Data Privacy

Introduction

This privacy policy provides information about how personal data is processed in connection with the use of Verganta. Verganta comprises both the website (www.verganta.eu) and the platform (app.verganta.eu).
In this document, you will learn:

what types of personal data we collect,
for what purposes this data is processed,
what legal bases apply,
what rights you have as a data subject, and
how you can contact us if you have any questions or concerns.

Processing is carried out on the basis of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Telecommunications Act (TKG).
We reserve the right to amend this privacy policy as necessary, for example due to changes in legal requirements or new features of our services. The version of this privacy policy published at the time of your visit or use of Verganta shall always apply.

1. Responsible party

The responsible party for the processing of personal data within the meaning of Art. 4(7) GDPR is:

openFORCE Holding & Consulting GmbH
Franzensbrückenstraße 5/5
1020 Vienna
Austria

Email: office@openforce.com
Phone: +43 1 3191775-200

2. Processing of personal data

We process personal data only to the extent necessary to ensure the secure operation and core functions of Verganta.
The type and scope of the data depend on whether you are simply visiting the website (landing page) or actively using the platform (app).

2.1 Server and access data

Each time you visit our website (www.verganta.eu) or platform (app.verganta.eu), our hosting provider automatically collects and stores certain technical data (known as server log files). This includes: IP address, date and time of access, page/file accessed, referrer URL, browser type and version, operating system, and, if applicable, the browser's language setting. This data is processed exclusively for the purposes of ensuring technical operation, IT security, and error analysis. This data is not merged with other sources or evaluated in relation to individuals.

2.2 Cookies and similar technologies

Our website and platform only use technically necessary cookies.
These are required to ensure central functions such as login, session management, or security. They are used in accordance with Section 165 (3) of the Telecommunications Act (TKG) without separate consent.
We do not use tracking, marketing, or analysis cookies.

2.3 Data collection during sign-up, registration, and use

When you use our services, we process different types of personal data depending on the usage situation:

Newsletter subscription
When you sign up for the waiting list or newsletter, we collect your email address, browser language, and other voluntarily provided data (e.g., name, company). We use this information exclusively to address you specifically and personalize communication. You can unsubscribe from the newsletter at any time using the unsubscribe link in each email.
Registration for the platform
Registration is required to use Verganta Prime. We process your email address, a password of your choice, and your browser's language settings. You can also store company data (e.g., company name, VAT ID, URL of the company website). Additional information such as industry, location, or certificates will only be processed if it is publicly accessible and machine-readable on the website you have provided or if you have expressly made it available.
Use of the platform
- Without login: When using publicly accessible areas (e.g., Verganta Analytics), only technical access data is processed, in particular IP address, browser type, operating system, referrer URL, time of server request, and any error logs. This processing is necessary to ensure the secure operation and optimization of the platform.
- With login: For logged-in users, additional usage and interaction data is collected, such as search queries, ratings and feedback on tenders, saved favorites, or usage patterns within the AI-based matching engine. This processing is necessary to provide the contractually agreed services (e.g., personalized job offer suggestions), to ensure their quality, and to continuously develop the platform.

This data is processed on the basis of Art. 6 (1) (b) GDPR (contract performance), insofar as this is necessary for the provision of our services, and on the basis of Art. 6 (1) (f) GDPR (legitimate interest) for the purpose of ensuring the stability, security, and improvement of our systems.

3. Purposes of data processing and legal bases

We process personal data exclusively within the framework of the provisions of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Telecommunications Act (TKG). Processing is carried out for the following purposes:

Provision of the website and platform
To ensure the secure operation and technical delivery of our content (e.g., storage of server logs, error logs).
→ Legal basis: Art. 6 (1) (f) GDPR (legitimate interest).
Registration and contractual relationship
To set up and manage user accounts and to provide the services offered via Verganta Prime.
→ Legal basis: Art. 6 (1) (b) GDPR (performance of a contract).
Personalization and improvement of services
To suggest tenders individually based on stored company data and user feedback.
→ Legal basis: Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (f) GDPR (legitimate interest).
Communication with users
Including responding to inquiries, sending notifications and newsletters, and providing information about product updates.
→ Legal basis: Art. 6 (1) (a) GDPR (consent) in the case of the newsletter, otherwise Art. 6 (1) (b) GDPR (performance of a contract).
Compliance with legal obligations
In particular, commercial and tax law retention obligations.
→ Legal basis: Art. 6 (1) (c) GDPR (legal obligation).

4. Disclosure of data and recipients

Personal data will only be disclosed if this is necessary to fulfill the aforementioned purposes, if there is a legal obligation to do so, or if consent has been given.

Categories of recipients

IT and hosting service providers
Our systems are operated on servers belonging to a European hosting provider (Hetzner Online GmbH). The provider processes the data exclusively on our behalf and within the EU.
Legal and tax advisors, authorities
If necessary, e.g., to fulfill legal obligations.

No disclosure to third parties for advertising purposes
Data will not be transferred to third parties for the purpose of direct marketing or sales.

Data transfer to third countries
Data will not be transferred to countries outside the EU or the EEA unless this is absolutely necessary for the fulfillment of a contract or express consent has been given. In this case, we ensure that an adequate level of data protection is guaranteed in accordance with Art. 44 ff. GDPR.

5. Storage period and deletion

We only store personal data for as long as is necessary for the purposes stated in this privacy policy or as required by statutory retention periods. After that, the data is routinely deleted or anonymized.

Specifically, this means:

Newsletter registration: Data is stored for as long as the subscription is active. When you unsubscribe from the newsletter, we delete the data immediately, provided that there are no legal retention obligations to the contrary.
Registration and account data: Data in the user account is stored for the duration of active use of the platform. We will delete the account at any time upon request. If there are legal retention obligations (e.g., data relevant for tax purposes), these will be deleted after the retention periods have expired.
Company data in the context of matching: This data remains stored as long as an account is active and the data is required for the use of the platform. When the account is deleted, this data is also deleted.
Technical log data (e.g., IP address, browser data): This data is deleted or anonymized after 30 days at the latest, unless it is no longer required to ensure system security.
Contract and billing data: This data is stored in accordance with legal retention requirements (usually 7 years under Austrian law).

We regularly check whether storage is still necessary and delete data as soon as the purpose no longer applies.

6. Rights of data subjects

As a data subject, you have various rights under the GDPR with regard to the processing of your personal data. You can exercise these rights at any time using the contact details provided in section 1.

Your rights at a glance:

Right to access (Art. 15 GDPR)
You have the right to request confirmation as to whether we are processing your personal data. If so, you will receive information about this data and further information about its processing.
Right to rectification (Art. 16 GDPR)
You may request that inaccurate or incomplete personal data be corrected without delay.
Right to erasure (Art. 17 GDPR, “right to be forgotten”)
You have the right to request the erasure of your data, provided that there are no legal retention obligations or other legitimate reasons preventing erasure.
Right to restriction of processing (Art. 18 GDPR)
Under certain conditions, you may request that the processing of your data be restricted (e.g., while the accuracy of the data is being verified if you dispute it).
Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.
Right to object (Art. 21 GDPR)
You may object to the processing of your data at any time, provided that we are processing it on the basis of a legitimate interest. If data is processed for direct marketing purposes, you may object to this at any time without giving reasons.
Right to withdraw consent (Art. 7 GDPR)
If we process your data on the basis of your consent, you can withdraw this consent at any time with effect for the future.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a data protection supervisory authority. In Austria, this is the Data Protection Authority (DSB).

7. Data security

We use technical and organizational measures to protect your personal data from loss, manipulation, unauthorized access, and unlawful disclosure. These measures are regularly reviewed and adapted to the state of the art.

Specifically, this means:

The transmission of sensitive data (e.g., login, registration) is exclusively encrypted via TLS/SSL.
Access to our systems is protected by role-based permissions.
Servers and databases are operated in secure data centers within the European Union and are regularly updated.
We use logging and monitoring procedures to detect unauthorized access at an early stage.
Backups and emergency concepts ensure that data can be restored in the event of technical problems.

Please note that despite all security measures, no data transmission over the Internet can be completely protected against unauthorized access. However, we ensure that the risk is reduced to a minimum by current standards.

8. International data transfer

Personal data is not transferred to countries outside the EU or the EEA. If transfer is necessary in individual cases (e.g., when using specialized external services), this will only take place if the European Commission has issued an adequacy decision for the third country in question or if suitable safeguards exist in accordance with Art. 46 GDPR (e.g., EU standard contractual clauses).

9. Changes to this privacy policy

We reserve the right to amend this privacy policy as necessary, for example, when introducing new features, due to changes in the legal situation, or due to requirements from supervisory authorities. The version published on our website and platform at the time of your visit or use of Verganta shall always apply.

10. Contact for data protection inquiries

If you have any questions about data protection or wish to exercise your rights as described in Section 6, you can contact us at any time: