Privacy Policy
Hosting
This website is hosted by https://pages.cloudflare.com/. Cloudflare Pages operates in compliance with the General Data Protection Regulation (GDPR).
Cloudflare processes interactions with our Internet Properties and the Services. This information is processed when End Users access or use our domains and website. The information processed may include but is not limited to IP addresses, traffic routing data, system configuration information, and other information about traffic to and from our website.
For more information see https://www.cloudflare.com/gdpr/introduction/ and https://www.cloudflare.com/privacypolicy/.
Cookies
While we do not use cookies on our website, Cloudflare may place bot detection cookies (such as “_cf_bm”) and a load balancing cookie (_cflb) on the computers of visitors. This is done in order to identify malicious visitors, to assist with web-traffic filtration, and to reduce the chance of blocking legitimate users. You can learn more about these cookies here. It is not possible to disable these cookies.
Emails sent to us
If you contact us by e-mail, your message and the associated data will be stored. The information is used to process your request and for follow-up e-mails. This information will not be shared without your explicit consent.
Newsletter
Your privacy rights
You have the right to disclosure, correction, deletion, limitation, transfer, revocation and opposition. If you believe that our use of your information is in violation of the GGeneral Data Protection Regulation (GDPR) or that your information is otherwise being misused, please contact us.
You can do this directly through our own contact information ([email protected]) or contact the appropriate data protection authority.
Web-Application
This privacy policy applies to the web application “winkk AI” (chat.winkk.ai).
1. What data is processed in the web application?
The processing of personal data in the context of the use of the web application is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and in accordance with the Austrian legal provisions (DSG, TKG 2021).
The actual application is stored in Europe at Microsoft Azure ( https://privacy.microsoft.com/de-de/privacystatement). The following services are used:
- Azure App Service
- Azure SQL Database
- Azure Search
- Azure Storage Account
- Azure Service Bus
- Azure Container Instances
- Azure OpenAI
Personal data such as: first name, last name, email, and company information are securely stored and persisted in the database.
Data security for Azure OpenAI
Your prompts (inputs) and the resulting responses (outputs), your documents, web pages and text snippets:
- are NOT available to other customers.
- are NOT available for OpenAI.
- are NOT used to improve OpenAI models.
- are NOT used to improve Microsoft or third-party products or services.
- are NOT used to automatically improve Azure OpenAI models for your use in your resource (the models are stateless unless you explicitly fine-tune the models with your training data).
- Your fine-tuned Azure OpenAI models are exclusively available for your use.
https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy
1.1 Access data
General
When you visit our Web-Application, we store the access data in so-called log files. The following data is collected from you:
Log data is stored for a short time and deleted after 90 days by Sentry (see point 2. Analysis).
- IP address
- Device identification
- Date and time of access
- Browser types and versions
- the operating system used by the accessing system
- the website from which an accessing system accesses our web application (in the case of a link)
- Sub-websites which are accessed via an accessing system on our web application
- Internet service provider of the accessing system
System data of the app is stored until cancellation. A request for deletion can be made directly in the settings of the web application or via [email protected]. This will be processed within 30 days. This system data relates to
- Account (when created, unique user ID)
- Documents, web pages and text modules provided
- Chat history
Purpose of data processing
The information is required to correctly process the content in our web application, to design it in a technically correct manner, to optimise the content of our website and to ensure its functionality.
Furthermore, the information is made available to law enforcement authorities in the event of a cyber attack. No further disclosure to third parties or transfer to third EU countries takes place.
This data and information is analysed by winkk GmbH both statistically and with the aim of increasing the data protection and data security of the web application in order to ultimately ensure an optimal level of protection for the personal data processed by us. In addition, this data is analysed in order to further improve the application and make it more user-friendly, to find and rectify errors more quickly and to manage server capacities.
The server log file data is stored separately from all personal data provided by a data subject.
Storage period and deletion
A request for deletion can be made directly in the settings of the web application or via [email protected].
2. Analysis
Sentry
Sentry is used to analyse errors and check the performance of the backend and web application https://sentry.io/privacy/. Here, the on-premise version is executed and stored on the servers in Point Data Processing. A user’s email is saved for tracking errors. This data is used exclusively for error analysis and performance checks. This data is deleted after a maximum of 90 days.
Posthog
In order to provide a flawless experience for our users, we use Posthog (in Europe) to analyze new features. https://posthog.com/handbook/company/security. Posthog does not collect any data from end users of the application.
3. Data security
As the controller, winkk GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this app.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, winkk GmbH implements appropriate technical and organisational measures in accordance with Art 32 GDPR.
The following measures, among others, are taken to protect your data and to secure it against loss, destruction, access, modification and dissemination by unauthorised persons
- Pseudonymisation and encryption of personal data;
- Ensuring the confidentiality, integrity, availability and resilience of systems and services in connection with processing;
- Ensuring rapid restoration of the availability of personal data in the event of a physical or technical incident;
- implementing procedures to regularly review, assess and evaluate the effectiveness of the technical and organisational measures to ensure the security of the processing.
Please also ensure that you always treat your access data for the winkk AI web application confidentially and protect your end device against unauthorised access.
Google reCAPTCHA
Google reCAPTCHA is a security technology developed by Google to protect websites from spam and abuse. It serves as a method to distinguish between human users and automated bots attempting to access or submit information on a website.
A cookie “_GRECAPTCHA” is set, which is used for the risk assessment of users who want to log in/register in order to prevent misuse/protect against unauthorised access.
Pages
Ressources
Company
Change language