Effective date: 13 August 2025

1. Who we are (Controller)

Controller: Alpha Lead KG
Registered office: Alser Straße 24, 1090 Wien, Austria
Company register no.: 635167
Email: [email protected]
Phone: +43 1 40900100

EU/EEA: As an Austrian company, we are subject to the GDPR and the Austrian Data Protection Act (DSG) and Telecommunications Act (TKG 2003).

2. Scope of this policy

This policy applies to our websites (including subdomains), landing pages, forms, advertising pages, and online consulting and training environments that link to it (collectively, the “Services”). It covers personal data we collect from:

- Website visitors;

- Prospects and customers at B2B organisations;

- Consulting clients and course participants;

- Newsletter subscribers and event/webinar sign-ups;

- Individuals who interact with our ads, emails, or support.

This policy does not cover third-party websites, services, or platforms we do not control. Where we link to third parties - or where third-party tools (such as embedded scheduling forms, video players, or payment processors) are used within our Services - their own privacy policies apply.

3. The data we collect

a) Data you provide to us

- Identity and contact data (name, business email, phone, job title, company)

- Account data (profile image, consulting engagement details, course enrollments - we do not store passwords. Access to our Services is provided via third-party platforms such as Skool and Bison, which manage and store authentication credentials on their own systems.)

- Communications (emails, chat, support tickets, survey responses)

- Billing data (business address, VAT number; payment details processed securely by our payment processor - we do not store full payment card information)

- Content you upload (assignments, comments, forum posts, shared materials)

b) Data we collect automatically

- Technical data (IP address, device and browser type/version, OS, approximate location at city/region level)

- Usage data (pages viewed, clicks, scroll, session duration, referring/exit pages)

- Event data in our consulting or training platforms (videos viewed, lesson completion, participation logs)

- Cookies and similar technologies - used with consent where required under Austrian TKG 2003 (see Cookie section)

c) Data from third parties

- Analytics & advertising partners (e.g., Google, Meta) for aggregated campaign performance and audience insights

- Scheduling tools (e.g., Calendly) for meeting logistics

- Payment processors (e.g., Stripe) for payment status and fraud prevention

- CRM & email providers for lead management and deliverability

We do not intentionally collect special categories of data (Art. 9 GDPR) nor information about children.

4. Purposes & legal bases for processing

We process personal data only when we have a valid legal basis under the GDPR and, where applicable, the Austrian Telecommunications Act (TKG 2003).

We use your data to provide and operate our services (for example, creating accounts, delivering consulting and training content, and managing client relationships). This is done because it is necessary for the performance of a contract under Article 6(1)(b) GDPR.

We process your data to provide customer support (for example, responding to emails, chats, and support tickets), which is necessary for contract performance under Article 6(1)(b) GDPR or based on our legitimate interest in providing quality support under Article 6(1)(f) GDPR.

For billing and accounting (for example, issuing invoices, processing payments, and complying with Austrian tax laws), we process data as required by law under Article 6(1)(c) GDPR.

We process certain data to improve our services and content (for example, using usage analytics and troubleshooting performance issues). This is based on our legitimate interest under Article 6(1)(f) GDPR or, where required for non-essential cookies and similar technologies under §96(3) TKG 2003, on your consent under Article 6(1)(a) GDPR.

When you sign up for marketing communications (for example, newsletters, webinar invitations, or offers), we process your data based on your consent under Article 6(1)(a) GDPR, or on our legitimate interest in B2B direct marketing where permitted by law, in accordance with §107 TKG 2003.

For events and webinars (for example, registering you, sending reminders, and tracking participation), we process data because it is necessary for the performance of a contract under Article 6(1)(b) GDPR or based on our legitimate interests under Article 6(1)(f) GDPR.

We also use data for security and fraud prevention (for example, detecting misuse or preventing unauthorized access), relying on our legitimate interest under Article 6(1)(f) GDPR.

We process data for legal compliance and claims (for example, fulfilling statutory requirements or defending legal claims) under Article 6(1)(c) GDPR or Article 6(1)(f) GDPR.

Where we rely on your consent, you may withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out before withdrawal.

5. Cookies & tracking technologies

We use cookies and similar technologies (such as local storage, tracking pixels, and scripts) to operate and improve our Services. Some cookies are necessary for our Services to function, while others are used for analytics, personalization, or marketing.

Types of cookies we use:

- Strictly necessary cookies – Required for the operation of our websites and platforms (e.g., enabling login, load balancing, security).

- Functional cookies – Help personalize your experience (e.g., remembering settings or preferences).

- Analytics cookies – Help us understand how visitors use our Services (e.g., measuring traffic, tracking page performance).

- Marketing cookies – Used to deliver relevant ads and measure ad performance.

Main providers and purposes:

- Google Analytics – Analytics and performance measurement (retention: up to 14 months).

- Meta (Facebook Pixel) – Conversion tracking and ad targeting (retention: up to 90 days).

- Calendly – Scheduling and appointment management (retention: up to 21 days).

- Vimeo – Video player functionality and usage statistics (retention varies).

Legal basis:

Strictly necessary cookies are processed under our legitimate interests (Art. 6(1)(f) GDPR).

6. Who we share data with

We do not sell customer lists or rent out personal data.

We only share personal data with trusted service providers and partners when it is necessary to operate our Services, fulfil our contract with you, or comply with legal obligations.

Categories of recipients:

- Hosting and infrastructure providers – for secure website and platform operation.

- Consulting and training platforms – to deliver course content and client projects (e.g., Skool).

- Analytics and performance tools – to measure usage and improve services (e.g., Google Analytics).

- Marketing and communication tools – to manage newsletters, event registrations, and campaigns.

- Scheduling platforms – to organise calls and appointments (e.g., Calendly).

- Video hosting services – to deliver course recordings and event replays (e.g., Vimeo).

- CRM and client management systems – for account and lead management.

- Professional advisors – accountants, lawyers, auditors (bound by confidentiality).

- Authorities or regulators – only if required by law or legal process.

How we protect your data when sharing:
We choose service providers who demonstrate appropriate technical and organisational measures to protect personal data.

Where providers are based outside the EEA, we use services that offer recognised safeguards under GDPR (where applicable, such as adequacy decisions or Standard Contractual Clauses).

7. Who we share data with

Some of our service providers may be located, or may process personal data, outside the European Economic Area (EEA). These countries may have data protection laws that differ from those in your country of residence.

Where practical, we aim to work with providers that implement measures intended to protect personal data in line with EU standards. However, we cannot guarantee that all processing outside the EEA will meet the same level of protection as within the EEA.

8. Data retention

We keep personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations.

Retention periods depend on the type of data and the context in which it was collected, for example:

- Client records and contracts – kept for up to 7 years after the end of the business relationship, to comply with Austrian commercial and tax law.

- Billing and transaction data – kept for 7 years in accordance with Austrian GAAP and tax requirements.

- Marketing data – kept until you withdraw consent or object to processing, after which it is securely deleted or anonymised.

- Account and platform usage data – kept for as long as you have an active account, and deleted or anonymised within 12 months of closure.

When we no longer need personal data, we delete or anonymise it securely. In some cases, we may keep anonymised data for statistical or research purposes.

9. Your rights under GDPR

As an individual in the EU/EEA, you have the following rights under the GDPR and the Austrian Data Protection Act (DSG):

- Right of access – to request confirmation of whether we process your personal data, and to receive a copy of that data.

- Right to rectification – to have inaccurate or incomplete personal data corrected.

- Right to erasure (“right to be forgotten”) – to request deletion of your personal data where there is no lawful basis for us to keep it.

- Right to restrict processing – to request we limit the processing of your personal data in certain circumstances.

- Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format and/or request we transmit it to another controller.

- Right to object – to object to processing based on our legitimate interests, including profiling, and to object to direct marketing at any time.

- Right to withdraw consent – where we process your data based on consent, you can withdraw it at any time (without affecting the lawfulness of processing before withdrawal).

- Right to lodge a complaint – with your local supervisory authority, or in Austria:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Email: [email protected]
Website: www.dsb.gv.at

We will respond to all valid requests within one month as required by GDPR. In complex cases, this period may be extended by two further months, but we will inform you if that happens.

10. How to contact us

If you have any questions about this Privacy Policy, our data practices, or your rights under the GDPR, you can contact us at:

Alpha Lead KG
Alser Straße 24
1090 Vienna, Austria
Email: [email protected]
Phone: +43 1 40900100

We will respond to all legitimate requests in accordance with the GDPR and Austrian Data Protection Act (DSG).

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or other factors. When we make material changes, we will post the updated policy on this page and revise the “Effective date” at the top.

If the changes significantly affect your rights or how we process your personal data, we will provide you with additional notice (for example, by email or through our platform) before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.