NDA GmbH operates this website to offer its services under the „New Defined Archetype“ brand and to disseminate information on digital marketing in the form of white papers and document downloads. We also offer extensive career opportunities that allow us to collect information about applicants directly on the site.
We are aware of our responsibility and, even as a young company, try to act competitively in the market by constantly educating ourselves and trying to implement the regulations as well as possible. Nevertheless, we cannot control, even if we make comprehensive settings in processing, that third-party providers treat their data differently than shown on their websites and public statements. Should we be informed of such a circumstance, we will endeavor to take measures to counteract this as quickly as possible.
In the course of these purposes, personal data is collected for a specific purpose and to the required extent, including some personal data that is processed as follows:

Responsible company & Contact regarding GDPR

2700 Wiener Neustadt, Austria

CEO: Ing. Andreas Kraus, MSc.
Commercial and District Court Wiener Neustadt

Email: gdpr@nda-agency.com

  • nda-agency.com
  • shop.nda-agency.com


GDPR – What is that?

The GDPR (General Data Protection Regulation) is a new EU regulation that replaces the EU data protection directive dating from 1995. The new regulation aims to significantly improve the protection of the personal data of EU citizens and to make businesses and public authorities subject to stricter requirements regarding the collection and processing of personal data. The GDPR will be published on 25. This will enter into force on 1 May 2018. The Regulation incorporates many of the requirements of the 1995 EU Data Protection Directive with regard to data protection and security or further development. In addition, several new provisions have been added, which strengthen the rights of data subjects and provide for more severe sanctions for violations.
Whenever a data subject is about to provide personal data, data controllers (usually a company) must ensure that the data subject has given his/her prior consent. The GDPR also redefines the disclosure standards for obtaining consent. These must be expressed & voluntarily, for the specific case, in an informed and unambiguous manner”;. The persons responsible must address the data subjects in a “clear and simple”; legal language which & must be clearly distinguished from the other facts”;. Those responsible must also provide evidence that their processes are compliant with the rules and are always followed. Under the previous EU Data Protection Directive, the consent of a data subject could be inferred if his or her actions or omissions left no doubt as to his or her willingness to consent. The Directive thus allowed for the possibility of opt-out mechanisms. This will change with the GDPR, because now the person concerned must give his or her consent „in the form of a declaration or other clear affirmative act“.
Your customers must therefore not be forced to give their consent or be kept in ignorance of their consent to the processing of their personal data. In addition, your customers must know exactly what they are giving their consent for and they must be informed in advance of their right to withdraw their consent. Obtaining consent presupposes a clear sign of consent – silence, already ticked boxes or inactivity on the part of the persons concerned do not constitute consent. In the future, it is therefore important that you inform your users sufficiently during the consent process.
The Regulation also provides for two new rights for data subjects: a “right to be forgotten”/em>”, which obliges data controllers to inform recipients of requests for erasure, and a “right to data transferability”/em>”;, which allows data subjects to request a copy of their data in a standard format. These two rights make it easier for users to request the deletion of any information stored about them or the transmission of any information collected.
Data subjects have already had the right to request access to their data. The DSGVO extends these rights. In most cases you will not be able to charge a fee for a request for information unless you can prove that the costs involved are excessive. There is also a significant change in the deadline for processing an application for information. The currently applicable period of 40 days will be significantly shortened. In certain cases, undertakings may refuse to process a request for information, for example if the request is considered manifestly unfounded or unreasonable. However, in order to be able to admissibly reject an application, companies need clear guidelines and procedures, and they must be able to justify why a particular application meets the criteria laid down. (Vgl. https://www.hubspot.de/data-privacy/gdpr, 2020)

Collection, processing and use of personal data.

You can visit our site without providing any personal information. We store – even if the visit may be via newsletter links – only access data without personal reference such as e. g.- the name of your internet service provider – the page from which you are visiting us – the name of the requested file This data is evaluated exclusively for the improvement of our offer and does not allow any conclusion about your person.

When do we collect data?

We collect data exclusively for the purpose of carrying out our business purposes or to provide information with the prior consent of our website visitors. It is generally possible to use the website without disclosing personal data. If personal data is collected, it will only be collected, queried and processed to the extent necessary to provide the services.

Collection of information.

General information is automatically collected when you access our website. In principle, this information does not allow any conclusions to be drawn about the person. This data includes the device used, the web browser used, the operating system or other similar operating data.

Processing of personal data.

When using certain services on our website, data such as first and last name, address, telephone number or even the email address can be collected. This is particularly necessary for enquiries regarding our services in order to be able to establish contact through our employees. This data is protected against misuse by using all necessary organizational and technical security measures. This requires, among other things, the use of up-to-date software, the use of pseudonymisation measures or also encryption during data transfer via HTTPS (SSL certificate). Only those employees who need it have access to the data. All employees are instructed once and repeatedly in the necessities of observing the GDPR.

Revocation, amendments, corrections and updates.

The user has the right to request information free of charge about the personal data stored about him/her. In addition, the user has the right to correct incorrect data, block and delete his or her personal data, provided that this does not conflict with any legal retention obligation.

Contact details in business transactions.

In the course of the business initiation and business processing with our customers we store contact data, contract data, order data, billing data and correspondence. Legal basis: For existing customers, the processing is necessary to fulfil the contract or pre-contractual measures. In the case of potential clients, we refer to the legal basis of the legitimate interest in the business initiation. In the context of the invoicing of services, we are obliged by the Federal Fiscal Code (FFC), the Business Code (CC) and the Value Added Tax Act (VATA) to store the data for the purpose of calculating and adjusting taxes and for our accounting obligations. Without the provision of your data, we cannot meet our obligations. Deletion periods: We store the data of existing customers as long as the business relationship is maintained. After termination we will keep the contact data for a maximum of three years. All billing data will be retained in accordance with the legally required retention data (usually for 7 years) and then deleted or anonymised. Recipients: Beyond our internal authorized employees, only the billing data is passed on to our tax consultants (and thus to third parties).

Legal basis for processing.

The provider may only process the personal data of users if one of the following points applies:
The users have given their consent for one or more specific purposes. Note: In some legislations, the provider may be allowed to process personal data until the user objects to such processing („opt-out“) without having to rely on consent or any of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law;
  • the data collection is necessary for the fulfilment of a contract with the user and/or for pre-contractual measures resulting therefrom;
  • the processing is necessary for the fulfilment of a legal obligation to which the provider is subject;
  • the processing is in connection with a task that is carried out in the public interest or in the exercise of official powers that have been transferred to the provider;
  • the processing is necessary to safeguard the legitimate interests of the provider or a third party.
In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular, whether the disclosure of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

Applicants to jobs.

We sometimes receive personal data from applicants in letters of application or other documents that are sent to us in the course of an application. This may include name, address, telephone number, hobbies and interests, and qualifications related to the profession. The processing of this data serves as a pre-contractual measure and is only kept evident for a maximum of 6 months in order to be able to react to any legal claims of both parties. If the applicant or we are interested in a longer period of evidence, we will obtain consent for this measure. Personal data collected in this process is only accessible to a few administrative staff members, as well as employees of the management level.

Access data and log files (Server).

Our website is hosted by World4You, which also provides our email server. With each access to our website the provider of the service collects so-called server log files. This includes the name of the website called up, date, time and file of the call. The amount of data transferred, the browser type, the operating system and the URL of the previously visited page are also logged. The data will be processed for statistical analysis only, whereby the right is reserved to subsequently check log data in case of suspected illegal use. You can find out more about the use of the data by the provider at https://w4yfaq.world4you.com/.

Cookie Management

Tools we use


ClickCease ™ is a limited liability company incorporated under Israeli law and headquartered at 18 HaArba’a St, Tel Aviv-Yafo, Israel. If you reside or are located in the European Economic Area („EEA“), ClickCease ™ is the data controller for all personal information (as described below) collected through our website as set out in this Privacy Policy. We use ClickCease to optimize the quality of the paid traffic for our campaigns. How ClickCease uses and processes data can be found here: https://www.clickcease.com/privacy.html


By accepting our cookies, we set the “visitor action pixel”; of Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”;). This allows us to track the behavior of users after they have been directed to our site by clicking on a Facebook advertisement. This is used to evaluate the effectiveness of Facebook Ads for statistical and market research purposes. By using this pixel, we can optimize our advertising commitments. All data collected through this is anonymous for us as the operator of the website. If you accept the cookie, however, you consent to Facebook storing and processing your data. This data can then be used by Facebook for its own advertising purposes.
Conversion tracking by Facebook Ads (Facebook Pixel) is an analysis service from Facebook, Inc. that connects data from the Facebook advertising network with the actions carried out on this website. The Facebook pixel tracks conversions that can be traced back to advertisements on Facebook, Instagram and the Audience Network.
For more information please visit: https://www.facebook.com/policies/cookies/.

Google Analytics 4

First of all, it must be said at this point that it is very difficult for companies in our industry to stay up to date. We are constantly trying to educate ourselves and to do justice to the current economic situation with all its fluctuations and the like. We take the well-being of our customers and the associated obligations very seriously, which is why we endeavor to pay particular attention to proper fulfillment/implementation, especially in critical areas.
With regard to Google Analytics, we have followed various media reports and follow the currently recommended measures to make the tool compliant, see also https://piwik.pro/blog/is-google-analytics-gdpr-compliant/, https ://www.e-dialog.at/blog/webanalyse/google-analytics-datenschutzkonform-benefit/.
At this point we would like to point out that our tool makes it possible to prevent the collection of data at any time and also to change it afterwards. Otherwise, we would like to draw your attention to the information provided by Google at https://business.safety.google/gdpr/


On our website we use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits data to the Pinterest server. This data may contain your IP address, the address of the websites visited, which also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your way of using Pinterest and cookies. Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights and options for protecting your privacy can be found in Pinterest’s data protection guidelines: https://about.pinterest.com/de/privacy-policy.


Our website uses functions of the social media network LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our websites that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn buttons and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or its use by LinkedIn. You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Google Ads

We use the remarketing function of Google Inc. on our site, which serves to address visitors within the Google Inc. advertising network again by means of advertisements and thus draw attention to certain contents. If you still do not wish to use Google’s remarketing function, you can deactivate it.
Ads conversion tracking is an analysis service provided by Google Ireland Limited, which connects data from the Google Ads advertising network with the actions carried out on this website.
Processed personal data: usage data; Tracker.
Place of processing: Ireland – Privacy Policy.


Taboola, Inc., together with its affiliated companies (“Taboola”, “we” or “our”), takes the protection of your personal information seriously. This privacy policy (the „Privacy Policy“) describes how we collect, process, use and disclose the information and data that we collect through our website www.taboola.com, or any other Taboola website that incorporates this Privacy Policy (collectively, the „Sites “), our content discovery platforms, feeds, widgets, analytics tools, and other technical applications that we make available on third-party websites (collectively, the “Content Discovery Platform”), and Taboola’s News suite Content discovery tools available on mobile devices and operating systems (including the Starter line of products, collectively referred to as “Taboola News”) (collectively referred to as the “Services”). For more information please visit: https://www.taboola.com/de/policies/datenschutzerklaerung

Bing Ads

We use Bing Ads and its functions for advertising and for measuring our success within digital marketing campaigns. For more information please visit: https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putting-customers-in-control-of-their-own-data/


We use HubSpot as a CRM system to collect data from customers, partners and suppliers as “contacts”. Contacts in this sense usually contain at least one email address.

HubSpot then automatically researches public data and stores it with the contact, if appropriate.

We collect and process data in our CRM in the following cases:

  1. In case you agree to receive our newsletter, you will be informed about current topics and offers of our agency. When you register for the newsletter, your personal data such as name and email address are stored and stored in our CRM and mail system. The consent can be revoked at any time. This cancellation can be made in the newsletter itself or by informing our support team.
  2. If we determine in the course of our acquisition activities that there is interest in our service or our products, the contact is recorded in our CRM as a “lead”.
  3. As soon as a consultation has been positively concluded, we collect further data and qualify the contact as a recipient of important business messages. In this sense, the contact receives information on business conduct and beyond in a semi-automated manner.

When do we delete data from HubSpot?

  1. Upon specific request of a contact
  2. If there is no contact for a long time
  3. If it has been contractually agreed

Please checkout the following sources to get more information:


Integration of third party services and content

It can happen that within this online offer third party content, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites are integrated. This always assumes that the providers of such content (hereinafter referred to as “third party providers”;) are aware of the IP address of the users. This is because without the IP address they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver this content. However, we have no influence on this if the third-party providers have changed the IP address e.g. for statistical purposes. As far as this is known to us, we inform the users about it.

Right of appeal – contact details of the appeal body

Austrian Data Protection Authority
Wickenburggasse 8, 1080 Vienna – Austria
Phone: +43 1 52 152-0
§43 Abs 1 Z 4 DSG; Art. 13 Abs 2 lit d DSGVO