Privacy Policy

Last updated: 15th January 2026

1. Introduction

crystalhorizonora AG ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or use our services.

2. Data Controller Information

The data controller responsible for your personal data is:

3. Data Collection

We collect personal data that you provide to us directly and automatically through your use of our website. The types of data we collect include:

3.1 Information You Provide

• Contact information (name, email address, phone number)
• Company or gym information
• Messages and enquiries sent through our contact forms
• Service preferences and consultation requirements
• Any other information you choose to provide

3.2 Information Collected Automatically

• IP address and location data
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Referral sources
• Cookies and similar tracking technologies

4. How We Use Your Information

We use the data we collect for the following purposes and under the following legal bases:

4.1 Service Provision (Contract Performance)

• Responding to your enquiries and providing consultation services
• Delivering our strength equipment guidance and recommendations
• Processing and fulfilling service requests
• Providing customer support and follow-up services

4.2 Legitimate Business Interests

• Improving our website and services
• Analysing website usage and user behaviour
• Preventing fraud and ensuring website security
• Conducting business analytics and market research

4.3 Consent

• Sending marketing communications (where you have opted in)
• Using non-essential cookies for analytics and advertising
• Personalising your website experience

5. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our website and providing our services
• Legal Requirements: When required by law, court order, or governmental authority
• Business Protection: To protect our rights, property, or safety, or that of our users
• Business Transfers: In connection with any merger, acquisition, or sale of assets

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Contact enquiries and consultation records: 7 years for business and tax purposes
• Website analytics data: 26 months (Google Analytics default)
• Marketing consent records: Until consent is withdrawn plus 3 years
• Cookie data: As specified in our Cookie Policy

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing based on consent

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

As we operate primarily within the European Union, your data is generally processed within the EU/EEA. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

14. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) or your local supervisory authority.