aiarbeiter ← Back to homepage
🇬🇧 English ▾

Privacy Policy

1. Controller

The controller within the meaning of the GDPR for this website and for the data of our contractual customers is:
AbdeX e.U., Dr.-Theodor-Körner-Platz 2, A-2460 Bruck an der Leitha, Austria.
Phone: +43 1 9535123 · E-mail: info@aiarbeiter.at.

2. Overview & allocation of roles

aiarbeiter is a software service (SaaS) that enables businesses to operate an AI-assisted agent which communicates with their customers via WhatsApp (appointments, orders, reservations, enquiries).

With respect to communication with a business's end customers, the respective business is the data controller; AbdeX e.U. acts in this regard exclusively as a processor under Art. 28 GDPR (details in the Data Processing Agreement). For its own website and our customers' operator accounts, AbdeX e.U. is itself the controller.

3. What data we process

a) Operator account (our customers)

Upon registration and use: company/business name, first and last name, address, phone number, e-mail address, password (stored only as a cryptographic hash), industry, and the services, prices and settings you enter. Purpose: provision and management of the service. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

b) Consent and record data

To fulfil our accountability obligation (Art. 5(2), Art. 7 GDPR), upon registration we store the time of consent to the Terms, DPA and Privacy Policy, the respective document version, as well as the IP address and browser identifier at the time of consent. Legal basis: legal obligation or legitimate interest in providing evidence (Art. 6(1)(c) and (f) GDPR).

c) Contacting us

When you contact us by e-mail or form, we process your name, e-mail address and message to handle the enquiry. Legal basis: pre-contractual measures or legitimate interest (Art. 6(1)(b) and (f) GDPR).

d) End-customer communication via WhatsApp (processing on behalf)

On behalf of the respective business, we process the contents of the WhatsApp conversations as well as contact and transaction data of the end customers (e.g. phone number, WhatsApp-provided profile name, appointment/order/reservation request) in order to handle the respective matter. The business is the controller; the basis is the data processing agreement concluded with it.

e) Push notifications

If an operator enables notifications in the cockpit, we store the technical push endpoint data of their device/browser in order to inform them of new messages. Legal basis: performance of contract or consent (Art. 6(1)(b) and (a) GDPR). Consent can be revoked at any time via the device/browser settings.

f) Server log files

When the website is accessed, technically necessary data (IP address, date/time, requested resource, status code, amount of data transferred, browser type) are processed to ensure operation and security, and are deleted or anonymised after a short period. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

g) Online payments (optional)

If a business uses the optional online payment function, payment is processed via an external payment service provider. The payment data (e.g. card details) are processed directly by the payment service provider; we only receive status information to assign the order. Legal basis: performance of contract (Art. 6(1)(b) GDPR).

4. Use of Artificial Intelligence (transparency)

The agent's responses are generated automatically using an AI language model. The system is designed to be recognisable to end customers as an automated agent (transparency obligation under Art. 50 of Regulation (EU) 2024/1689 – the "AI Act"). No automated decision producing legal effects within the meaning of Art. 22 GDPR takes place; the business can intervene and take over at any time.

5. Recipients & processors

To provide the service, we use carefully selected service providers with whom – where required – data processing agreements are in place:

Hosting / e-mail deliveryALL-INKL.COM – Neue Medien Münnich, Germany (EU)
WhatsApp message deliveryMeta Platforms Ireland Ltd. (EU) or Meta Platforms Inc., USA
AI language modelSpecialised provider of AI language-model services based in the USA
Payment processing (optional)Stripe Payments Europe Ltd. (Ireland) or Stripe Inc., USA

Disclosure to other third parties only takes place where this is necessary to perform the contract, where you have consented, or where we are legally obliged to do so.

6. Transfer to third countries

Where data are transferred to recipients in the USA, this takes place on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR – in particular the EU Commission's standard contractual clauses and/or certification under the EU-US Data Privacy Framework – together with supplementary protective measures.

7. Retention period

We store personal data only for as long as is necessary for the stated purposes or as required by statutory retention obligations (e.g. up to 7 years under tax and company law). Account, conversation and transaction data are deleted after termination of the contract or after expiry of the respective periods. Within the scope of processing on behalf, deletion is governed by the instructions of the responsible business.

8. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). You may revoke consent given at any time with effect for the future. If your request concerns data we process on behalf of a business, please contact the respective business as the controller; we will support it in doing so.

To exercise your rights, a message to info@aiarbeiter.at is sufficient. You also have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at).

9. Cookies

We use exclusively technically necessary cookies (e.g. session and security cookies for login). No tracking or advertising profiling takes place. Details in the Cookie Policy.

10. Data security

We take appropriate technical and organisational measures (Art. 32 GDPR), including transport encryption (TLS/HTTPS), access restrictions, hashed password storage, protection against automated login attempts, and regular backups.

Last updated: 06/2026 · Version 2026-06-25