Fresh Thoughts
Fresh Thoughts

Data Protection Information

  1. General Information

Welcome to our website and thank you for your interest in our company. The protection of your personal data is very important to us. We fully comply to the legal requirements of the EU General Data Protection Regulation and the other applicable legal provisions on the protection, lawful handling and confidentiality of personal data. In this document we would like to inform you in a clear and understandable manner about the processing of your data in connection with the visit and the use of our website, for which we are controller. If you have any questions about the processing of your data, please don’t hesitate to contact us using the contact details below.

  1. Controller/Contact details

Fresh Thoughts Consulting GmbH

Hütteldorfer Straße 215/29

A-1140 Wien


Tel.: + 43 (0)676 9715509

  1. Purposes of processing and legal basis

Visiting our website:

When you visit our website, we collect and process access data in log files (access logs) in order to be able to guarantee the long-term functionality and stability of the website and for continuous improvements of the website. In this context, we process the following data:

  • IP address
  • Date and time of access
  • Websites from which you came to our site (refferrer URL)
  • Operating system and browser type used (including browser language and version)
  • Name of the Internet service provider
  • Type and version of the browser used
  • Amount of data transferred, loading time

The legal basis for the described data processing is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is ensuring the functionality, security and accessibility of the website for all site visitors, improving the website in terms of stability and security, if necessary the defence of legal claims.

It is not possible to identify you directly from the data collected.  The data will be automatically deleted after the aforementioned purposes have been achieved.

Against data processing based on legitimate interest you have the right to object Art. 21 GDPR (further information under rights of data subjects). If this case we will no longer process your personal data for the purpose to which you have objected, unless there are compelling legitimate grounds for further processing. We assume that this is the case in this purpose of processing.

Contact form:

On our website we offer you a contact form for an easy electronic contact with us. If you use this contact form, you agree to the processing of your personal data (first and last name, gender, title, email address, content of the message) in the purposes of communication (data collection, data transfer, processing of your request, response). Our legal basis for data processing is your consent to the processing of your personal data, Art. 6 (1) (a) GDPR. The use of the contact form/giving your consent is completely voluntary – you are free to contact us via the other possible forms of contact. You can revoke your consent at any time (see also information under rights of data subjects), the revoke does not affect the legality of the data processing carried out up to the time of revocation.

  1. Data transfer and data recipients

As a rule, we only pass on your personal data to the extent that this is absolutely necessary to fulfill the purposes set out (e.g. operation and maintenance of the website via external service providers, data transfer to Twitter or LinkedIN). However, we may also be legally or officially obliged to pass on data to third parties (e.g. data transfer to law enforcement authorities).

Our website is hosted and maintained by the company CASC – full service agentur, Heigerleinstraße 2/4-9, A-1160 Vienna, Austria. Here, too, we limit the transfer of data to the necessary minimum and provide for strict access restrictions in the contractual relationship.

Data transfer to third countries and international organisations: In connection with communication content (contact form) we might have to transfer personal data to third countries (countries outside the European Union) and/or international organisations – e.g. organisation of participation in events. We only transfer data with your permission or in fulfilment of our contractual duties and pay attention to all aspects of compliance to data protection.

  1. Storage period

Your data will only be stored for as long as it is technically and organizationally necessary to achieve the stated purposes and to fulfill our legal obligations. If necessary, we also store your personal data for certain periods of time based on a legitimate interest. When determining the duration of storage, we make sure not to violate your rights. If data storage is no longer required, we will delete your data immediately. Your personal data collected through the setting of cookies (Twitter) will be stored for a period of 18 to 24 months.

  1. Rights of data subjects

Regarding your personal data processed by fresh thoughts, you are entitled to a number of rights. You can assert all these rights free of charge and informally (by e-mail, telephone or mail) – if necessary after proof of your identity – at the contact details provided. Your rights in detail:

Right of information: You are entitled to ask for information of your personal data processed by us at any time in a formless way. You will receive written information about the purposes of processing, which data we process, the recipients and categories of recipients and the duration of data storage. We will answer to your request without undue delay and in any event within one month of receipt of the request (this period may be extended by two months when necessary).

Right to erasure: You have the right to request the erasure of your personal data. We will comply to your request if your personal data are no longer necessary for the purposes for which they were provided, if you withdraw your consent and there is no other legal ground for processing, if you object to processing pursuant to Art 21 (1) GPDR and there are no overriding legitimate grounds for continuing processing of your data is necessary to fulfil a legal obligation.

Right to rectification: In case we are processing inaccurate or incomplete data about you, you have the right to rectification – following your request we will correct your data.

Right to restriction of processing: If the deletion of your data is not possible or you don’t ask for complete erasure, but you do not consent to any use beyond the storage of the data, we are obliged to restrict the further processing of your personal data upon your request.

Right to data portability: We will provide you with the data we have stored about you, which we have received on the basis of a contract or on the basis of your consent, upon your informal request free of charge in a common file format. You can use this data for your own purposes and pass it on to future contractual partners. If you wish and if it is technically feasible, we will also transfer your data directly to an addressee named by you. In this case, we will inform you after the transfer has taken place. We will respond to your request immediately, but no later than within one month.

Right to object: If we process your data on the basis of our legitimate interest, you have the right to object to further processing of your personal data. In case you object we will no longer process your personal data for the purpose to which you have objected – unless there are legitimate reasons on our side for further processing that outweigh your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Right to revoke a given consent: You can revoke your consent to data processing at any time with future effect, in which case we will stop processing the data. The legality of data processing carried out up to this point in time is not affected by a revocation of consent.

All the above-mentioned rights can usually be exercised free of charge, an informal application/notice to us is sufficient. We will comply to your request as early as possible – as a general rule at the latest within one month.

  1. Right to complain

The EU General Data Protection Regulation guarantees you the above-mentioned rights. If you think that these rights have been violated by us, you have the opportunity to complain to a data protection supervisory authority. The authority responsible for us is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Claims against us to which you are entitled on the basis of other legal bases remain unaffected. Please give us the opportunity to dispel concerns or to help clarify questions before you involve the authorities.

  1. Additional Information

Data Security: We take all necessary and reasonable technical and organisational security measures to protect the data collected from loss and misuse. Your data will be stored in a safe, state-of-the-art operational environment. Access to our website is also secured via HTTPS, this means that communication between your end device and the servers is encrypted.

Links to external websites: In order to improve our range of services, you will find on our website links to other websites for which we are not responsible. Concerning the collection and processing of personal data on these websites please refer to the respective data controller.

Links to Social Media channels Twitter and LinkedIN: In order to refer to our company presentations on the Social Media channels Twitter and LinkedIN, we have implemented links to these services/channels on our website with graphic symbols. These symbols are mere links, when you click on the symbols, no personal data is being transmitted to Twitter Inc. or LinkedIN corporation. Information on data processing by the companies Twitter and LinkedIN can be found under  and

We expressly reserve the right to make future changes or adjustments to this data protection declaration.


Skip to content