Data Protection

The protection of your personal data is especially important to us. We therefore process your data exclusively on the basis of legal requirements. In this privacy information, we inform you about the most important aspects of data processing on our website.

1. Controller

risk on mind – Stephan Dorner

Postgasse 16/21, 1010 Vienna, Austria

Phone: +43 1 343 03 09

E-mail: dataprotection@riskonmind.eu

2. Contacting us

If you contact us via form or e-mail, we process the data you provide (e.g. name, e-mail, content of the message) to handle your request and for follow-up questions. Retention period: 6 months after completion of the request, unless longer statutory retention obligations apply or further processing is required for the establishment, exercise or defense of legal claims.

3. Server Logs (Logfiles)

When you access our website, our web server automatically processes the following data: IP address, date/time, pages accessed, referrer URL, user agent (browser/OS), transferred data volume, status codes. Purpose: ensuring stability, security, and error analysis. Retention period: max. 30 days, unless a security incident requires longer retention.

4. Cookies & Consent (CMP)

We use cookies and similar technologies. Technically necessary cookies are required to provide the website. Non-essential cookies (e.g. analytics) are only set after your consent (opt-in via our consent banner/CMP). You can withdraw your consent at any time with effect for the future and change settings in the cookie preference center.

5. Web analytics with Google Analytics (GA4)

We use Google Analytics (GA4) for reach measurement and to improve the website – only after your consent via the consent banner. Without consent, no GA cookies are set; tags respect the consent settings you have chosen (Consent Mode / default “denied”). 

  1. Responsible entities/recipients:

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the provider in the EU; if applicable, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as an affiliated company within the group context (support/processing).

  1. Which data?

Usage data (page views, interactions, events), browser/device information, approximate location data (city/region based on shortened IP information), referrer, timestamps; GA4 does not store or log full IP addresses of EU users; the derivation of approximate geodata takes place on EU servers and IP data is discarded before logging. 

Data transfers to third countries (USA)
Transfers to Google LLC (USA) may occur. Legal basis for transfers:

• EU-US Data Privacy Framework (DPF), provided Google LLC is certified for the relevant data categories (EU Commission adequacy decision of 10/07/2023), or

• EU Standard Contractual Clauses (SCCs) of the EU Commission, including additional protective measures. 

Processor agreement & data protection measures
We have concluded the required data processing terms with Google. GA4 offers, among other things, regional controls (deactivation of granular location/device data for regions) and EU-focused data processing. 

Retention period in GA4
The retention of user and event-related data in the property is configured for max. 14 months (shorter period possible). Cookie expiry periods are to be considered separately 

  1. Withdrawal / opt-out

You can withdraw your consent at any time via our cookie preference center (footer “Cookie Settings”).

In addition, Google provides an opt-out browser add-on that prevents transmission to GA: tools.google.com/dlpage/gaoptout. Details at Google Support: “Google Analytics opt out browser add-on”.

9. Technically necessary cookies

We use technically required cookies (e.g. to store your consent preferences in the CMP). These are necessary for the operation of the website; 

10. Obligation to provide data

There is no legal obligation to provide personal data. However, certain data is essential for technical operation (e.g. server logs, necessary cookies). Without consent to analytics cookies, no analysis takes place; use of the website remains possible. 

11. No automated decision-making/profiling

No automated decision-making within the meaning of Art. 22 GDPR takes place.

12. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You can withdraw any consent you have given at any time (Art. 7(3) GDPR) – this does not affect the lawfulness of processing carried out before the withdrawal.

Right to complain:

You can lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna, Tel. +43 1 52 1520, E-mail: dsb@dsb.gv.at, Website: dsb.gv.at

1. Controller

risk on mind – Stephan Dorner

Postgasse 16/21, 1010 Vienna, Austria

Phone: +43 1 343 03 09

E-mail: dataprotection@riskonmind.eu

2. Contacting us

If you contact us via form or e-mail, we process the data you provide (e.g. name, e-mail, content of the message) to handle your request and for follow-up questions. Retention period: 6 months after completion of the request, unless longer statutory retention obligations apply or further processing is required for the establishment, exercise or defense of legal claims.

3. Server Logs (Logfiles)

When you access our website, our web server automatically processes the following data: IP address, date/time, pages accessed, referrer URL, user agent (browser/OS), transferred data volume, status codes. Purpose: ensuring stability, security, and error analysis. Retention period: max. 30 days, unless a security incident requires longer retention.

4. Cookies & Consent (CMP)

We use cookies and similar technologies. Technically necessary cookies are required to provide the website. Non-essential cookies (e.g. analytics) are only set after your consent (opt-in via our consent banner/CMP). You can withdraw your consent at any time with effect for the future and change settings in the cookie preference center.

5. Web analytics with Google Analytics (GA4)

We use Google Analytics (GA4) for reach measurement and to improve the website – only after your consent via the consent banner. Without consent, no GA cookies are set; tags respect the consent settings you have chosen (Consent Mode / default “denied”). 

  1. Responsible entities/recipients:

Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the provider in the EU; if applicable, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as an affiliated company within the group context (support/processing).

  1. Which data?

Usage data (page views, interactions, events), browser/device information, approximate location data (city/region based on shortened IP information), referrer, timestamps; GA4 does not store or log full IP addresses of EU users; the derivation of approximate geodata takes place on EU servers and IP data is discarded before logging. 

Data transfers to third countries (USA)
Transfers to Google LLC (USA) may occur. Legal basis for transfers:

• EU-US Data Privacy Framework (DPF), provided Google LLC is certified for the relevant data categories (EU Commission adequacy decision of 10/07/2023), or

• EU Standard Contractual Clauses (SCCs) of the EU Commission, including additional protective measures. 

Processor agreement & data protection measures
We have concluded the required data processing terms with Google. GA4 offers, among other things, regional controls (deactivation of granular location/device data for regions) and EU-focused data processing. 

Retention period in GA4
The retention of user and event-related data in the property is configured for max. 14 months (shorter period possible). Cookie expiry periods are to be considered separately 

  1. Withdrawal / opt-out

You can withdraw your consent at any time via our cookie preference center (footer “Cookie Settings”).

In addition, Google provides an opt-out browser add-on that prevents transmission to GA: tools.google.com/dlpage/gaoptout. Details at Google Support: “Google Analytics opt out browser add-on”.

9. Technically necessary cookies

We use technically required cookies (e.g. to store your consent preferences in the CMP). These are necessary for the operation of the website; 

10. Obligation to provide data

There is no legal obligation to provide personal data. However, certain data is essential for technical operation (e.g. server logs, necessary cookies). Without consent to analytics cookies, no analysis takes place; use of the website remains possible. 

11. No automated decision-making/profiling

No automated decision-making within the meaning of Art. 22 GDPR takes place.

12. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You can withdraw any consent you have given at any time (Art. 7(3) GDPR) – this does not affect the lawfulness of processing carried out before the withdrawal.

Right to complain:

You can lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna, Tel. +43 1 52 1520, E-mail: dsb@dsb.gv.at, Website: dsb.gv.at

Book initial consultation

Schedule an initial appointment without any risk.

  • 3D Render of a Graduation Cap
  • 3D render of a jigsaw puzzle piece
  • 3D Render of the Rismo Logo
  • 3D render of a pie chart

Academy

Enhance knowledge. Reduce risk.