Kontor24
Sign in Register
Legal · Last updated 11.06.2026

Privacy Policy

The protection of your personal data is of central concern to us. This Privacy Policy informs you in accordance with Art. 13 and 14 GDPR about the nature, scope and purpose of the processing of personal data on our platform.

1. Controller

Bogdan Davydov (sole proprietor)
Witzelsbergergasse 10/9, 1150 Vienna, Austria
E-mail: office@kontor24.at

2. Categories of data processed

  • Master data (name, address, date of birth)
  • Contact data (e-mail, phone number)
  • Contract data (bidder ID, bids, awards, invoices)
  • Payment data (IBAN, Stripe verification data)
  • Communication data (e-mails, messages)
  • Usage data (login timestamps, page views)
  • Server log data (IP address, user agent, timestamp)

3. Purposes of processing

  • Provision of the auction platform and execution of auctions
  • Identity verification and fraud prevention
  • Invoicing and payment processing
  • Notifications regarding bids, awards and auctions
  • Compliance with statutory retention and documentation obligations
  • Safeguarding legitimate interests (e.g. IT security)

4. Legal bases

  • Art. 6 (1) (b) GDPR – performance of the user and sales contract
  • Art. 6 (1) (c) GDPR – compliance with legal obligations (e.g. Austrian Fiscal Code)
  • Art. 6 (1) (f) GDPR – legitimate interests (security, abuse prevention)
  • Art. 6 (1) (a) GDPR – consent (e.g. newsletter, optional cookies)

5. Recipients and processors

We only share data where necessary for contract performance or where a legal basis exists. Typical recipients:

  • Stripe (Stripe Payments Europe Ltd., Ireland) – identity verification via a €1 authorisation
  • Hosting and infrastructure providers within the EU
  • E-mail delivery providers for transactional e-mails
  • Logistics and shipping providers where delivery is commissioned
  • Tax advisors, auditors, authorities within statutory obligations

6. Retention periods

Personal data is only stored for as long as required for the stated purposes. Accounting and business-relevant data is retained for seven years in accordance with statutory retention obligations (in particular § 132 Austrian Fiscal Code, § 212 UGB). Unused account data is deleted upon termination of the business relationship.

7. Your rights

As a data subject you have the right to:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent with effect for the future (Art. 7 (3) GDPR)

8. Right to lodge a complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority: Österreichische Datenschutzbehörde, Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.

9. Server log files

Our server automatically stores the IP address, timestamp, requested URL, user agent and referrer for each request. Legal basis is Art. 6 (1) (f) GDPR (IT security). Retention is capped at 14 days.

10. Cookies

We only use strictly necessary cookies (session, language preference, CSRF protection). These are required for the operation of the platform and do not require consent. No tracking or marketing cookies are used.

11. Registration and user account

Participation in auctions requires registration. We process master and contact data as well as access credentials. Data is used for contract execution. Account deletion may be requested by e-mail at any time provided there are no open transactions.

12. Payment and identity verification via Stripe

To verify your identity we carry out a €1 authorisation on a credit card via Stripe Payments Europe Ltd. The amount is immediately reversed. Name, e-mail and card data are transmitted to Stripe. Stripe privacy information: stripe.com/at/privacy.

13. E-mail notifications

We send transactional e-mails (bid confirmations, outbid warnings, awards, invoices, watchlist reminders). These are part of the contract. Optional notifications can be managed in your user account.

14. Data security

Transmission is secured with TLS encryption. Passwords are stored exclusively as hashes. Access to customer data is restricted to authorised employees.

15. Status

As of April 2026. We reserve the right to adapt this policy in response to changing requirements.