Status: 18 December 2025
We take the protection of your personal data very seriously and are committed to ensuring the secure use of this platform. With this Privacy Policy, we would like to inform you about which data we collect and store and how we protect and use such data. In addition, we commit ourselves to complying with all applicable data protection laws. Further information on data processing activities on our website can be found in our Cookie Policy. This allows you to see at a glance which of your personal data we process, for which purposes, and on which legal basis.
The following Privacy Policy applies to signteq GmbH as the operator of this website (hereinafter referred to as “signteq”, “we”, “us”).
The controller responsible for the collection, processing, and use of your personal data within the meaning of the GDPR is signteq GmbH, Gumpendorfer Straße 36/46, 1060 Vienna, Austria.
If you have any questions regarding data protection, please contact us or write to us at our registered office: Gumpendorfer Straße 36/46, 1060 Vienna.
We attach great importance to data protection, as the protection of your personal data is a particular concern for us. We therefore process your data exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act (“DSG”), and the Telecommunications Act (“TKG”).
We consider our awareness of data protection to be a distinguishing feature within our industry. When selecting service providers and cooperation partners, we always ensure their compliance with data protection regulations. Furthermore, we process data that we collect directly from our users predominantly in Austria or Germany, and in any case exclusively within the European Union. The protection of our users’ data is our highest priority; therefore, we never sell your data to third parties.
Before providing detailed information about our data processing activities, we would like to outline some fundamental data protection concepts and our general approach:
Personal data refers to data that can be used to identify a natural person. This includes any data that allows conclusions to be drawn about you as a person, such as your name, email address, or billing address.
Personal data also includes pseudonymized data, where identification is only possible by using additional data sets (e.g. your IP address or community name in our forum).
Purpose limitation is a core principle of data protection. This means that your data may only be processed for a specific purpose and only for as long as that purpose exists. Data processing is therefore limited both in scope and duration.
Data protection law is based on the principle of prohibition: the processing of personal data is generally prohibited unless a legal basis applies. The most common legal bases in practice are contract performance, consent, and legitimate interest.
Contract performance: If the processing of your data is necessary for the performance of a contract, we must process such data. This applies, for example, to subscription agreements or contracts relating to the use of our services.
Legitimate interest: Data protection law requires a balancing of interests. In some cases, our legitimate interests may outweigh your interest in the protection of your data. Common legitimate interests include data security, prevention of misuse, internal administrative purposes, freedom of expression and information, enforcement of legal claims, and marketing measures.
Consent: If no other legal basis applies but we would still like to process your data, we will ask for your consent in advance. This applies in particular to sales and marketing activities (e.g. newsletters, telephone marketing). Consent is only valid if given voluntarily and with full knowledge of the facts.
We keep the group of recipients of your data as small as possible and outsource only limited services, as we place great value on developing and managing our IT systems internally. Where service providers are engaged, they are listed under the respective product category in Section II. Requests from authorities or third parties for disclosure of data are carefully reviewed and complied with only where legally required.
We store your data only for as long as necessary to fulfill the respective purposes. The duration of data processing is determined in particular by statutory retention obligations and limitation periods for potential legal claims.
Categories of data: When you use our website, we generally process your IP address, name of the accessed webpage or file, date and time of access, amount of data transferred, status message regarding successful retrieval, browser type and version, operating system, referrer URL, and the requesting provider. This information is automatically transmitted by your browser.
Purposes: In addition to the processing activities described in our Cookie Policy, we process data on the basis of our legitimate interest in ensuring data security, including:
Recipients: Data may also be processed by our IT service providers acting on our behalf.
Retention period: Different processing activities on our website have different retention periods, which are explained in detail in our Cookie Policy.
When you contact us (e.g. by phone or email), we process your name, email address or phone number, and the content of your inquiry to respond to your request.
Categories of data: Name, company, contact details Purpose: Fulfillment of (pre-)contractual obligations
When you register with signteq, we process the personal data you provide (email address, name, address, company data, payment information, etc.).
You can modify or delete personal data stored in your signteq account at any time or request deletion of your entire account.
Purpose (based on contract performance):
Recipients: IT service providers, banks, payment service providers, and, where applicable, debt collection agencies. We work exclusively with PCI-certified payment service providers.
Retention period: Contract-related data is stored for seven years in accordance with tax law and subsequently for up to three additional years to cover statutory limitation periods (total of ten years).
You will usually encounter Smart Ident when registering for a service offered by one of our customers. We provide identity verification services, particularly in highly regulated environments (e.g. healthcare, anti-money laundering, and counter-terrorism financing).
Smart Ident typically acts as a processor on behalf of its customers and performs specific verification steps. Identity verification services inherently require the processing of personal data.
Data processing for identity verification is carried out on behalf of a Smart Ident customer (“Partner”) and solely for the purpose of verifying your identity, declarations, age, or other information requested by the Partner.
Depending on the verification method, we may process the following data:
First and last name
Place and date of birth
Nationality
Full address
Mobile phone number
Identification numbers
Photos/screenshots of the person and identity documents, and in some cases video/audio recordings
ID document data (issuing authority, date, etc.)
Special data* such as biometric data (selfie), creditworthiness data, or open banking information
In certain cases, explicit consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR may be required.
Smart Ident enables payment initiation and account information services under PSD2. Access is only granted with your explicit consent and always takes place within your bank’s secure online banking environment.
Verification data is stored until confirmation by the Partner, usually no longer than 24 hours after completion, unless statutory retention obligations apply.
Processing is based on one or more legal bases pursuant to Art. 6(1) GDPR, including consent, contract performance, legal obligation, legitimate interest, or public interest.
Smart Ident acts as a local registration authority for qualified electronic signatures under the eIDAS Regulation (EU) No. 910/2014. Identification evidence may be stored securely for up to 20 or 35 years as required by law.
Only authorized personnel within Smart Ident have access to the data. Data is transmitted to the relevant Partner and, where legally required, to authorities or subcontractors strictly bound by our instructions.
As a rule, we do not transfer personal data outside the EU/EEA. Where necessary, transfers are safeguarded by EU Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions.
You have the right to:
Please address data protection requests to us. For security reasons, identity verification may be required. You also have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at).
This website uses cookies to facilitate navigation and functionality. You can disable cookies in your browser settings, which may limit website functionality. Further details are available in our Cookie Policy.
Any changes to this Privacy Policy will be published on our website. If changes materially affect your data protection rights, confirmation may be required.
Entdecken Sie signteq, erstellen Sie direkt ein Konto und beginnen Sie mit dem Einholen von Unterschrifen. Unser Sales-Team berät Sie gerne und gestaltet für Sie ein individuelles Angebot, das genau auf Ihr Unternehmen abgestimmt ist.