Privacy Policy
Last updated: September 2025
Information on Data Protection
Thank you for visiting the website dtm.studio. Our work contributes to safety in road, cycling, and public transport networks; however, the security of your data is just as important to us. We make every effort to operate in a data-minimizing manner.
You may have noticed that no cookie banner appears on our homepage. This is because we do not use cookies.
We would now like to present the key aspects of data processing on our website in a transparent and understandable way. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and on our website.
The controller within the meaning of Art. 4(7) GDPR for the processing of your data is:
Trafficon Software GmbH, Strubergasse 26, A-5020 Salzburg | sbg@trafficon.eu | www.trafficon.eu
🔓 Security Measures We Take to Protect Your Data
We implement appropriate technical and organizational measures (in accordance with Art. 32 GDPR) to ensure a level of protection appropriate to the risk.
This is done in compliance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include, in particular:
Truncation of IP addresses, where processing a full IP address is not necessary. This prevents or makes it more difficult to identify an individual.
TLS encryption (https) to protect data transmitted via our online services. You can recognize encrypted connections by the prefix “https://” in your browser’s address bar.
🕊 Data transfer
As part of our processing of personal data, it may occur that the data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. In doing so, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure its protection. This processing is always carried out on the basis of existing legal grounds. Further and concrete information about the respective recipients and processing activities can be found in the following sections of this privacy policy.
🗑 Deletion of Data
Die von uns verarbeiteten Daten werden nach Maßgabe der gesetzlichen Vorgaben gelöscht, sobald deren zur Verarbeitung erlaubten Einwilligungen widerrufen werden oder sonstige Erlaubnisse entfallen (z.B. wenn der Zweck der Verarbeitung dieser Daten entfallen ist oder sie für den Zweck nicht erforderlich sind). Sofern die Daten nicht gelöscht werden, weil sie für andere und gesetzlich zulässige Zwecke erforderlich sind, wird deren Verarbeitung auf diese Zwecke beschränkt. D.h., die Daten werden gesperrt und nicht für andere Zwecke verarbeitet. Das gilt z.B. für Daten, die aus handels- oder steuerrechtlichen Gründen aufbewahrt werden müssen oder deren Speicherung zur Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen oder zum Schutz der Rechte einer anderen natürlichen oder juristischen Person erforderlich ist.
Im Rahmen unserer Datenschutzhinweise können wir den Nutzern weitere Informationen zu der Löschung sowie zu der Aufbewahrung von Daten mitteilen, die speziell für die jeweiligen Verarbeitungsprozesses gelten.
3.2. Etwa auftretende Mängel sind dem Auftragnehmer ausreichend dokumentiert zu melden. Mängel sind Abweichungen von der schriftlich vereinbarten Leistungsbeschreibung. Der Auftragnehmer ist in diesem Fall um rasche mögliche Mängelbehebung bemüht. Werden vom Auftraggeber Trafficon Software GmbH Strubergasse 26 5020 Salzburg 2023 3 wesentliche Mängel schriftlich gemeldet, so ist nach der Mängelbehebung eine neuerliche Abnahme nach 3.1. erforderlich. Ein wesentlicher Mangel liegt vor, wenn der Echtbetrieb nicht begonnen oder fortgesetzt werden kann. Der Auftraggeber ist nicht berechtigt, die Abnahme von Software wegen unwesentlicher Mängel abzulehnen.
🍪 Cookie Usage
Our website does not use cookies.
🖥 Provision of the Online Service and Web Hosting
Our website is operated using the service “Framer.” The provider is Framer B.V., Netherlands. Framer provides the technical infrastructure for the creation, hosting, and operation of our website.
As part of providing our online offering, personal data of website visitors is processed, in particular IP addresses and technical access data (e.g., information about the browser used, operating system, pages accessed, date and time of access, and referrer URLs).
The processing of this data is carried out for the purpose of providing, securing, and ensuring the stability of the website, based on our legitimate interest pursuant to Art. 6(1)(f) GDPR.
The processing of access data is carried out by the hosting service provider. We do not have direct access to this data. The storage period is determined by the specifications of the respective service provider.
A data processing agreement pursuant to Art. 28 GDPR has been concluded with Framer, which forms part of the provider’s terms of use.
In the course of providing services, personal data may be transferred to third countries, in particular to the United States. Such transfers are carried out exclusively in compliance with legal requirements. Where no adequacy decision exists or a provider is not certified under the EU-U.S. Data Privacy Framework, the transfer is based on appropriate safeguards, in particular through the conclusion of standard contractual clauses pursuant to Art. 46 GDPR.
📊 Web Analytics, Monitoring and Optimization
We use the integrated analytics feature “Framer Analytics” provided by our hosting provider Framer.
Framer Analytics enables us to analyze the use of our website (e.g., page views, number of visitors, origin of visitors) in order to improve our offering.
Framer Analytics does not use cookies and does not store any personal data. In particular, no data is collected that would allow the identification of individual users. IP addresses and information about the browser used are processed only in anonymized form (hashed), and the underlying data is regularly deleted.
Processing is carried out exclusively in aggregated form and does not allow any conclusions to be drawn about individual persons.
The use of Framer Analytics is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to analyze and optimize our website.
As no personal data is processed and no cookies are set, user consent is not required.
💬 Contact and Inquiry Management
When you contact us (via contact form or email), the information provided by the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.
Types of data processed: Contact data (e.g., email, name, organization, role); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).
Purposes of processing: Contact requests and communication; management and response to inquiries; provision of our online offering and user-friendliness.
Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).
For processing the data provided to us via the contact form (email, name, organization, role, inquiry details), we use third-party service providers listed in the “Task Management” section of this privacy policy.
In addition, we transfer data within our group of companies where this is necessary for administrative purposes. This is based on our legitimate business and economic interests, the necessity to fulfill contractual obligations, the existence of the data subject’s consent, or a legal permission.
✅ Task Management
For the purposes of organization, administration, planning, and the provision of our (pre-)contractual services (Art. 6(1) sentence 1 lit. b GDPR), we use third-party providers based on our legitimate interest (Art. 6(1) lit. f GDPR).
When selecting these third-party providers, we comply with legal requirements. In this context, personal data may be processed and stored on the servers of the third-party providers. This may include various types of data that we process in accordance with this privacy policy (in particular master data and contact data of users, as well as data relating to processes, contracts, other procedures, and their content).
If users are referred to third-party providers or their software or platforms in the context of communication, business relationships, or other interactions with us, these third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes.
We therefore ask you to review the privacy notices of our third-party providers:
Asana (Asana, Inc., 1550 Bryant Street, Suite 200, San Francisco, CA 94103, USA; https://asana.com)
Privacy Policy | Data Processing Agreement | Standard Contractual Clauses (ensuring an adequate level of data protection for processing in third countries)
Google Forms (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy Policy | Data Processing Agreement | Standard Contractual Clauses
In the context of using Google Forms, personal data may be transferred to servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection in accordance with Art. 45 GDPR. In addition, Standard Contractual Clauses of the European Commission pursuant to Art. 46 GDPR are used.
🌎 Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, entities, or companies, this is carried out only in accordance with legal requirements.
Subject to explicit consent or a transfer that is contractually or legally required, we process or have data processed only in third countries with a recognized level of data protection, for example as determined by the European Commission through an adequacy decision (pursuant to Art. 45 GDPR), on the basis of contractual obligations through so-called Standard Contractual Clauses of the European Commission (pursuant to Art. 46 GDPR), or where certifications or binding internal data protection rules are in place (pursuant to Arts. 44–49 GDPR; see also the European Commission’s information page).
✉️ Newsletter
With the following information, we inform you about the content of our newsletter, the subscription, distribution, and statistical evaluation procedures, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the Newsletter
We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “newsletter”) only with the consent of the recipients or on the basis of a legal permission. If the content of the newsletter is specifically described during the subscription process, it is decisive for the user’s consent. Otherwise, our newsletters contain information about news related to our company, our projects, event recommendations, and job offers.
To subscribe to our newsletter, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personalized addressing in the newsletter or additional information if it is necessary for the purposes of the newsletter.
Double Opt-In Procedure & Logging
Subscription to our newsletter is generally carried out using a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register using another person’s email address. Newsletter subscriptions are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored by our mailing service provider (“Brevo”) are also logged.
Use of the Mailing Service Provider “Brevo”
Newsletters are sent using “Brevo,” a newsletter distribution platform provided by Brevo GmbH (Köpenicker Straße 126, 10179 Berlin, Germany).
Privacy Policy | Data Processing Agreement
The email addresses of our newsletter recipients (as well as any additional data provided during registration) are stored on Brevo’s servers in Germany and used for sending and analyzing newsletters. This is done on our behalf (further information: Data Processing Agreement).
Subscription Data
To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask for your first and last name. This information is used solely for personalizing the newsletter.
Statistical Collection and Analysis
The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from Brevo’s server when the newsletter is opened. As part of this retrieval, technical information such as browser and system information, as well as your IP address and the time of access, are initially collected. This information is used for the technical improvement of the services based on technical data or for analyzing target groups and their reading behavior based on access locations (which can be determined using the IP address) or access times.
Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, neither we nor Brevo aim to monitor individual users. Rather, the evaluations help us understand the reading habits of our users and adapt our content accordingly or send different content based on user interests.
Cancellation / Withdrawal
You can unsubscribe from our newsletter at any time, i.e., withdraw your consent. This simultaneously terminates your consent to the newsletter being sent via the mailing service provider and to the statistical analyses. A separate withdrawal of consent for the mailing service provider or the statistical analysis is unfortunately not possible. A link to unsubscribe from the newsletter can be found at the end of each newsletter. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.
Deletion & Restriction of Processing
We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed. In cases where there is an obligation to permanently observe objections, we reserve the right to store the email address solely for this purpose in a suppression list (so-called “blocklist”).
📝 Changes and Updates to This Privacy Policy
We ask you to regularly review the contents of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you whenever the changes require any action on your part (e.g., consent) or any other individual notification.
Where we provide addresses and contact details of companies and organizations in this privacy policy, please note that these may change over time, and we ask you to verify the information before making contact.
🧑⚖️ Your Rights as a Data Subject
As a data subject, you have various rights under the GDPR, in particular arising from Articles 15 to 21 GDPR:
Right to Object: You have the right to object at any time to the processing of your data carried out on the basis of our legitimate interests. If your data is processed for direct marketing purposes, you may also object to this processing.
Right to Withdraw Consent: If the processing is based on your consent, you have the right to withdraw this consent at any time.
Right of Access: You have the right to request information about whether and which of your data we process. Furthermore, you have the right to additional information and a copy of the data in accordance with legal requirements.
Right to Rectification: In accordance with legal requirements, you have the right to request the completion of your data or the correction of inaccurate data concerning you.
Right to Erasure: You have the right to request the deletion of your data where this is provided for by law. In accordance with legal requirements, you also have the right to request that data concerning you be deleted without undue delay or, alternatively, to request a restriction of the processing of the data.
Right to Data Portability: If the processing is based on your consent or a contract, you have the right to receive your data in a structured, commonly used, and machine-readable format or to request its transfer to another controller.
Right to Lodge a Complaint with a Supervisory Authority: If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you may lodge a complaint with a supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna (dsb@dsb.gv.at).
Right to Restriction of Processing: You have the right, under certain conditions, to request the restriction of the processing of your data.