Home

About us

Projects

News

Why Austria

Contact

Book a call
Book a call

Privacy Policy

1. Introduction 

Ekometall Exploration GmbH (“Ekometall,” “we,” “our,” or “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website at ekometallgroup.com or interact with our digital communications. 

This policy applies to all visitors, subscribers, and contacts who engage with our website, email communications, or digital advertising. 

2. Responsible Party (Data Controller) 

The data controller responsible for processing your personal data is: 

Ekometall Exploration GmbH, FN 608122y 

Apollogasse 4/7 

1070 Vienna, Austria 

Email: info@ekometallgroup.com  

Telephone: +43 699 61491610 

The data controller is the entity that determines the purposes and means of processing personal data. 

3. Data We Collect 

3.1 Data You Provide Directly 

When you use our contact form, subscribe to our newsletter, or correspond with us, you may provide: 

  • Name and email address 
  • Company name and job title 
  • Phone number 
  • Message content and any information you choose to include 

3.2 Data Collected Automatically 

When you visit our website, the following data is collected automatically through cookies, tracking pixels, and similar technologies: 

  • IP address (anonymised where applicable) 
  • Browser type and version, operating system, screen resolution 
  • Pages visited, time spent on pages, click paths, and referral source 
  • Device identifiers and approximate geographic location 

3.3 Data Collected via Third-Party Tools 

We use third-party services that may collect additional data as described in Section 7 below. These include Google Analytics 4, HubSpot, Mailchimp, Google Tag Manager, Google Ads remarketing, and LinkedIn Insight Tag. 

4. Legal Basis for Processing 

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR): 

  • Consent (Art. 6(1)(a) GDPR): For analytics cookies, marketing cookies, remarketing/advertising pixels, and email newsletter subscriptions. Consent is collected via our cookie consent banner before any non-essential tracking is activated. 
  • Legitimate Interest (Art. 6(1)(f) GDPR): For essential website functionality, server log files, security monitoring, and the use of session cookies strictly necessary for website operation. 
  • Contractual Necessity (Art. 6(1)(b) GDPR): Where processing is necessary to respond to your inquiry or fulfil a pre-contractual request. 

5. Cookies and Consent Management 

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device by your browser. 

5.1 Categories of Cookies 

  • Strictly Necessary Cookies: Required for the website to function (e.g., session management, security). These do not require consent and are set based on our legitimate interest. 
  • Analytics Cookies: Used to understand how visitors interact with the website (e.g., Google Analytics 4). Set only after you provide consent. 
  • Marketing/Advertising Cookies: Used for remarketing and targeted advertising (e.g., Google Ads, LinkedIn Insight Tag). Set only after you provide consent. 
  • Functional Cookies: Used to remember your preferences and enhance your experience (e.g., HubSpot tracking). Set only after you provide consent. 

5.2 Cookie Consent Banner 

When you first visit our website, a cookie consent banner will appear allowing you to accept or reject non-essential cookies by category. You may change your preferences at any time by clicking the cookie settings link in our website footer. No non-essential cookies are placed until you provide consent.  

6. How We Use Your Data 

We use the personal data we collect for the following purposes: 

  • To operate and maintain our website 
  • To respond to inquiries submitted through our contact form 
  • To send email newsletters and investor communications (with your consent) 
  • To analyse website traffic and user behaviour to improve our content and user experience 
  • To serve relevant advertisements and measure ad performance through remarketing 
  • To maintain our customer relationship management system for investor relations purposes 
  • To comply with legal and regulatory obligations 

7. Third-Party Services and Data Processors 

We use the following third-party tools to operate our website and manage communications. Each tool may process personal data on our behalf. Where required, we have executed Data Processing Agreements (DPAs) with these providers. 

7.1 Google Analytics 4 (GA4) 

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 

Purpose: Website traffic analysis and user behaviour insights. 

Data Collected: Page views, session data, user interactions, device information, and IP address (anonymised by default in GA4). 

Legal Basis: Consent (Art. 6(1)(a) GDPR). GA4 tracking is activated only after consent is provided. 

Privacy Policy: Google Privacy Policy 

7.2 Google Tag Manager 

Provider: Google Ireland Limited 

Purpose: Container platform for managing tracking tags and marketing pixels. Google Tag Manager itself does not collect personal data but enables the deployment of tags that do. 

Legal Basis: Consent (Art. 6(1)(a) GDPR) for tags that set non-essential cookies. 

7.3 Google Ads Remarketing 

Provider: Google Ireland Limited 

Purpose: To show targeted advertisements to users who have previously visited our website, across the Google Display Network and Google Search. 

Data Collected: Cookie identifiers, browsing behaviour on our site, device and browser data. 

Legal Basis: Consent (Art. 6(1)(a) GDPR). Remarketing cookies are set only after consent. 

Opt Out: Google Ads Settings 

7.4 LinkedIn Insight Tag 

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland 

Purpose: Website analytics, ad retargeting, and conversion tracking for LinkedIn advertising campaigns. 

Data Collected: URL visited, referrer URL, IP address (truncated), device and browser characteristics, and timestamp. LinkedIn may match this data with member profiles. 

Legal Basis: Consent (Art. 6(1)(a) GDPR). The Insight Tag is activated only after consent. 

Note: Ekometall and LinkedIn act as joint controllers for the data collected through the LinkedIn Insight Tag, in accordance with LinkedIn’s Page Insights Joint Controller Addendum. 

Privacy Policy: LinkedIn Privacy Policy 

7.5 HubSpot 

Provider: HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA 

Purpose: Customer relationship management (CRM), email tracking, website analytics, forms, and lead management for investor relations. 

Data Collected: Name, email address, company, page views, email open/click data, form submissions, and cookie-based browsing behaviour. 

Legal Basis: Consent (Art. 6(1)(a) GDPR) for tracking cookies and marketing communications; Legitimate Interest (Art. 6(1)(f) GDPR) for CRM record-keeping related to investor inquiries. 

International Transfers: HubSpot processes data in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) and HubSpot’s DPA. 

Privacy Policy: HubSpot Privacy Policy 

7.6 Mailchimp 

Provider: The Rocket Science Group LLC (Intuit), 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA 

Purpose: Email newsletter distribution and subscriber management. 

Data Collected: Email address, name, subscription preferences, email open/click behaviour, IP address, and approximate location. 

Legal Basis: Consent (Art. 6(1)(a) GDPR). You subscribe to our newsletter by providing your email address and confirming via double opt-in. 

International Transfers: Mailchimp processes data in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) and Mailchimp’s DPA. 

Privacy Policy: Mailchimp Privacy Policy 

7.7 WordPress 

Provider: Self-hosted WordPress installation 

Purpose: Website content management. 

We use WordPress with the Elementor page builder. WordPress may set session cookies for website functionality. Any WordPress plugins that collect data are covered by the categories above. 

7.8 Google Fonts 

We use Google Web Fonts for consistent font rendering. To avoid data transfers to Google servers, fonts are hosted locally on our server wherever possible. If loaded externally, your browser connects to Google’s servers, which may transmit your IP address to Google. 

Legal Basis: Legitimate Interest (Art. 6(1)(f) GDPR) when self-hosted; Consent (Art. 6(1)(a) GDPR) if loaded from external Google servers. 

8. Server Log Files 

Our web hosting provider automatically collects and stores data transmitted by your browser in server log files, including: browser type and version, operating system, referrer URL, hostname of the accessing device, time of request, and IP address. 

This data is not combined with other data sources and is retained for security purposes for a maximum of 30 days. 

Legal Basis: Legitimate Interest (Art. 6(1)(f) GDPR) in ensuring website security and stability. 

9. Contact Form 

When you submit an inquiry through our contact form, we collect the data you provide (name, email address, message content). This data is stored in HubSpot CRM and used solely to respond to your inquiry. 

Retention: Contact form data is retained for up to 12 months following your inquiry unless a longer retention period is required for legal or business purposes. 

Legal Basis: Contractual Necessity (Art. 6(1)(b) GDPR) or Legitimate Interest (Art. 6(1)(f) GDPR). 

10. Email Newsletter 

You may subscribe to our email newsletter to receive company updates and investor communications. We use a double opt-in process: after submitting your email address, you will receive a confirmation email and must click the confirmation link to activate your subscription. 

Newsletter emails are distributed via Mailchimp. Each email contains an unsubscribe link. You may withdraw your consent and unsubscribe at any time. 

Legal Basis: Consent (Art. 6(1)(a) GDPR). 

11. International Data Transfers 

Some of our third-party service providers (HubSpot, Mailchimp) are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including: 

  • EU Standard Contractual Clauses (SCCs) executed with each provider 
  • Supplementary technical and organisational measures as required 
  • Assessment of the legal framework in the recipient country 

You may request a copy of the relevant safeguards by contacting us at the email address above. 

12. Data Retention 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected: 

  • Contact form inquiries: Up to 12 months
  • Newsletter subscriber data: Until you unsubscribe 
  • CRM records: For the duration of the business relationship plus any legally required retention period 
  • Analytics data: 14 months (GA4 default) 
  • Server log files: Up to 30 days 
  • Advertising/remarketing data: As set by the respective platform (Google Ads, LinkedIn) 

13. Your Rights Under the GDPR 

Under the GDPR, you have the following rights regarding your personal data: 

  • Right of Access (Art. 15): You may request a copy of the personal data we hold about you. 
  • Right to Rectification (Art. 16): You may request correction of inaccurate personal data. 
  • Right to Erasure (Art. 17): You may request deletion of your personal data where there is no legal basis for continued processing. 
  • Right to Restriction (Art. 18): You may request that processing of your data be restricted. 
  • Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format. 
  • Right to Object (Art. 21): You may object to processing based on legitimate interest at any time. Where we process data for direct marketing, you have an absolute right to object. 
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing. 

To exercise any of these rights, contact us at Servus@emexploration.at. We will respond within 30 days. 

14. Right to Lodge a Complaint 

If you believe your data protection rights have been violated, you may file a complaint with the relevant supervisory authority: 

Österreichische Datenschutzbehörde (Austrian Data Protection Authority) 

Barichgasse 40–42, 1030 Vienna, Austria 

Website: https://www.dsb.gv.at/ 

15. Opposition to Unsolicited Communications 

We expressly prohibit the use of contact data published in our legal notice for sending unsolicited promotional or advertising material. Ekometall Exploration GmbH reserves the right to take legal action in the event of unsolicited advertising communications. 

16. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any material changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.