The controller within the meaning of the GDPR for this website and for the data of our contractual customers is:
AbdeX e.U., Dr.-Theodor-Körner-Platz 2, A-2460 Bruck an der Leitha, Austria.
Phone: +43 1 9535123 · E-mail: info@aiarbeiter.at.
aiarbeiter is a software service (SaaS) that enables businesses to operate an AI-assisted agent which communicates with their customers via WhatsApp (appointments, orders, reservations, enquiries).
With respect to communication with a business's end customers, the respective business is the data controller; AbdeX e.U. acts in this regard exclusively as a processor under Art. 28 GDPR (details in the Data Processing Agreement). For its own website and our customers' operator accounts, AbdeX e.U. is itself the controller.
Upon registration and use: company/business name, first and last name, address, phone number, e-mail address, password (stored only as a cryptographic hash), industry, and the services, prices and settings you enter. Purpose: provision and management of the service. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
To fulfil our accountability obligation (Art. 5(2), Art. 7 GDPR), upon registration we store the time of consent to the Terms, DPA and Privacy Policy, the respective document version, as well as the IP address and browser identifier at the time of consent. Legal basis: legal obligation or legitimate interest in providing evidence (Art. 6(1)(c) and (f) GDPR).
When you contact us by e-mail or form, we process your name, e-mail address and message to handle the enquiry. Legal basis: pre-contractual measures or legitimate interest (Art. 6(1)(b) and (f) GDPR).
On behalf of the respective business, we process the contents of the WhatsApp conversations as well as contact and transaction data of the end customers (e.g. phone number, WhatsApp-provided profile name, appointment/order/reservation request) in order to handle the respective matter. The business is the controller; the basis is the data processing agreement concluded with it.
If an operator enables notifications in the cockpit, we store the technical push endpoint data of their device/browser in order to inform them of new messages. Legal basis: performance of contract or consent (Art. 6(1)(b) and (a) GDPR). Consent can be revoked at any time via the device/browser settings.
When the website is accessed, technically necessary data (IP address, date/time, requested resource, status code, amount of data transferred, browser type) are processed to ensure operation and security, and are deleted or anonymised after a short period. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
If a business uses the optional online payment function, payment is processed via an external payment service provider. The payment data (e.g. card details) are processed directly by the payment service provider; we only receive status information to assign the order. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
The agent's responses are generated automatically using an AI language model. The system is designed to be recognisable to end customers as an automated agent (transparency obligation under Art. 50 of Regulation (EU) 2024/1689 – the "AI Act"). No automated decision producing legal effects within the meaning of Art. 22 GDPR takes place; the business can intervene and take over at any time.
To provide the service, we use carefully selected service providers with whom – where required – data processing agreements are in place:
| Hosting / e-mail delivery | ALL-INKL.COM – Neue Medien Münnich, Germany (EU) |
| WhatsApp message delivery | Meta Platforms Ireland Ltd. (EU) or Meta Platforms Inc., USA |
| AI language model | Specialised provider of AI language-model services based in the USA |
| Payment processing (optional) | Stripe Payments Europe Ltd. (Ireland) or Stripe Inc., USA |
Disclosure to other third parties only takes place where this is necessary to perform the contract, where you have consented, or where we are legally obliged to do so.
Where data are transferred to recipients in the USA, this takes place on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR – in particular the EU Commission's standard contractual clauses and/or certification under the EU-US Data Privacy Framework – together with supplementary protective measures.
We store personal data only for as long as is necessary for the stated purposes or as required by statutory retention obligations (e.g. up to 7 years under tax and company law). Account, conversation and transaction data are deleted after termination of the contract or after expiry of the respective periods. Within the scope of processing on behalf, deletion is governed by the instructions of the responsible business.
You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may revoke consent given at any time with effect for the future. If your request concerns data we process on behalf of a business, please contact the respective business as the controller; we will support it in doing so.
To exercise your rights, a message to info@aiarbeiter.at is sufficient. You also have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at).
We use exclusively technically necessary cookies (e.g. session and security cookies for login). No tracking or advertising profiling takes place. Details in the Cookie Policy.
We take appropriate technical and organisational measures (Art. 32 GDPR), including transport encryption (TLS/HTTPS), access restrictions, hashed password storage, protection against automated login attempts, and regular backups.