Status: June 2026
The protection of your personal data is very important to us. We process your data exclusively on the basis of legal provisions (in particular the General Data Protection Regulation, GDPR, and the Austrian Data Protection Act, DSG). In this privacy policy, we inform you about the most important aspects of data processing within our website.
1. Data Controller
The data controller in the sense of the GDPR is:
Lomnido GmbH
Schönngasse 15–17, TOP 12
1020 Vienna, Austria
Represented by the Managing Director: Thomas Graf
Email for data protection inquiries: dataprotection@lomnido.com
2. Your Rights
You generally have the following rights regarding your personal data:
Right to information (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent with effect for the future (Art. 7 para. 3 GDPR)
To exercise these rights, a simple message to the email address mentioned above is sufficient. If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the supervisory authority. In Austria, this is the Austrian Data Protection Authority (www.dsb.gv.at).
3. Hosting & Website Provision
Webflow
This website is hosted on the Webflow platform. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. For the delivery of the website, Webflow processes technically necessary data that your browser automatically transmits (in particular IP address, date and time of access, amount of data transferred, browser type, and operating system). This data is stored in server log files and serves the technical provision, security, and stability of the website.
Delivery also takes place via a Content Delivery Network (CDN) to provide content quickly and reliably. The legal basis for this is our legitimate interest in the secure and efficient provision of our website (Art. 6 para. 1 lit. f GDPR).
As Webflow is a US provider, data may be transferred to the USA. This transfer is secured based on the EU Commission's standard contractual clauses. If Webflow is certified under the EU-U.S. Data Privacy Framework, the transfer will additionally be based on this framework.
Domain (Checkdomain)
The domains are registered and managed via checkdomain GmbH (Husener Str. 75, 23560 Lübeck, Germany). During domain management, no personal data of website visitors beyond the technically necessary administrative data is processed.
4. Cookies & Consent Management
Our website uses cookies and comparable technologies. Cookies are small text files that are stored on your device. Technically necessary cookies, which are required for the operation of the website, are used based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
All non-essential cookies and services (especially analytics and marketing services) are only set or loaded after you have given your explicit consent via our consent banner (Art. 6 para. 1 lit. a GDPR). For consent management, we use the consent management tool Finsweet Consent (Consent Pro). Your consent decision is stored so that it does not have to be requested again on your next visit. You can revoke or adjust your consent at any time with future effect via the settings of the consent banner.
5. Web Analytics & Tag Management
Google Tag Manager
We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager is a tool for managing website tags and is used to integrate other services (e.g., Google Analytics) in a controlled manner. The Tag Manager itself does not create user profiles or store cookies; however, it triggers other tags that can collect data. If these services require consent, they will only be activated after your approval via the consent banner.
Google Analytics 4 (GA4)
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses cookies and similar technologies to analyze the use of our website (e.g., pages viewed, duration of visit, approximate geographical origin, devices used). This information helps us improve our offering.
Processing is carried out exclusively based on your consent (Art. 6 para. 1 lit. a GDPR), which you provide via our consent banner. IP addresses are truncated or anonymized by Google. When using Google Analytics, data may be transferred to Google in the USA; this is secured by standard contractual clauses or the EU-U.S. Data Privacy Framework. You can revoke your consent at any time via the consent banner.
LinkedIn Insight Tag
We use the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). The Insight Tag enables the collection of statistical data on the use of our website by LinkedIn members, as well as the measurement and evaluation of campaigns. Data such as IP address, device and browser information, and visited pages may be processed.
Processing is carried out exclusively based on your consent (Art. 6 para. 1 lit. a GDPR) via our consent banner. Data may be transferred to LinkedIn in the USA, which is secured by standard contractual clauses or the EU-U.S. Data Privacy Framework. You can revoke your consent at any time via the consent banner.
6. Embedded Third-Party Content
YouTube
Videos from the YouTube platform are embedded on our website. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). We embed YouTube in enhanced privacy mode. According to YouTube, in this mode, information about you is only transmitted to YouTube when you actually play a video.
When playing a video, personal data (in particular your IP address and information about the device used) may be transmitted to YouTube, potentially also to the USA. The integration is based on your consent (Art. 6 para. 1 lit. a GDPR) via the consent banner.
Google Fonts (locally hosted)
This website uses so-called Google Fonts for the consistent display of fonts. The fonts are embedded locally on our web space and delivered directly from there. No connection to Google servers is established; in particular, your IP address is not transmitted to Google. The use serves the consistent and appealing presentation of our online offering based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
7. Contact and Registration Forms
Contact Form
If you send us an inquiry via our contact form, we process the data you provide to handle and respond to your inquiry. The data collected includes: name, company, business email address, optionally your phone number, the nature of your request, and your message.
Processing is carried out to handle your inquiry and to implement pre-contractual measures (Art. 6 para. 1 lit. b GDPR), as well as based on your consent provided via the mandatory privacy policy field (Art. 6 para. 1 lit. a GDPR).
Event Registration Form
For event registrations (e.g., for our anniversary celebration), we process your email address, your details regarding participation in the respective program items, and optionally your information on intolerances or special requirements. Processing serves the organization and execution of the event based on your consent (Art. 6 para. 1 lit. a GDPR).
If you provide information about intolerances or dietary needs in the free text field, this information may constitute health data within the meaning of Art. 9 GDPR (special categories of personal data). We process this information exclusively on the basis of your explicit consent (Art. 9 para. 2 lit. a GDPR) and solely for the purpose of considering your needs within the scope of the event. Providing this information is voluntary.
8. Recipients of Your Data & Processors
The data collected via our forms is first processed within the Webflow platform and then passed on to the following service providers, whom we use as processors or recipients:
Zoho CRM
To manage contact inquiries and customer relationships, we use the Customer Relationship Management system Zoho CRM from Zoho Corporation. We use the European instance of Zoho, so your data is processed on servers within the European Union. Processing is carried out to handle your inquiry and maintain the business relationship (Art. 6 para. 1 lit. b and lit. f GDPR). A data processing agreement exists with Zoho in accordance with Art. 28 GDPR.
Mailchimp
For the organization of individual mailings related to events (e.g., registrations and information about the anniversary celebration), we use the Mailchimp service from Intuit Inc. (USA). Your email address and any other registration data you provide will be transmitted to Mailchimp and processed there.
Processing is based on your consent (Art. 6 para. 1 lit. a GDPR), which you provide during registration. As Mailchimp is a US provider, your data may be transferred to the USA. This transfer is secured by standard contractual clauses or the EU-U.S. Data Privacy Framework. A data processing agreement exists with Mailchimp in accordance with Art. 28 GDPR. You can revoke your consent at any time with effect for the future.
9. Storage Duration
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention periods. Inquiries via the contact form are deleted once they have been fully processed and no statutory retention obligations prevent their deletion. Data processed based on consent will be stored until the consent is revoked.
10. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services and the technologies we use. The current version will then apply to your next visit.
