We take the protection of your personal data very seriously. We process personal data exclusively in accordance with applicable law, in particular the GDPR and the Austrian Telecommunications Act 2021 (TKG 2021). This privacy policy explains the nature, scope and purpose of the processing of personal data on this website.
NexGen IT-Security GmbH
Liechtensteinklammstraße 60, 5600 St. Johann im Pongau, Austria
Email: office@nexgen-itsec.com
Website: https://nexgen-itsec.com
This website is provided using cloud infrastructure from Amazon Web Services (AWS).
Where possible, the website is operated within the European Union, in particular using AWS regions in Europe.
The provider of the technical infrastructure is Amazon Web Services EMEA SARL,
38 Avenue John F. Kennedy, L-1855 Luxembourg. Depending on the services used,
other entities of the Amazon Web Services group may be technically involved.
Processed data: When you access the website, technically required access data is processed,
including IP address, date and time of access, requested URL/file, referrer URL,
browser type, operating system and user agent.
Purpose: Provision of the website, ensuring system security,
technical stability, load balancing, error analysis, abuse detection and administration.
Legal basis: Art. 6(1)(f) GDPR
(legitimate interest in secure, stable and performant operation of the website).
Recipients / processors: Amazon Web Services as technical hosting provider.
A data processing agreement pursuant to Art. 28 GDPR is in place with AWS.
Third-country transfers: Transfers of personal data to third countries,
in particular to the United States, cannot be completely excluded as part of technical operations.
Where such transfers occur, they are based on appropriate safeguards under the GDPR,
in particular EU Standard Contractual Clauses or comparable legal mechanisms.
Server log files are processed to ensure IT security and for technical error analysis.
Processed data: IP address, time of access, requested resource,
HTTP status code, referrer, browser information and comparable technical metadata.
Purpose: attack detection, abuse prevention, error analysis,
maintaining system security and stability.
Legal basis: Art. 6(1)(f) GDPR.
Retention period: Log data is stored only as long as necessary
for security and operational purposes, generally for a maximum of 30 days,
unless a security-relevant incident requires longer retention.
When you contact us via the contact form, the data you provide (e.g. name, company, email address, message) is processed for handling your request.
Technical processing of the contact form is carried out via the AWS infrastructure used by us. Submitted data is processed solely for handling your request and forwarded to our business email address.
Where communication continues by email, further processing may take place via our business email systems provided by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany.
Processed data:
Name, company, email address, message content, time of request
and technical metadata required for secure transmission and operation.
Purpose:
Handling and responding to your request, initiating pre-contractual measures
and secure technical communication.
Legal basis:
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Recipients / processors:
Amazon Web Services as hosting provider and IONOS SE as email service provider.
Retention period:
Requests are stored only as long as necessary for processing.
Unless statutory retention obligations apply, deletion takes place in principle
after a maximum of 6 months.
If web analytics tools are used on this website, this is done exclusively
on the basis of your consent pursuant to Art. 6(1)(a) GDPR.
Non-essential analytics or tracking technologies are activated
only after your explicit consent.
If no web analytics is currently active, no related processing takes place.
This website may use technically necessary functions required for secure and proper operation.
Non-essential cookies or similar technologies are used only with your consent.
You can withdraw or adjust your consent at any time with future effect via the consent management tool, where implemented.
You have the right of access, rectification, erasure, restriction of processing, data portability and objection.
If processing is based on consent, you may withdraw that consent at any time with future effect.
Supervisory authority: You have the right to lodge a complaint with a supervisory authority.
In Austria, the competent authority is the Austrian Data Protection Authority (DSB),
Barichgasse 40–42, 1030 Vienna,
https://www.dsb.gv.at
Data is transmitted exclusively via encrypted connections (TLS). Access to processing systems is technically restricted, and measures for attack detection, misuse prevention, logging of security-relevant events and protection of the cloud infrastructure are implemented.
Last updated: 2026
