Privacy Policy


The protection of your privacy and data is very important to us and is always observed in all business transactions. You can always use our website without providing personal information. However, different provisions may apply to individual services, which we will refer to separately below.


Your personal data (hereinafter referred to as “data”) is processed for the purpose of providing information regarding our SyncSpider application, as well as to present and offer products and services related to this application. In this privacy policy, we inform you regarding:

  • The name and contact details of the data controller
  • All purposes for which your data is processed
  • The legal basis on which processing activities are based, potentially including our legitimate interest in doing so
  • All recipients of your data
  • The possible transfer of your data to a third country and an explanation of the associated legal basis
  • The storage duration of your data or the criteria for determining the duration
  • The categories of your data which are processed
  • Where your data originates
  • The rights of data subjects

Data Controller

SyncSpider GmbH, Molkereistrasse 4, A-4910 Ried im Innkreis, Email: [email protected]

No data protection officer has been appointed since this is not required by law.

Your Rights

You have the following rights concerning your personal data:

  • The right of access
  • The right to rectification or erasure
  • The right to restrict processing
  • The right to object to processing
  • The right to data portability
  • The right to withdraw your consent

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us. You can contact us at any time for further information on this and other questions regarding personal data.

Right of Access

You have the right to obtain from us free information about your personal data stored at any time and a copy of this information. Furthermore, you have the right to access the following information:

  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, including third countries or international organizations
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • The existence of the right to request rectification or erasure of personal data, or restriction of processing, or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from you, any available information as to their source
  • The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you

Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Right to Be Forgotten

Where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.

Right of Restriction of Processing

You have the right to obtain from us restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use.
  • We no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims.
  • You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override yours.

Right to Data Portability

You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, provided:

  • The processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR
  • The processing is carried out by automated means
  • The processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us

Furthermore, in exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to us for processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision:

  • Is not necessary for entering into, or the performance of, a contract between you and us, or
  • Is not authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • Is not based on your explicit consent.

Right to Withdraw Data Protection Consent

You have the right to withdraw your consent to the processing of your personal data at any time. Your withdrawal does not affect the legality of the data processing prior to the withdrawal.


Our website and services are not intended for use by minors and we expressly do not wish to collect information from minors. If a parent or legal guardian of a minor believes that his or her child may have provided personal information to us, please write to us at the contact address indicated below and we will delete the associated personal information, subject to applicable law and this policy.

Data Security

We employ reasonable technical and organizational measures and safety precautions (TOMs) to prevent unauthorized access to, unlawful processing of, and unauthorized or accidental loss of your information. This includes:

  • Encrypting your communication with us via this website based on the Secure Socket Layer (SSL) encryption protocol (TLS 1.2 or higher).
  • Using secure servers for data storage.
  • You can verify the quality of our encryption here:

We expressly point out that data transfer over the internet can be subject to security vulnerabilities and cannot be protected completely from access by third parties.

Data Collection Methods

Contact Methods

You can reach us via phone, personal visits, email, or by uploading files.

Contact Forms and Messaging

We use the Intercom messaging platform for communicating with our clients. When we receive a message from you via our contact form or messaging platform, Intercom will log and save the registration date and time and the IP address from which the registration was received. This is for evidentiary purposes only in the event that an email address is used by an unauthorized person.

Customer Account and Use of Our Services

If you want to use our services, it is necessary for the conclusion of the contract that you provide your personal data, such as name, photo, contact details, and company information needed for processing. To prevent unauthorized access by third parties to your personal data, especially financial data, the process is encrypted using SSL technology (TLS 1.2 or higher).

Uploaded Data

When using the SyncSpider Windows App Connector, you may upload locally stored data. The app can only access the data you actively upload, such as databases for data transfer.


Please note that unencrypted emails sent via the Internet are not adequately protected against unauthorized access by third parties.

Why We Process Your Data

Information Requests

When you contact us to obtain information, we process your data for this purpose, based on your consent (Art. 6 (1) a GDPR) and our legitimate interest (Art. 6 (1) f GDPR).

Order Processing and Service Use

If you provide your data on our website, by telephone, or via email to process an order or use our services, we process your data based on the contract necessity (Art. 6 (1) b GDPR) and legal obligations (Art. 6 (1) c GDPR).


We may process your data for marketing purposes based on our legitimate interest (Art. 6 (1) f GDPR). Marketing data is stored for up to 3 years following the last contact.

Data Recipients

Your data may be passed on in whole or in part, but only to the extent necessary and, if necessary, to the following controllers:

  • Banks (payment transactions – Austria)
  • Tax consultants (accounting – Austria)
  • Collection agencies (debt collection – Austria)
  • Law enforcement representatives (law enforcement – Austria)
  • Courts (law enforcement – Austria)
  • Administrative authorities (Austria)

In addition, your data may be transferred to the following recipients acting as processors. We have concluded a data processing agreement with all of them and have verified the appropriate technical and organizational measures (TOMs):

  • Google Inc (Server; USA; Privacy Shield)
  • SiteGround Spain S.L. (Webhost; Netherlands)
  • TransIP B.V (Server; Netherlands)
  • WHMCS (billing system; USA)
  • Intercom (communication system; USA)

In the event that additional recipients arise after the date you are initially informed by us, or if we change recipients, we will inform you of this in advance via email in order to obtain your express or implied consent to the processing of your data by the respective new recipient. The connection parameter local database is on our server and this is where we hold all the information filled in the process of the integration setup (such as usernames, passwords, API keys, tokens, and other forms of connection parameters). This information is not shared with anyone and is only used/checked during customer support or custom integrations setup.

Data Retention

Request for Information

By providing us with your data via this website, phone, or email, you expressly agree that your data will be processed by us and the aforementioned recipients for the duration of the processing of this information, including the personal data provided by you and any unsolicited and voluntarily provided special categories of personal data.

Consequently, in the event that you contact us solely to obtain information, your information will either be deleted immediately or after the appropriate period corresponding to the content of the communication has elapsed. Upon revocation of your consent, we will erase (or instruct the erasure of) all your data from all databases, including accumulated data.

Customer Account, Processing Your Order, Using Our Services

Your data will be stored in a form that permits your identification only for as long as necessary for the purpose for which it is processed. For Amazon order-specific PII, data will be retained for no longer than 30 days after order delivery unless required by law. Due to commercial and tax regulations, we are obliged to save your address, payment, and order data for a period of 7 years. In the event that you contact us to conclude a contract, your data will be deleted at the end of the 7th year after the last document (Section 132 Austria Fiscal Code – BAO) has been recorded. Therefore, in the event that you enter into a contract, all data from the contractual relationship is stored until the expiration of this period.

Your data may continue to be stored due to statutory or contractual obligations, such as warranty, compensation, or partner agreements (Art. 6 (1) c GDPR, Art. 17 (3) e GDPR).

Uploaded Data

As you upload data to use the SyncSpider Windows App Connector, this data is only saved while you want to keep it saved to use our service. After you decide to delete the data or your account, no data will be kept saved.

Marketing Data

Marketing data is stored for up to 3 years following the last contact.

Incident Response Notification

In the event of a data breach involving Amazon’s information, we will notify Amazon within 24 hours by sending an email to [email protected].

Secure Handling of Sensitive Credentials

We do not hardcode sensitive credentials in our code. Sensitive credentials are stored and managed using secure credential stores such as AWS Secrets Manager.

Logging and Monitoring

We implement logging mechanisms to detect security-related events and maintain logs securely for at least 90 days. These logs are used to monitor and review access attempts, data changes, and system errors.

Cookies and Tracking Technologies

When you access and use this website, cookies (e.g., YouTube, Google Analytics, Google Fonts, Session) are processed. Cookies are small text files stored on your local computer.

Domain-Specific Cookies

Domain-specific cookies are stored by the website visited. These include session cookies (to ensure the functionality of the website), web shop cookies (to store temporary information for the shopping cart), or Google Analytics cookies (to track site activity).

Non-Domain Cookies

Non-domain cookies may be set in the integration of iframes, such as YouTube videos or cookies for personalized advertising.

Types of Cookies Used

  • Transient Cookies: Automatically deleted when you close your browser.
  • Persistent Cookies: Deleted after a specified period, which may differ depending on the cookie.

Users can configure their browser settings to refuse cookies; however, this may limit website functionality.

Detailed Cookie Information

Here you will find detailed information on the names, purpose, and deletion dates of the cookies used: SyncSpider Cookie Settings.

Third-Party Services

Google Analytics

Our website uses Google Analytics for web analytics. Google Analytics uses cookies that allow the analysis of the use of the website, and the data collected is used to evaluate website activity and compile reports.

On this website, Google Analytics has been extended to include the code “anonymize_IP” to ensure the anonymized collection of IP addresses (so-called IP masking). Your IP address will be shortened by Google for the last three digits and pseudonymized recorded. Only in exceptional cases will the full IP address be sent to a Google server in the US, where it will be shortened and pseudonymized.

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA. Google is certified under the EU-US Privacy Shield.

You can prevent the collection of data by Google Analytics by using the browser plug-in available at:

Google Web Fonts

We use web fonts provided by Google for the uniform display of fonts. If you accept the cookies on our cookie banner, you consent to Google setting these cookies on your device. For more information, visit and Google’s privacy policy:

Facebook Connect / Pixel

We use Facebook Connect / Pixel for web tracking and to analyze website usage and user behavior. This helps optimize our website and our marketing measures on Facebook. Facebook is certified under the EU-US Privacy Shield.

For more information, visit Facebook’s data policy:


We have integrated YouTube videos stored at and playable directly from our website. If you accept the cookies on our cookie banner, you consent to Google setting these cookies on your device.

For more information, visit Google’s privacy policy:


We use technology from Intercom for web analysis and to operate a live chat system for answering live support requests. Intercom is certified under the EU-US Privacy Shield.

For more information, visit Intercom’s privacy policy:

Social Media Profiles

Facebook Page

We use a Facebook page at: For Facebook’s supplementary privacy policy, visit:

Twitter Profile

We use a Twitter profile at: For Twitter’s supplementary privacy policy, visit:

YouTube Channel

We use a YouTube channel at: For YouTube’s supplementary privacy policy, visit: