Privacy Policy

Thank you for your interest in our company. Data protection is of the utmost importance to the the management of Kelly Gesellschaft m.b.H.(“Kelly’s”). Our websites may for the main part be used without submitting personal data. 

Personal data will always be processed subject to the provisions of the EU-General Data Protection Regulation (GDPR) and in compliance with national data protection legislation. This data protection policy is designed to inform our users about the contents and purposes of the personal data that we collect and process. Furthermore, this privacy policy informs data subjects about the rights they are entitled to.

As the website operator, Kelly Gesellschaft m.b.H. has implemented an extensive number of technical and organisational measures in order to ensure that the data processed in connection with this website is reliably protected. However, there is always a possibility that data transmissions between your device and our server may experience security gaps, especially if the device you are using to communicate with our server can be accessed by third parties. If you have any concerns regarding security, you can use an alternative method, e.g. the telephone or at our headoffice, to submit your information.

1. Definitions

Kelly’s data protection policy is based on the provisions and definitions of the GDPR. Our data protection policy is designed to be easily readable and comprehensible for our visitors, clients and business partners. In order to ensure this, we would like to define the terms used beforehand:


Personal data comprises all information relating to an identifiable natural person.


A data subject is any identifiable natural person whose personal data is processed by a controller.


The controller is the company that collects the data subject's personal data and determines the purposes and means of processing.


The processor is a natural person or company involved by the controller in the processing of personal data.


The recipient is a natural or legal person, or public authority, to whom the personal data are disclosed.


A third party is a natural or legal person or public authority who processes personal data on behalf of the controller or processor.


Processing is any operation performed in connection with personal data. This ranges from the collection and storage to the restriction or erasure of personal data.


Restriction of processing means limiting the use of personal data.


Consent means any statement issued by a person to indicate that he or she agrees to the processing of personal data concerning him or her.


A person issuing a revocation revokes the right of the controller to process his or her data on the basis of consent.


Pseudonymisation separates the data from the identifiable person. This connection cannot be re-established without the use of additional, specially safeguarded information. The pseudonymisation process also corresponds to what is known as data minimisation.


Profiling is any form of automated evaluation of personal data. 

2. Name and address of the controller for this website

Kelly Gesellschaft m.b.H
Hermann-Gebauer-Straße 1
1220 Wien

Tel.: +43 570 789 330

3. Cookies

Kelly's web pages use cookies, i.e. text files that are stored in a computer's data system via an Internet browser.

Cookies contain a cookie ID, which is an unambiguous identifier. They allow Kelly’s to distinguish the data subject's browser from other Internet browsers, display content in an individualised manner and cater to the data subject's wishes and results.
The shopping basket cookie in the online shop is one example of this. The online shop uses a cookie to remember the items a customer has placed in the virtual shopping basket.

If you wish to prevent cookies from being set, you can define this in the security settings of your Internet browser, thereby permanently preventing the storage of cookies. Any cookies that are already on your computer can be deleted at any time via the Internet browser or directly from within the data system. Please be aware that deactivating cookies may result in limiting the set of functions provided by the website.

4. Collection of general data and information

Every time Kelly’s website is accessed, the website collects a variety of data and information which is then stored in the server's logfiles. The information collected in this manner includes, among other things:

1) Browser types and versions
2) Your computer's operating system
3) The website that linked you to us
4) Pages accessed on our web server
5) The date and time of your visit
6) Your IP address
7) Your Internet service provider

When using this anonymously collected information, Kelly’s will not attempt to use it to identify the data subject. This data is, however, necessary in order to deliver the content of our website correctly, optimise the display, and provide the authorities with the necessary information in the event of a hacking attack. The data is therefore processed by Kelly’s both statistically and as a technical measure to ensure data protection and information security of this processing and your data. 

5. Contact possibility via the website

The website of Kelly Gesellschaft m.b.H contains information that enables direct communication with us. If a data subject contacts the person responsible by e-mail or via a contact form, the transmitted data is automatically saved. Such data voluntarily transmitted to the person responsible is stored for processing in the interests of the person concerned or for contacting us. In a special case, the name, company, email address, telephone number and desired circulation of the special crackers are collected. This personal data is not passed on to third parties - with the exception of logistics companies as part of the delivery.

6. Routine erasure and blocking of personal data

Kelly’s shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this is granted by legal provisions.

If the storage purpose or the legal basis are no longer given, your personal data will be blocked or erased on the basis of our processes and in accordance with legal requirements.

For access-logs, kept mainly for security and quality-reasons this will be a year. As mentioned those data are not used to identify any of our website-visitors. 

7. Rights of the data subject

Comprehensive rights of the data subject apply for the processing of personal data, in accordance with the GDPR. A general list of these rights is provided below for your information:


Every data subject shall at any time have the right to obtain information about the stored personal data concerning him or her as well as a copy of this information from the controller.


Every data subject shall have the right to obtain the rectification or completion of inaccurate personal data concerning him or her from the controller without delay.


Every data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her, where one of the following grounds applies

Please contact one of our staff members  at any time - in particular by electronic means via dsgvo.koordinator(at) - to obtain erasure of your data stored by us.


Every data subject affected by the processing of personal data shall have the right to obtain from the controller restriction of processing where one of the following applies:

Please contact one of our staff members at any time - in particular by electronic means via dsgvo.koordinator(at) - to obtain restriction of processing of your data stored by us.


Every data subject shall have the right to receive the personal data that he or she has personally provided to a controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the original controller, if the processing is based on consent or on a contract and is carried out by electronic means.

Please contact one of our staff members at any time - in particular, by electronic means via dsgvo.koordinator(at) - to obtain transmission of your data stored by us.


Every data subject shall have the right to object to the processing of personal data concerning him or her based on legitimate interests. In the event of an objection, PORR AG will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Please contact one of our staff members at any time - in particular, by electronic means via dsgvo.koordinator(at) - to exercise your right to object.


As a responsible company, we refrain from automated decision-making and profiling.


Every data subject shall have the right to revoke his or her consent to the processing of his or her personal data at any time.
Please contact one of our staff members at any time - in particular by electronic means via dsgvo.koordinator(at) - to exercise your right to revoke consent.


You may also lodge a complaint directly with the supervisory authority. Our responsible authority is: 

Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Wien

8. Legal basis for the processing

The legal basis for processing personal data on our website is either our legitimate interest in acquiring you as a future customer, e.g. as a pre-contractual measure, informing you of our products and services, or to fulfil our contractual obligations towards you as the data subject, if an order has been placed that would necessitate the delivery of goods. Legal retention obligations or the obligation to provide statements to government authorities may, as a result, become a legal basis, in and of themselves.

We will obtain your revocable consent for all other processing operations, e.g. newsletters. 

9. The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders and inform existing and future customers about our processings and events.

10. Period for which the personal data will be stored

The storage of personal data is limited to the statutory retention period. After this period has expired, the corresponding data will be deleted, insofar as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

11. Legal or contractual regulations for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of not providing

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contracting party). Sometimes it may be necessary to conclude a contract that a data subject provides us with personal data that we subsequently must process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the person concerned. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee clarifies the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.

12. Automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.