Controller for the processing of personal data
The controller within the meaning of Art. 4 (7) DSGVO is:
Company
Wenexus Consulting GmbH
Fleischmarkt 14, office 5a
1010 Vienna, Austria
Contact information
- Phone: +436643483748
- E-Mail: office@wenexus.at
- Website: www.wenexus.at
Registration data
- Firmenbuchnummer: FN 635890h
- Firmenbuchgericht: Handelsgericht Wien
- UID number: ATU 81175014
Business information
Gewerbewortlaut
Unternehmensberatung einschließlich der Unternehmensorganisation
Gewerberechtliche Geschäftsführung
Liliana Valishevska
Berufszweig
Unternehmensberatung
Authority pursuant to ECG
Magistratisches Bezirksamt des I. Bezirkes
Business information (Versicherungsmakler)
Gewerbewortlaut
Versicherungsvermittlung in der Form Versicherungsmakler und Beratung in Versicherungsangelegenheiten
Gewerberechtliche Geschäftsführung
Johann Lehner
GISA-Zahl
39387608
Berufszweig
Versicherungsmakler
Liability insurance
Generali Versicherung AG
Core principles of data processing
Your personal data is processed by us in accordance with the following principles:
Lawfulness, fairness and transparency
Data processing is carried out only on a lawful basis and in a manner transparent to you
Purpose limitation
Data is collected only for specified, explicit and legitimate purposes
Data minimisation
We process only the data necessary to achieve the purpose of processing
Accuracy
We ensure that your data is accurate and up to date
Storage limitation
Data is stored only for as long as is necessary
Integrity and confidentiality
We ensure appropriate protection of your data
Data processing in the context of insurance mediation
As part of our activity as Versicherungsmakler (GISA-Zahl: 39387608) we process additional categories of personal data to select optimal insurance products for you.
Purpose of processing
- Analysis of the client's insurance needs
- Selection and comparison of insurance products from different insurers
- Preparation and conclusion of insurance contracts
- Management and renewal of existing policies
- Claims handling (Schadensabwicklung)
Legal basis
- Art. 6 (1) (b) DSGVO — performance of a contract or pre-contractual measures at the request of the data subject
- Art. 6 (1) (c) DSGVO — compliance with legal obligations (in particular Standesregeln für Versicherungsvermittlung)
- Art. 6 (1) (f) DSGVO — legitimate interest (ensuring high-quality service)
Categories of data
- Contact details (name, address, telephone, email)
- Date of birth and family status
- Financial situation and income (to determine insurance needs)
- Existing insurance contracts
- Information on assets (for property insurance)
- Professional activity (for liability insurance)
Special categories of data (Art. 9 DSGVO)
For certain types of insurance (in particular health and life insurance) the processing of health-related data may be required. Such data is processed exclusively with your separate written consent (Art. 9 (2) (a) DSGVO) and only to the extent necessary for the insurer's risk assessment.
You have the right to withdraw this consent at any time without giving reasons. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Data transfer
Within the framework of insurance mediation, your data may be transferred to insurance companies for risk assessment and the conclusion of contracts. The transfer is carried out exclusively to the extent necessary for the performance of the contract and on the basis of Art. 6 (1) (b) DSGVO.
Retention periods
- 7 years — in accordance with the Bundesabgabenordnung (BAO) for tax and financial records
- 3 years — general statute of limitations for civil-law claims
- 30 years — for liability insurance contracts (Haftpflichtversicherung) in line with the statute of limitations for personal injury claims
Automatic collection of technical data
Webhost / Provider
The web hosting provider stores data for every access to the website (in so-called server log files). This data includes: name of the website, request message, browser type, operating system, referrer URL (previously visited website), IP address and the requesting provider. This data is recorded only for statistical purposes and serves to optimise the security of the hosting system.
Technical data and IP address
When visiting our website, the following technical data is automatically collected:
- IP address of your device
- Date and time of access
- Browser type and version
- Operating system
- URL of the page you came from (referrer URL)
- URLs of the pages you visited on our site
- Amount of data transferred
Purpose of processing
This data is necessary to ensure the stable operation of the website, optimise its functionality and ensure the security of our IT systems.
Legal basis
The processing is based on our legitimate interest (Art. 6 (1) (f) DSGVO) in ensuring the functionality and security of our website.
Retention period
Server log data is stored for a maximum of 7 days and then automatically deleted. Exceptions apply where the data is required to investigate unlawful acts.
Cookies
Our website uses cookies. Cookies are small text files stored on your device via the browser. They do not damage your computer and do not contain viruses. We use cookies to make our offer more user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognise your browser on your next visit. If this is not desired, you can configure your browser to inform you about the setting of cookies and to allow them only on a case-by-case basis. Deactivating cookies may limit the functionality of our website.
Technically necessary cookies
We use technically necessary cookies to ensure the correct operation of our website and the provision of our services.
Session cookie
Stored only for the duration of your visit and automatically deleted after the browser is closed
Functional cookies
Store your settings (e.g. language selection) and remain on your device for up to 12 months
Legal basis: Art. 6 (1) (f) DSGVO and § 165 (3) TKG 2021
Analytics and marketing cookies
To analyse website usage and improve our service we may use analytics cookies. These cookies are only set with your active consent.
On your first visit to our website a cookie banner appears in which you can give or withhold consent for the use of optional cookies.
Third-party integrations
Google Maps
This website uses Google Maps to display cartographic information. When using Google Maps, Google also collects, processes and uses data on the use of Maps features by website visitors. You can find detailed information on data processing by Google in Google's privacy policy at https://www.google.at/intl/de/policies/privacy/. There, in the Data Protection Center, you can also change your settings to manage and protect your data.
Google Analytics
This service uses Google Analytics, a web analytics service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on the users' computers and allow analysis of their use of the website. Information about users' use of this website generated by the cookie is usually transferred to a Google server in the USA and stored there.
If IP anonymisation is activated on this website, users' IP addresses will be shortened in advance by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.
On behalf of the operator of this website, Google will use this information to evaluate users' use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data held by Google.
Disabling Google Analytics
Users can prevent the storage of cookies by configuring their browser software accordingly; however, this service points out that in this case users may not be able to use all functions of this website to their full extent.
In addition, users can prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, or within browsers on mobile devices, please click this link to prevent the collection of data by Google Analytics within this website in the future. An opt-out cookie will then be placed on your device. If you delete your cookies, you will have to click this link again.
Facebook Social Feed
To promote our services we operate a corporate page on the Facebook platform. This service is provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. On our website we display posts from our Facebook page. To display current posts and images, a connection to Facebook servers is required. The connection is only established if you have consented to the use of cookies and external services on our website and therefore only occurs with your express consent.
If a connection is established, data such as IP address, websites visited, date, time and other browser information may be transferred to Facebook. If you are logged into your Facebook account at the time of visiting our website, Facebook may also link the data to your user account.
How to prevent the data transfer
To prevent or reduce this data transfer, you can disable the use of cookies in your browser settings, adjust your privacy settings on Facebook and ensure that you are logged out of Facebook when visiting our website.
Legal basis
Data processing is based on Art. 6 (1) (a) DSGVO (consent) and Art. 6 (1) (f) DSGVO (legitimate interest), as we have a legitimate interest in promoting and communicating our services.
Joint responsibility
We and Meta Platforms Ireland Limited are jointly responsible for the transfer of data from our website to Facebook (Art. 26 DSGVO). Further processing by Facebook is not part of the joint responsibility. How your data is used by Facebook can be found in the company's privacy policy at https://www.facebook.com/about/privacy/update.
Data transfer to the USA
It cannot be ruled out that data processing takes place not only via Meta Platforms Ireland Ltd. but also via Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Further information can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Use of YouTube
Features of the YouTube service are embedded on our website. These features are provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Embedded videos set cookies on users' computers when the website is opened. Those who have disabled the setting of cookies for the Google advertising programme will also not have to expect cookies when opening a YouTube video. However, YouTube also sets other cookies with non-personalised usage information. If you wish to prevent this, you must block it in your browser.
Use of Instagram
Features of the Instagram service are embedded on our website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking the Instagram button. In this way, Instagram can associate visits to our pages with your user account.
We point out that we, as the provider of the pages, do not receive any information about the content of the transmitted data or its use by Instagram.
Contact form and email
If you contact us in writing, by phone, via the contact form on our website or by email, the data you provide is stored by us for the processing of your request and in case of follow-up questions for the duration of the statutory retention period. We do not pass this data on to third parties without your consent.
Categories of processed data
- First and last name
- Email address
- Phone number (if provided)
- Content of the message
- Date and time of contact
Purpose of processing
Processing your request, supporting communication, providing consulting services.
Retention period
6 months after the completion of the request, if no contract is concluded. In the event of a contract being concluded — 7 years.
Data collection upon newsletter subscription
You have the option to subscribe to our newsletter via our website. With it we send you tax-related professional information, information about our events and about our products and services, as well as general information about our consulting activities (e.g. availability, Christmas opening hours, relocations, holidays, personnel changes etc.).
Data required for subscription
- First and last name
- Email address
- Your declaration of consent to receive the newsletter
Subscription and confirmation process
As soon as you subscribe to the newsletter, we will send you a confirmation email with a link to confirm the registration.
Unsubscribing from the newsletter
You can withdraw your consent to receive the newsletter at any time without giving reasons by emailing us at the address listed above, by post, or via the unsubscribe link provided at the end of every newsletter.
Newsletter data processor
The newsletter is sent via the services of HubSpot, Inc., a provider of marketing automation and email delivery services. HubSpot processes personal data in accordance with its privacy policy and is responsible for the security of the transmitted data. All data processors operate exclusively on the basis of data processing agreements pursuant to Art. 28 DSGVO. For inquiries regarding data processing by HubSpot, you can contact their data protection portal or use the contact details specified in HubSpot's privacy policy.
Consulting services and contract performance
In the course of providing our consulting services we process the following categories of personal data:
Categories of data
- Basic contact details (name, address, phone, email)
- Company data (company name, registration data, UID number)
- Contract data (subject matter, duration, fees)
- Communication data (correspondence, meeting minutes, consultation records)
- Bank data (for payment processing)
- Data required for the provision of specific consulting services
Legal basis
- • Art. 6 (1) (b) (contract)
- • Art. 6 (1) (c) (legal obligation)
- • Art. 6 (1) (f) (legitimate interests)
Data recipients
- • Tax advisors
- • Banking institutions
- • Austrian authorities
- • IT providers
Data storage
- • During the contract
- • 7 years after (§ 132 BAO)
- • Up to 30 years for claims
Transfer of data to third parties
Data processors (Auftragsverarbeiter)
We use the services of external IT service providers for the technical support of our website and business processes. All data processors operate exclusively on the basis of data processing agreements pursuant to Art. 28 DSGVO.
Hosting providers
Email providers
Software providers
Transfer of data to third countries
We do not transfer personal data to countries outside the European Union without an adequate level of data protection (EU-U.S. Data Privacy Framework, EU Standard Contractual Clauses or other guarantees pursuant to Art. 46 DSGVO).
Detailed information on specific guarantees is available via our contact details.
Your rights as a data subject
Under DSGVO and the Austrian Data Protection Act (DSG) you have the following rights:
Right of access (Article 15 DSGVO)
Obtain information about the processing of your data and access to it
Right to rectification (Article 16 DSGVO)
Demand prompt correction of inaccurate personal data
Right to erasure (Article 17 DSGVO)
Demand the erasure of your personal data in certain cases
Right to restriction of processing (Article 18 DSGVO)
Demand restriction of the processing of your data
Right to data portability (Article 20 DSGVO)
Receive data in a structured format and transmit it to another controller
Right to object (Article 21 DSGVO)
Object to the processing of your personal data
Right to withdraw consent (Article 7 (3) DSGVO)
Withdraw your consent to data processing at any time
Right to lodge a complaint (Article 77 DSGVO)
Lodge a complaint with the data protection authority
Exercising your rights
To exercise your rights, contact us via the contact details listed at the start of this policy. We will respond within one month of receiving your request.
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, we ask you to contact us so that any matters can be clarified.
Exercising your rights is free of charge unless your requests are manifestly unfounded or excessive.
Austrian Data Protection Authority
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
Data security
We take appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
SSL/TLS encryption
Protected data transmission (https://)
Backups
Regular backups of the data
Access control
Authorisation and access management
Protected systems
Regular software updates
Note on email communication
Data transmission by email may be insecure due to the technical structure of the internet. Third parties could potentially gain access to the messages. You are solely responsible for choosing this means of communication.
Other
No automated decision-making
Under Article 22 DSGVO you have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you.
In general we do not use automated decision-making — including profiling — which may produce legal effects for you or significantly affect you.
Exceptions under Article 22 DSGVO
Automated decision-making may be permissible if:
- the decision is necessary for the conclusion or performance of a contract between you and us
- the decision is authorised by EU or Member State law to which we are subject and which provides appropriate measures to safeguard your rights and freedoms
- the decision is based on your explicit consent
In cases where automated decision-making would be permissible, we take appropriate measures to safeguard your rights and freedoms, in particular ensuring your right to obtain human intervention on our part, your right to express your point of view and your right to contest the decision.
Changes to the Privacy Policy
We reserve the right to amend these provisions at any time in line with operational requirements.
Current version: March 2026