurement; active only after consent (Consent Mode v2). Google Ads for conversion tracking. Transfer on the basis of EU Standard Contractual Clauses and an adequacy decision.

If you use our services for business purposes and have us process the personal data of third parties (e.g. your own customers) in doing so, we conclude a data processing agreement pursuant to Art. 28 GDPR with you.

6. Retention Periods

We store your personal data only for as long as is necessary for the respective purposes or for as long as statutory retention obligations apply:

  • Contract data: For the duration of the contractual relationship and thereafter in accordance with statutory retention periods (7 years pursuant to the BAO).
  • Invoice data: 7 years (Section 132 BAO).
  • Contact enquiries: Until the enquiry has been handled, no longer than 6 months.
  • Server logs: 30 days.
  • Analytics data: 26 months (anonymized).

7. Your Rights

You have the right at any time:

  • to obtain access to your personal data stored by us (Art. 15 GDPR)
  • to request rectification of inaccurate personal data (Art. 16 GDPR)
  • to request erasure of your personal data stored by us (Art. 17 GDPR)
  • to request restriction of the processing of your personal data (Art. 18 GDPR)
  • to object to the processing (Art. 21 GDPR)
  • to receive your data in a structured, commonly used format (data portability, Art. 20 GDPR)

Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the competent data protection authority if you believe that the processing of your personal data infringes the GDPR:

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna
Email: dsb@dsb.gv.at
Website: dsb.gv.at

8. Analytics Tools

We use Vercel Analytics on our website to analyze user behavior. This data is collected anonymously and serves to improve our offering. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in optimizing our offering).

9. Secure Connection

For security reasons, this site uses an encrypted HTTPS connection. You can recognize an encrypted connection by the fact that the address bar of the browser begins with "https://".

Last updated: April 2026