JET-CMS

Privacy Policy – JET-CMS

As of: 21.10.2025

This privacy policy informs you about the processing of personal data when visiting jet-cms.com (including subpages).

Responsible party

JetCoders GmbH
Kirchengasse 7, 1070 Vienna, Austria
Email: sales@jet-cms.com

Data protection officer

There is no data protection officer appointed, as no legal obligation exists.

Contact for data protection requests

For information and to exercise your rights, you can reach us at sales@jet-cms.com. We respond to inquiries within one month (Art. 12(3) GDPR).

Purposes and legal bases of processing

We process data for the following purposes and on the following legal bases:

  1. Operation of the website, stability & security (server logs, delivery via CDN, defense against abuse/attacks, error analysis) Legal basis: Art. 6(1) lit. f GDPR (legitimate interest).

  2. Email communication (e.g., inquiries) Legal bases: Art. 6(1) lit. b GDPR (contract formation/performance) or lit. f GDPR (balancing interests).

  3. Forms (e.g., “Request Demo” / scheduling) Processing of the data you entered to process your request. Legal basis: Art. 6(1) lit. b GDPR (contract formation). Optional provided data: Art. 6(1) lit. f GDPR.

  4. Reach measurement/statistics without cookies (Vemetric) Strictly cookie-less and anonymized/aggregated. Legal basis: Art. 6(1) lit. f GDPR (legitimate interest in statistics & optimization). Note to TKG: No access to information on your device occurs (§ 165 TKG), therefore no consent required.

  5. Marketing/Tracking (Meta/Facebook Pixel) – only with consent Conversion measurement, audience building, personalized advertising reports. Legal bases: § 165 TKG and Art. 6(1) lit. a GDPR (consent).

Processed data categories (Overview)

  • Usage & log data: IP address*, date/time, request URL, HTTP status, referrer, User-Agent, retrieved content, error codes.

  • Communication data: Email address, content of your message, metadata (timestamp, sender/recipient).

  • Form data (Request Demo/scheduling): Name, email, company, message, desired appointment (depending on form).

  • Consent data: Decision in the cookie banner (categories), timestamp, device/browser information, Consent-ID.

  • Reach measurement (cookie-less, anonymized): aggregated page views, events, UTM parameters, device/browser without cookies/fingerprinting.

  • IP addresses are processed for operation/security and shortly shortened/anonymized as early as possible.

Hosting & Content Delivery (Vercel)

Our website is hosted by Vercel Inc., USA and delivered via their CDN. On access, server log files are created (see data categories). Legal basis: Art. 6(1) lit. f GDPR (operation, security, abuse prevention). Retention period for logs: typically up to 30 days, then deletion or anonymization. Cross-border transfer: As data is transmitted to the USA, this is based on the EU-US Data Privacy Framework (DPF) or, if required, the EU Standard Contractual Clauses (SCC) and additional safeguards. Access control: Only authorized persons (Need-to-know).

Consent management & Tag control (CookieScript & Google Tag Manager)

We use CookieScript to manage consents and Google Tag Manager (GTM) for technical control of scripts/tags.

  • GTM itself does not set cookies, but can load tags that process personal data.
  • Non-essential tags (e.g., marketing/tracking) are activated only after your consent (Consent-First; Consent Mode).
  • Legal bases: § 165 TKG (for non-essential technologies) and Art. 6(1) lit. a GDPR (consent) as well as Art. 6(1) lit. f GDPR (proof/management of consents).
  • Consent proof: Consent logs are stored for up to 24 months.
  • Withdrawal/Change: You can change your choice at any time via the link “Cookie settings” in the footer. Withdrawal takes effect for the future.

Reach measurement without cookies (Vemetric)

We use Vemetric for a cookie-less, anonymized reach measurement.

  • No cookies or similar technologies, no device-wide tracking, no fingerprinting.
  • Processed are aggregated metrics (e.g., page views, events, UTM parameters, device/browser in anonymized form).
  • Legal basis: Art. 6(1) lit. f GDPR (legitimate interest in statistics & optimization).
  • Consent under § 165 TKG: Not required, as there is no access to the end device.
  • If technical raw data (e.g., IP) are captured briefly for operation/security, they are shortly shortened/anonymized.

Marketing/Tracking with Meta/Facebook Pixel (only with consent)

If you consent, we deploy the Meta/Facebook Pixel (Provider: Meta Platforms Ireland Ltd.) to measure the effectiveness of our advertising efforts and to build audiences (Custom Audiences).

  • Purposes: conversion tracking, reach measurement, audience-targeted advertising/optimization.
  • Legal bases: § 165 TKG and Art. 6(1) lit. a GDPR (consent).
  • Joint controllership: For the collection and transfer of data by the pixel, we and Meta are jointly responsible (Art. 26 GDPR). Meta is solely responsible for further processing.
  • Data categories (typical): Pixel ID, retrieved pages/events, possibly UTM parameters, browser/device information, shortened IP; Advanced Matching/CAPI is used only if you have consent (then fields transmitted will be specified in this policy).
  • Withdrawal: You can withdraw your consent at any time via “Cookie settings”; the pixel will then not load.
  • Cross-border transfer: Meta may transfer data to the USA. Legal basis are DPF and/or SCC plus additional safeguards.

Note: Without consent, the pixel will not load and there will be no transfer to Meta.

Forms (“Request Demo” / Scheduling)

If you use a form on our website, we process the data you entered (e.g., Name, E-Mail, Company, Message, desired appointment) to process your request or schedule an appointment. Legal basis: Art. 6(1) lit. b GDPR (contract formation); optionally provided information is processed on the basis of Art. 6(1) lit. f GDPR (efficient communication). Retention period: until the processing of your request and – if no further business relationship arises – regularly up to 12 months; beyond that only to the extent of statutory retention obligations.

Communication by email

If you contact us by email, we process your details for the processing of the inquiry. Legal bases: Art. 6(1) lit. b GDPR (contract formation/performance) or lit. f GDPR (balance of interests). Retention period: until completion and in accordance with legal retention obligations.

Recipients / Data processors

To provide our services we engage service providers. Only data that is necessary will be transmitted.

  • Vercel Inc. (Hosting/CDN, USA) – operation, delivery, security (Art. 6(1) lit. f GDPR); USA transfer based on DPF and/or SCC.
  • CookieScript (Consent Management) – management & proof of consents (Art. 6(1) lit. a/f GDPR; § 165 TKG).
  • Google Tag Manager (Google Ireland Ltd.) – tag control; loads tags only after consent (Art. 6(1) lit. a/f GDPR; § 165 TKG).
  • Vemetric (Analytics, cookie-less) – statistics/optimization without cookies (Art. 6(1) lit. f GDPR).
  • Meta Platforms Ireland Ltd. (Facebook/Meta Pixel) – marketing/tracking only with consent (Art. 6(1) lit. a GDPR; § 165 TKG); joint controllership for collection/transfer; possibly USA transfer (DPF/SCC).

(If additional tools/providers are used – e.g., email provider, error monitoring, scheduling system, CRM – they will be added here.)

International transfers (outside EU/EEA)

If services from providers in third countries (e.g., USA) are used, the transfer occurs either on the basis of an adequacy decision (Art. 45 GDPR; e.g., EU-US Data Privacy Framework for certified providers) or on basis of the EU Standard Contractual Clauses (Art. 46 GDPR) as well as additional safeguards (e.g., encryption, data minimization, IP shortening). We provide evidence upon request.

Retention periods (brief summary)

  • Server logs (Hosting/CDN): typically up to 30 days, then deletion/anonymization.
  • Consent data (CookieScript): up to 24 months.
  • Forms/email communication: until processing is completed and possibly per legal retention obligations; without a subsequent contract typically up to 12 months.
  • Reach measurement (Vemetric): anonymous/aggregated data; no personal profiles.

Criteria: legal obligations, necessity to achieve purposes, security and proof requirements.

Necessity of providing data

  • Usage/log data are required for the technical operation of the website.
  • Form data/emails are voluntary; without sufficient information, processing may be hindered.
  • Non-essential cookies/tags are voluntary; refusal may limit personalization/statistics.

Data sources

Data mainly originate from you (website use, forms, email contact). No systematic third parties.

Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection to processing under Art. 6(1) lit. f GDPR (Art. 21). You can withdraw a granted consent at any time with effect for the future (via “Cookie Settings” in the footer or by email).

Right to object under Art. 21 GDPR: You can object at any time to processing based on legitimate interests. Please email us at sales@jet-cms.com.

Complaint authority: Austrian Datenschutzbehörde Barichgasse 40–42, 1030 Vienna Web: dsb.gv.at

No automated decision-making

There is no profiling/automated decision-making within the meaning of Art. 22 GDPR.

Security

We use TLS encryption (HTTPS) and technical-organizational measures to protect your data from loss, misuse and unauthorized access.

Changes to this policy

This privacy policy may be updated if the law, services or processing changes. The current version is available on this page.

Cookie settings

You can change or withdraw your consent at any time: [Cookie Settings] (link in the website footer).