Legal

Privacy Policy

Last updated: 18 May 2026 · Compliant with EU GDPR & Austrian DSG

On this page

Who is the controller?
What data we collect
Why we use your data (legal bases)
Who we share data with
Cookies & tracking
How long we keep data
International transfers
Your rights under GDPR
Security
Children
Changes to this policy
Contact & complaints

1. Who is the controller?

The controller responsible for the processing of your personal data within the meaning of Art. 4 (7) GDPR is:

2gether2shine GmbH
Vienna, Austria
Phone & WhatsApp: +43 664 99618016
E-mail: 2gether2shine@gmx.at

2. What data we collect

We collect only what is necessary to deliver and improve our service.

2.1 You give us directly

Contact details — first name, last name, e-mail, phone number.
Service address — street, building/floor/door, postal code, city, country, optional access notes.
Booking details — chosen package, date, time, frequency, duration, special requests, equipment options.
Payment data — handled directly by our payment provider; we receive only a tokenised reference and the outcome (success/failure).
Free-form messages — what you write in contact, free-evaluation or quote forms.

2.2 We collect automatically

Technical log data — IP address, browser, device type, referrer, request timestamps. Used for security and abuse prevention.
Cookies & storage — see §5 below.

3. Why we use your data (legal bases)

To process bookings and contact requests — Art. 6 (1) (b) GDPR (performance of a contract / pre-contractual steps).
To send service e-mails (booking confirmations, reminders, follow-up about a cleaning) — Art. 6 (1) (b) GDPR.
To comply with legal obligations, e.g. invoicing and accounting under Austrian tax law — Art. 6 (1) (c) GDPR.
To keep the site secure and prevent fraud, abuse and spam — Art. 6 (1) (f) GDPR (legitimate interest in a working, secure service).
To measure aggregate usage with anonymous analytics — only if you consent (Art. 6 (1) (a) GDPR).

We share only the minimum necessary, only with recipients bound by confidentiality and an EU GDPR-compliant data processing agreement (Art. 28 GDPR):

The assigned cleaner — receives your name, service address and the relevant booking details to perform the cleaning.
Hosting provider — runs the website servers.
E-mail provider — sends transactional e-mails on our behalf.
Payment provider — processes card / SEPA / instant transfer payments.
Tax advisors and authorities — when required by law.

We never sell your data and we never share it with advertising networks.

5. Cookies & tracking

We use the following categories of cookies / local storage:

Strictly necessary — keeps your booking session active, remembers your cookie choice. These are always on; no consent required.
Analytics (opt-in) — anonymous, aggregated counts of which pages people visit. Only loaded if you accept analytics in the cookie banner.
Marketing (opt-in) — currently not used. Reserved for future re-targeting; only loaded with explicit consent.

You can withdraw consent at any time by clearing your browser storage for this site, which will re-display the cookie banner on your next visit.

6. How long we keep data

Booking and invoice data — 7 years, to comply with Austrian commercial & tax retention rules (§ 132 BAO).
Contact and free-evaluation messages — up to 24 months from your last contact, then deleted or anonymised.
Server / security logs — up to 90 days.
Cookie consent record — up to 12 months (stored locally in your browser).

7. International transfers

Our infrastructure and processors are located in the European Economic Area (EEA). Where a processor unavoidably transfers data outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (Art. 46 GDPR) and apply additional safeguards where required.

8. Your rights under GDPR

You have, free of charge, the right to:

Access your data (Art. 15);
Rectify inaccurate data (Art. 16);
Erase your data (Art. 17), subject to legal retention obligations;
Restrict processing (Art. 18);
Data portability (Art. 20);
Object to processing based on legitimate interest (Art. 21);
Withdraw consent at any time, without affecting the lawfulness of earlier processing (Art. 7 (3)).

To exercise these rights, e-mail 2gether2shine@gmx.at. We respond within one month.

9. Security

We use TLS encryption for all traffic to and from the site, keep our software up to date, and limit internal access to personal data on a strict need-to-know basis. No system is completely secure, but we take the protection of your data seriously and notify you and the authorities of any breach affecting you as required by law.

10. Children

Our service is intended for adults. We do not knowingly collect personal data from children under 14. If you believe a child has provided us with data, please contact us so we can delete it.

11. Changes to this policy

We may update this policy when our service or the law changes. The most recent version is always available on this page; the date at the top tells you when it was last revised.

12. Contact & complaints

For any privacy question, write to 2gether2shine@gmx.at. If you believe we have not handled your data properly, you also have the right to lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien
Website: www.dsb.gv.at