Legal
Privacy Policy
Information on how Blackvolt Energy GmbH processes personal data under the GDPR and the Austrian Data Protection Act.
This is a non-binding English translation of the legally required Austrian privacy policy (Datenschutzerklärung), provided for the convenience of international visitors.
The German version at German version (Datenschutz) remains the legally binding text under the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
Information on the processing of your personal data on this website.
Last Updated
17 September 2025
Who We Are
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection provisions is:
Blackvolt Energy GmbH
Stadtplatz 35/4
4400 Steyr
Austria
Phone: +43 650 5577102
Email: office@blackvolt.at
Website: www.blackvolt.at
Contacting the Data Protection Officer
The data protection officer of the controller is:
DataCo GmbH
Sandstr. 33
80335 Munich
Germany
Phone: +49 89 7400 45840
Website: www.dataguard.de
General Information
This page informs you about the processing of your personal data on this website.
How we collect and use your personal data depends on how you interact with us or which services you use. We collect, use, or share your personal data only where we have a legitimate purpose and a legal basis for doing so.
What Do We Mean by Legal Basis?
Consent (Art. 6(1)(a) GDPR) — You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. Further information on how to withdraw your consent can be found in the "Exercising Your Rights" subsections in the following sections of this privacy policy.
Contract (Art. 6(1)(b) GDPR) — We need to use your data to perform a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so, or you have taken certain steps yourself before entering into this contract.
Legal Obligation (Art. 6(1)(c) GDPR) — We need to use your data in order to comply with the law.
Vital Interests (Art. 6(1)(d) GDPR) — Processing your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm.
Public Task (Art. 6(1)(e) GDPR) — Processing your data is necessary for the performance of a task carried out in the public interest, or because it is covered by a task laid down by law, e.g. for a statutory function.
Legitimate Interests (Art. 6(1)(f) GDPR) — Processing your data is necessary to support a legitimate interest we or another party have, only where your own interests do not override it.
Please note that we may not be able to provide you with our website services if your data is processed for the performance of a contract or a legal obligation and you do not provide the requested data.
Data Sharing and International Transfers
As explained in this privacy policy, we use various service providers who help us deliver our services and secure your data. When we engage these service providers, it is necessary for us to share your personal data with them.
With all service providers to whom we transfer your data, we have entered into agreements that oblige them to protect your data.
Where your personal data is transferred outside the EU, we ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an "adequate" level of data protection as recognised by the European Commission, or by applying another safeguard, such as an enhanced contractual arrangement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission.
For example, when we use US service providers, we rely either on the SCCs or on the EU–US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address indicated in this privacy policy.
Your Rights
If your personal data is being processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:
1. Right of Access (Art. 15 GDPR)
You have the right to obtain from us confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right of access to that data and to the following information:
- The purposes of processing
- The categories of personal data
- The recipients or categories of recipients
- The envisaged retention period or the criteria used to determine that period
- The existence of the rights to rectification, erasure, restriction, or objection
- The right to lodge a complaint with the competent supervisory authority
- Where applicable, the source of the data (if not collected from you)
- Where applicable, the existence of automated decision-making, including profiling, together with meaningful information about the logic involved, as well as the significance and the envisaged consequences
- Where applicable, the transfer of personal data to a third country or international organisation
2. Right to Rectification (Art. 16 GDPR)
If your personal data is inaccurate or incomplete, you have the right to request the prompt correction or completion of your personal data.
3. Right to Restriction of Processing (Art. 18 GDPR)
Where one of the following conditions applies, you have the right to request the restriction of the processing of your personal data:
- You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
- In the case of unlawful processing, you oppose the erasure of the personal data and instead request the restriction of its use.
- We no longer need your personal data for the purposes of the processing, but you require the personal data for the establishment, exercise, or defence of legal claims, or
- after you have objected to the processing, pending verification of whether our legitimate grounds override yours.
4. Right to Erasure ("Right to Be Forgotten") (Art. 17 GDPR)
Where one of the following grounds applies, you have the right to request the prompt erasure of your personal data:
- Your data is no longer necessary for the purposes for which it was originally collected.
- You withdraw your consent and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21(2) GDPR.
- Your personal data has been unlawfully processed.
- Erasure is required to comply with a legal obligation under Union law or the law of the Member State to which we are subject.
- The personal data has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
Please note that the above grounds do not apply where processing is necessary:
- for exercising the right to freedom of expression and information;
- for compliance with a legal obligation or for the performance of a task carried out in the public interest to which we are subject;
- on grounds of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
- for the establishment, exercise, or defence of legal claims.
5. Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
6. Right to Object to Certain Processing (Art. 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Where personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
7. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
The competent supervisory authority for Blackvolt Energy GmbH is the Austrian Data Protection Authority (Datenschutzbehörde, DSB):
Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Vienna, Austria
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at
Contact Form
1. Description and Scope of Data Processing
Our website provides a contact form through which you can contact us electronically. Technical transmission is handled by the data processor Formspree, Inc., 1207 Delaware Ave #727, Wilmington, DE 19806, USA ("Formspree"), which receives the data on our behalf and forwards it to us. Further information on data protection at Formspree: https://formspree.io/legal/privacy-policy
At the time of submission, the data you have entered is processed. The following categories may be collected:
- First name
- Last name
- Email address
- Content of the message
- Technical metadata transmitted during the submission (e.g. timestamp), to the extent logged by the form service
2. Purpose of Data Processing
The processing of personal data from the input mask of the contact form or via the email address provided serves solely to handle your enquiry.
The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
3. Legal Basis for Data Processing
The legal basis for the processing of data transmitted via the contact form is Art. 6(1)(f) GDPR. Our legitimate interest lies in handling your enquiry. If the contact is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR.
4. Retention Period
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the input mask of the contact form and any data sent by email, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The personal data additionally collected during the submission process is deleted no later than after a period of seven days.
5. Exercising Your Rights
If you contact us via the input mask in the contact form, you can object to the storage of your personal data at any time, as follows:
If you have given consent to the processing of your data, you can withdraw it at any time. Such withdrawal affects the permissibility of the processing of your personal data after you have communicated it to us. You can inform us of your objection using the following contact details: Blackvolt Energy GmbH, Stadtplatz 35/4, 4400 Steyr, office@blackvolt.at, see also the Imprint at https://www.blackvolt.at/en/legal-notice.
All personal data stored in the course of contacting us will be deleted in this case.
6. Transfer to Third Countries
Formspree, Inc. is based in the United States. The transfer of your personal data to the USA is safeguarded by Standard Contractual Clauses (SCCs) adopted by the European Commission and, where applicable, by the EU–US Data Privacy Framework.
Use of Company Profiles on Professional Networks
1. Scope of Data Processing
The company profile is used for applications, information/PR, and active sourcing. We have no information regarding the processing of your personal data by the companies jointly responsible for the company profile. For further information, please refer to the privacy policy of:
On our page, we provide information and offer users the opportunity to communicate. The company profile is used for applications, information/PR, and active sourcing.
We have no information regarding the processing of your personal data by the companies jointly responsible for the company profile. For further information, please refer to the privacy policy of:
LinkedIn: https://www.linkedin.com/legal/privacy-policy
If you perform an action on our company profile (e.g. comments, posts, likes, etc.), you may thereby make personal data public (e.g. real name or photo of your user profile).
2. Legal Basis for Data Processing
The legal basis for the processing of personal data for the purpose of communicating with customers and prospective customers is Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your enquiry in the best possible way or in providing the information requested.
If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.
3. Purpose of Data Processing
Our company profile serves to inform users about our services. Each user is free to publish personal data through their own activities.
4. Retention Period
The data generated through the company profile is not stored in our own systems.
5. Exercising Your Rights
You can object at any time to the processing of your personal data that we collect in the context of your use of our company profile, and you can exercise your rights as a data subject as set out in the "Your Rights" section of this privacy policy. Please send us an informal email to the email address indicated in this privacy policy.
Further information on exercising your rights can be found here:
Hosting
The website is delivered via Firebase Hosting — a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), or in accordance with the provider's information by Google. Further information: https://firebase.google.com/support/privacy
Content is delivered via Google's infrastructure. In this process, technical access data (e.g. in server log files) may be processed in particular, to the extent necessary for the secure and stable operation of the website.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a secure, performant, and error-free website).
Where content is delivered through Google's global infrastructure, personal data may also be transferred to third countries outside the EU, including the United States. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) and, where applicable, by the EU–US Data Privacy Framework.
Plausible Analytics
1. Scope of the Processing of Personal Data
We use Plausible Analytics, a privacy-friendly web analytics tool provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible Analytics is used to analyse and understand the use of our website without using cookies or storing personal data in the conventional sense (e.g. full IP addresses). The data collected is processed exclusively in anonymised form.
2. Purpose of Data Processing
The processing serves to analyse and statistically evaluate the use of our website. This allows us to optimise our content and the usability of our website.
3. Legal Basis for the Processing of Personal Data
The processing of personal data by Plausible Analytics is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR. This legitimate interest lies in the optimisation of our website on the basis of anonymised usage statistics.
4. Retention Period
The data collected by Plausible Analytics is stored exclusively in anonymised form. Personal data within the meaning of the GDPR is not collected. Individual storage or traceability of individual visitors does not take place.
5. Exercising Your Rights
The Plausible configuration used aims at the most data-minimal evaluation possible (without conventional, identifying cookies). You can control the execution of scripts in your browser (e.g. via script blockers). Further information can be found in the privacy policy of Plausible: https://plausible.io/privacy
Notice
This privacy policy was created with the support of DataGuard.