Privacy Policy
The protection of your personal data is of great importance to us. We therefore process your personal data exclusively on the basis of the applicable legal provisions, in particular (i) the General Data Protection Regulation ("GDPR"), (ii) the Austrian Data Protection Act, and (iii) the Telecommunications Act, each as amended.
1. Scope
With the following Privacy Policy, we wish to inform you about the processing of data (i) in the course of your visit to our website, (ii) on our social media platforms, and (iii) in the course of our business relationship. Personal data means information relating to an identified or identifiable natural person (including, for example, name, contact details, billing data, IP address, etc.).
2. Controller
The controller responsible for the processing of your personal data pursuant to data protection law is:
Iris Muche, MA
Untere Weißgerberstraße 36/16
1030 Vienna
Phone: 0664 24 06 152
E-Mail: office@irismuche.com
3. Purposes of Processing
We process your personal data for the following purposes:
a. Provision of our website including all related services;
b. Further improvement and development of our website;
c. Detection, prevention, and investigation of attacks on our website.
4. Legal Bases for Processing
We process your personal data:
a. on the basis of your consent (Art. 6(1)(a) GDPR), or
b. for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or where you are a prospective customer or another business relationship exists (Art. 6(1)(b) GDPR), or
c. where processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR), or
d. on the basis of our overriding legitimate interests (Art. 6(1)(f) GDPR), which consist in providing our services on the website in an efficient manner or in maintaining contact with you.
5. Processing Activities
There is no obligation to provide us with the personal data we may request pursuant to Art. 6(1)(a) GDPR. However, if you choose not to do so, it will not be possible for you to:
a. enter into a contractual arrangement with us,
b. use all features of the website (in particular, we may in some cases be unable to process your requests).
Furthermore, shared business processes may be delayed or, in some cases, impossible if you do not provide your personal data. Where the provision of your personal data is required by law, we will inform you of this separately.5.1. Use of the Website
We process your personal data to safeguard our legitimate interests pursuant to Art. 6(1)(f) GDPR, namely to ensure the operation, security, and optimisation of our website. In the course of your visit to our website, the following categories of your personal data are collected:
a. the date and time of access to a page on our website;
b. your IP address;
c. the name and version of your web browser;
d. the website (URL) you visited prior to accessing our website;
e. certain cookies (see below); and
f. information you provide yourself, for example by entering data into forms on our website (e.g. during the booking process).
5.2. Contact
If you contact us via the contact form, the personal data you provide (first name and surname, e-mail address, and your message) will be stored and processed for the purpose of handling your enquiry (Art. 6(1)(b) GDPR). Once your enquiry has been processed, your personal data will be deleted, unless the personal data continue to be required for the purpose for which they were collected, for example if you place an order with us. When you use the contact form, your personal data will not be disclosed to third parties.
5.3. Social Media
We use our social media profiles to stay in contact with our customers, prospective customers, and users, and to provide information about our services. Our profiles are identified by an Instagram or LinkedIn logo.
Our social media profiles are merely linked by us (they are therefore so-called hyperlinks) and are not actively embedded in this website. When you activate these hyperlinks, you will be redirected directly from our website to the website of the respective social media platform provider. Data processing takes place when you visit these pages and access our profiles there.
The processing of users' personal data is based on our legitimate interests in improving the presentation of our company and our products (Art. 6(1)(f) GDPR). In addition to your username, profile picture, and possibly your IP address, we also process the following personal data when you interact with us via our social media profiles: your likes and comments on our posts, and the personal data you share with us by means of a private message.
When you visit our social media profiles, in some cases we, and in other cases the respective operators of the social media platforms, are responsible for data processing relating to our social media channels. For certain processing activities, we and the platform operators act as joint controllers within the meaning of Art. 26 GDPR. We have no influence on the data processing of the individual social networks and wish to point out that, in connection with the operation of our social media profiles, we are only joint controllers within the meaning of Art. 26 GDPR to a very limited extent. This concerns in particular insights relating to statistical analyses of visitors to our pages. You may exercise your data subject rights either with us or with the respective social media platform. In the event that data subject rights are exercised, we can only forward such requests to the operator of the relevant social network.
We wish to inform you that we have no knowledge of the extent to which, or the manner in which, the social media platforms use personal data for their own purposes, how long they store such data, whether the data are attributed to individual users, or whether the data are passed on to third parties. We also have no influence over these matters.
Instagram, Facebook / Meta
On our website, we use social media links to the following social networks:
Instagram Inc., hereinafter referred to as "Instagram".
Meta Platforms, Inc., hereinafter referred to as "Facebook".
Instagram is part of Meta Platforms Inc. (formerly Facebook Inc.), 1601 Willow Road, Menlo Park, CA 94025, USA. The controller responsible under data protection law for users in the EU is Meta Platforms Ireland Ltd., Merrion Road, Ballsbridge, Dublin D04 X2K5, Ireland. If you visit our Instagram or Facebook profile, their privacy policies also apply.
If you follow the link to Instagram or Facebook, your personal data may be processed in accordance with the privacy policy of Instagram or Facebook respectively. The applicable privacy policy for Instagram can be accessed directly at https://privacycenter.instagram.com/policy and for Facebook at https://de-de.facebook.com/privacy/policy/. The specific data processed, the purpose of processing, the processing of the data, and the storage period applied by Instagram or Facebook can be found in the data protection information provided by Instagram.
In addition, cookies may be stored on the data subject's device when visiting the Instagram website. The Facebook Cookie Policy applies in this regard: https://privacycenter.instagram.com/policies/cookies/. If the data subject holds an Instagram or Facebook account, the information transmitted may be linked to that account by Instagram or Facebook.
Meta may process data on a group-wide basis, which may also result in data processing in the USA by Meta and its subsidiaries. Since the conclusion of the EU–US Privacy Framework, US companies may voluntarily submit to this programme, as a result of which data transfers to the USA are to be regarded as transfers to a secure third country. If a data importer in the United States appears on this list, the transfer of personal data is permissible solely on the basis of the adequacy decision. Meta holds certification under the EU–US Data Privacy Framework: https://www.dataprivacyframework.gov/participant/4452.
On our website, we use social media links to the social network LinkedIn Corporation. The controller responsible under data protection law for users in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, hereinafter referred to as "LinkedIn". If you visit our LinkedIn profile, their privacy policy also applies.
If you follow the link to LinkedIn, your personal data may be processed in accordance with LinkedIn's privacy policy. The applicable privacy policy can be accessed directly at https://de.linkedin.com/legal/privacy-policy. The specific data processed, the purpose of processing, the processing of the data, and the storage period applied by LinkedIn can be found in LinkedIn's data protection information.
In addition, cookies may be stored on the data subject's device when visiting the LinkedIn website. LinkedIn's cookie policy applies in this regard: https://de.linkedin.com/legal/cookie-policy. If the data subject holds a LinkedIn account, the information transmitted may be linked to that account by LinkedIn.
LinkedIn may process data on a group-wide basis, which may also result in data processing in the USA by LinkedIn. Since the conclusion of the EU–US Privacy Framework, US companies may voluntarily submit to this programme, as a result of which data transfers to the USA are to be regarded as transfers to a secure third country. If a data importer in the United States appears on this list, the transfer of personal data is permissible solely on the basis of the adequacy decision. LinkedIn holds certification under the EU–US Data Privacy Framework: https://www.dataprivacyframework.gov/participant/4452.
6. Disclosure of Your Personal Data
In order to fulfil your order or our obligations, it may be necessary to transfer your personal data to third parties (e.g. service providers we engage and to whom we provide personal data, etc.). Your personal data will only be transferred on the basis of data protection provisions, in particular for the fulfilment of your order or on the basis of your prior consent.
Your personal data may be transferred by us to:
a. processors, e.g. tax advisors – who have undertaken to comply with applicable data protection standards vis-à-vis us, or
b. third parties who must be engaged in order to provide the services you have requested.
Some of the recipients referred to above are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that of your country. However, we only transfer your personal data to countries for which the European Commission has decided that they offer an adequate level of data protection, or we take measures to ensure that all recipients maintain an adequate level of data protection. For this purpose, we conclude, for example, standard contractual clauses.
7. Storage Period
We store your personal data only for as long as is necessary for the purposes for which we collected your personal data, or as required by law:
a. until the termination of our business relationship in the course of which we collected your data, or
b. for as long as is necessary to investigate attacks on our website, or
c. where statutory retention obligations apply (e.g. the Federal Fiscal Code – BAO, 10 years) or any legal claims have not yet become time-barred, and the personal data are required to assert or defend such claims.
8. Cookies
We use only technically necessary cookies on our website. Cookies are small files that are sent to the browser of your end device during your visit to our website and stored there. Some functions of our website may not be available without the use of technically necessary cookies. You may deactivate the "cookies" function in your browser; however, we wish to point out that in this case certain functions of our website may be restricted.
9. Miscellaneous
The content of our website has been carefully prepared and reviewed on multiple occasions. However, we accept no liability for the currency, accuracy, or completeness of the information provided.
We endeavour to remain up to date with the latest technical possibilities and to keep pace with legal developments in the field of data protection. Should parts or individual formulations of this text fail to correspond, either in whole or in part, to the current legal position, the remaining parts of the document shall remain unaffected in their content and validity.
10. Your Rights in Relation to Personal Data
You have the following rights against Iris Muche as controller under the GDPR:
With regard to your data processed by us, you have the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to data portability pursuant to Art. 20 GDPR, and the right to withdraw consent and to object pursuant to Art. 21 GDPR.
Should you wish to exercise any of the aforementioned rights, or if you believe that the processing of your data violates data protection law, please feel free to contact us at iris@diemaxmustermannl.com.
In addition, you are entitled to lodge a complaint regarding data protection violations with the Austrian Data Protection Authority at www.dsb.gv.at pursuant to Art. 77 GDPR.
Where you have given us your consent to process personal data, you may withdraw that consent at any time. Please send an e-mail to the following address: iris@diemaxmustermannl.com or write to us by post at the following address: Untere Weißgerberstraße 36/16, 1030 Vienna. The withdrawal applies only prospectively; the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
June 2026