(Mon–Fri 8:00–18:00 CET – We call back)

Try it out now - For Free!
Start For Free

Supplement ./1

PRIVACY POLICY

The protection of your personal data is our highest priority. We process personal data exclusively within the framework of the statutory provisions. In the following, we inform you as transparently as possible about the most important aspects of data processing in the context of the use of the web and app software solution Wowflow (hereinafter referred to as "Wowflow"). This privacy policy applies only to the data processing operations described in . In addition, further processing of personal data may take place, about which we will inform you separately.

For ease of reading, all terms are used in the masculine form; naturally refers to all genders equally.

By downloading the app and/or using the web version at app.wowflow.com , you expressly agree to this privacy policy.

  1. Responsible for data processing :

Wowflow GmbH

FN 499060 m

Margaretenstraße 70, 1050 Vienna p/A The Base, Top 9

E-mail address: hello@wowflow.com

Telephone number: +43 660 545 25 26

  1. Data Protection Officer

A data protection officer has not been appointed.

  1. Status | Updates to this privacy policy

Wowflow GmbH reserves the right to adapt this privacy policy to changed functionalities or changed legal framework conditions as required by . We will inform you of any changes when you use the app. If your consent is required, updates will only be made on this basis.

  1. Definitions

With regard to the terms used in this privacy policy , we refer to Art. 4 GDPR. The terms used herein are understood and used in the sense of the aforementioned provision

  1. Data collection and processing

  1. Creation of a user account

If you create a user account (admin account) for Wowflow as our licensee or as an employee of our licensee, we collect the following personal data, in order to provide you with the app and to operate it in accordance with our General Terms and Conditions:

  • Name, telephone number, e-mail address, company, position in the company (hereinafter jointly referred to as "profile data")

We also collect the aforementioned profile data if you as a user register a user assigned to a admin account or are registered as a user by the owner of the admin account with your consent.

In the former case, the data comes directly from you, in the latter case it is provided to us by the owner of the admin account (this can be your employer or your contractual partner) for .

The legal basis for data processing is the fulfillment of a contract (Art 6 para 1 lit b GDPR) or our legitimate interest (Art 6 para 1 lit f GDPR) in the provision of Wowflow in accordance with our General Terms and Conditions.

  1. Test function "free of charge"

At https://stagewp.wowflow.com/en/start/ ; https://app.wowflow.com/signup/ a free unrestricted trial access to Wowflow can be created for a specific trial period. During registration, the data specified in section 5.1. is collected and processed. When the app is used, the data specified in points 5.3. to 5.12. will be collected depending on the scope of use. data will be processed. If the free trial access is not transferred to a paid user account , all data will be deleted at the end of the trial period in deviation from point 8.

  1. Use of the Wowflow app

When you use our app, our web servers save every access in a log file. The following data is recorded and stored until it is automatically deleted (collectively referred to as "usage data" at ):

  • Characteristics of the app (app version, app ID),
  • Characteristics of the end device (brand, model, system version, battery and charging status).
  • IP address of the requesting end device
  • Successful registration in the app
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Recognition data of the browser and operating system used
  • Data required for the app service (create and edit a notification):
  • Profile data
  • Access rights of the user
  • Server message ID
  • Workspace, ID and description
  • specified address
  • Title
  • Category
  • Description
  • Pictures
  • Status
  • Priority
  • Created by (person)
  • Created on (date); at (time)
  • Last edited by (person)
  • Last modified on (date); at (time)
  • Assigned to (person)
  • Message completed on; at (time)
  • Notification completed by (person)
  • Evaluation of the message
  • Evaluation submitted on (date); at (time)
  • Notes and comments in the message

All usage data originates directly from you or your end device. The legal basis for data processing is the fulfillment of a contract (Art 6 para 1 lit b GDPR) or our legitimate interest (Art 6 para 1 lit f GDPR) in the provision of Wowflow in accordance with our General Terms and Conditions.

  1. Error message in the app

Only in the event of an error message will the app process the following additional data from the end device of the user concerned (hereinafter jointly referred to as "error data" at ):

  • System architecture of the end device
  • Battery status
  • Boot time
  • Boot Time
  • Manufacturer
  • Charging Yes/No
  • Connection type
  • Serial name of the end device
  • Free storage space
  • Device ID
  • Language used
  • Manufacturer
  • Storage capacity
  • Model
  • Model ID
  • Name or type designation of the end device
  • Screen orientation
  • Resolution
  • Screen DPI
  • Screen resolution
  • Time zone
  • Battery temperature
  • Kernel version
  • Name and version of the operating system
  • Rooted yes/no

All error data originates directly from you or your end device. The legal basis for data processing is the fulfillment of a contract (Art 6 para 1 lit b GDPR) or our legitimate interest (Art 6 para 1 lit f GDPR) in the provision of a functional app.

  1. Equipment management function

The following data is processed as part of equipment management:

  • Issue from (person) to (person)
  • Issued on (date); at (time)
  • Reservation by (person) for (date, time)
  • Return from (person) to (person)
  • Return on (date); at (time)
  • Due on (date); at (time)

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the equipment management function.

  1. Function Equipment output to external users

Wowflow offers its licensees/users the option of reserving equipment for external users or issuing equipment to them by entering an e-mail address at . In this case the external user will be notified via the e-mail entered by the licensee. If equipment is reserved/issued for/to you as an external user, your e-mail address will first be processed for sending the notification. You have the option of unsubscribing from the respective equipment issue by clicking on the "unsubscribe" button at the end of the notification. In this case, no further data processing will be carried out by Wowflow.

In the course of the physical handover of the equipment via the Wowflow app by a Wowflow licensee, the following data may be processed:

  • E-mail address
  • Time of handover
  • optional name
  • Optional signature
  • optionally uploaded media (see point 5.12.)

If equipment is issued to you as an external user, you can request an extension of the return period for the equipment via a link in the email sent by Wowflow. In this case, only the following data will be processed with your e-mail address in deviation from point 5.3:

  • E-mail address
  • First name, last name
  • Equipment
  • Entered text
  • Requested new return date
  • IP address of the requesting end device
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Recognition data of the browser and operating system used

Please also refer to point 10 of this privacy policy.

All data originates directly from you or your end device. The legal basis for data processing is the fulfillment of a contract (Art 6 para 1 lit b GDPR) or our legitimate interest (Art 6 para 1 lit f GDPR) in providing the function "Equipment output to external users".

  1. Asset management function

The following data is processed as part of asset management:

  • Creation of the system by (person)
  • Changes to the system information by (person)
  • Change in the status of the system by (person)
  • Archiving/activating the system by (person)
  • Adding/deleting media by (person)
  • Adding/deleting documents by (person)
  • Notification/email about frequency of messages sent to (person)
  • Notification/email about open messages in a specified period sent to (person)
  • Notification/email about imminent expiry of the warranty sent to (person)
  • Task for checking the system created for (person)

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the asset management function.

  1. QR Scan Log function

The QR Scan Log function enables location verification.

When a QR code is scanned, the following data is also processed for the "QR Scan Log" :

  • Scanned by (person)
  • Scanned on (date); at (time)
  • Location of the device at the time of scanning. The location data stored in the QR code enables the location of the attachment point to be determined by scanning the code at the time of scanning. An exact location is not determined. No further location data is processed after the scanning process has been completed.

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the QR Scan Log function.

  1. GPS function required for work

For the "GPS required for work" function, the cell phone's GPS must be activated and the location of the cell phone must match the location stored in the workspace in order to be able to start work. The following data is processed, if the function is activated in the app:

  • Location at work: The location of the cell phone is queried at when work is started. The location data is processed with an accuracy of 500 meters , i.e. it is only possible to determine whether the cell phone is located within a radius of 500 meters measured from the location stored in the workspace. A more precise location determination does not take place.
  • When the QR code is scanned as part of this function, the current location data at the time of the scan is queried and displayed in the QR scan log. The location data is processed with an accuracy of 500 meters, i.e. can only be used to determine whether the cell phone is within a radius of 500 meters measured from the location stored at workspace. A more precise location determination is not possible.

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the function "GPS required for work".

  1. QR time log function

The "QR Time Log" function can be used to process log-in and log-out data for a specific location at as well as the time spent on site. This data is only processed if the corresponding function is activated in the app settings.

When scanning a QR code with the "QR Time Log" function, also processes the following data if the function is activated in the app:

  • Registration, scanned by (person)
  • Registration, scanned on (date); at (time)
  • Location of the device at the time of scanning. The location data of the attachment location stored in the QR code enables the location of the scanning device at the time of scanning to be determined by scanning the code .
  • Deregistration, scanned by (person)
  • Logout, scanned on (date); at (time)
  • Location of the device at the time of scanning. The location data stored in the QR code enables the location of the attachment point to be determined by scanning the code at the time of scanning. An exact location is not determined. No further location data is processed after the scanning process has been completed.
  • Attendance period: this date is calculated from the period between registration and deregistration; a separate location determination during the attendance period does not take place.

The licensee is responsible for deciding which types of personal data are used as part of the " QR Time Scan" and "GPS required for work" functions. Accordingly, the licensee is also responsible for safeguarding the rights of data subjects . Should third parties, in particular employees of the licensee, assert claims against Wowflow due to the data processing , the licensee shall fully indemnify and hold Wowflow harmless in this context .

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the "QR time log" function.

  1. Create message via QR scan

This function allows you to create a message by scanning a QR code without an active user account. A QR code is always linked to either a work area, a system or a piece of equipment.

When scanning a QR code with the "Create message" function, only the following data is processed in deviation from point 5.3:

  • IP address of the requesting end device
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Recognition data of the browser and operating system used
  • Work area or plant or equipment (depending on which QR code was scanned) 
  • Date of creation of the notification
  • Priority
  • Description of the message
  • Any uploaded photos or documents (if is applicable)
  • optional: e-mail address
  • optional: telephone number
  • optional: Name

All data originates directly from you or your end device. The legal basis for data processing is the fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing the function "Create/edit message via QR code". If you provide your email address, telephone number and/or your name, the lawfulness of the data processing is based on your consent (Art. 6 para. 1 lit. a GDPR).

  1. Upload data

Wowflow enables the upload/saving of documents and media files (such as .pdf, .jpg or similar), which may contain personal data, but over whose content we have no influence . The uploader or the owner of an admin account to which a specific uploader is assigned decides on the content of the data, the granting of access to this data and the enabling of processing of this data by other users. In this regard, we refer to point 9. this privacy policy.

  1. Permissions required by the app and their use

The app requires the following authorizations:

  • Access to cell phone camera: to be able to take photos via the app
  • Access to gallery: to be able to save photos taken on the end device
  • Notifications (push notifications): to receive push notifications from ;
  • GPS, if this function is activated in the settings: to the settings described in points 5.9. and 5.10. to be able to use the functions mentioned above, which require mandatory geolocalization .

  1. External contractors/external observers

Wowflow offers its licensees/users the option of adding external users to notifications as contractors or observers by entering the user's email address and defining corresponding roles at . In this case, the external user is notified via the e-mail address entered by the licensee . If you have been added as an external contractor/observer to notifications , your e-mail address will first be processed for sending the notification. You have the option of unsubscribing from the respective notification by clicking on the "unsubscribe" button at the end of the notification. In this case, no further data processing will be carried out by Wowflow.

If you are added to notifications as an external contractor/observer, you can reply directly to the notification in question or open the public view of the notification in Wowflow and comment on the notification. In both cases, your reply/your comment will be saved in Wowflow together with your e-mail address. In deviation from point 5.3, only the following data will be processed in these cases:

  • IP address of the requesting end device
  • Date and time of access
  • Name and URL of the retrieved data
  • Amount of data transferred
  • Message as to whether the retrieval was successful
  • Recognition data of the browser and operating system used
  • Data that is saved when the public message is processed:
  • E-mail address
  • First name, last name
  • Documents uploaded by the external party Images
  • Status updated by the external party
  • Last edited by (person)
  • Last modified on (date); at (time)
  • Notes and comments added by the external party in the message

Please also refer to point 10 of this privacy policy.

All data originates directly from you or your end device. The legal basis for data processing is the performance of a contract (Article 6(1)(b) GDPR) or our legitimate interest (Article 6(1)(f) GDPR) in providing the "external contractor/external observer" function.

  1. Storage duration

All data will be stored for a period of three years after termination of the contract and then deleted. If you are assigned to an admin account as a user, the data will only be deleted three years after termination of the contract with the licensee . This is necessary because Wowflow is also used for documentation purposes and this purpose only ceases to apply upon termination of our contract with the licensee.

  1. Our processors

The personal data collected as part of the use of the app is processed on behalf of by Wowflow GmbH by the following processors for the purposes stated in each case:

  1. Amazon Web Services EMEA SARL with server location in Frankfurt, Germany as cloud infrastructure operator where the data is stored;
  2. Mailgun Technologies Inc. with server location in Dublin, Ireland for sending and receiving emails from the app;
  3. Google Ireland Limited, based in Dublin, Ireland, for the translation of content, for the display of maps and for the further development and analysis of the app (usage);
  4. Functional Software Inc. with server location in the EU, for performance and error monitoring of the app.

The aforementioned processors are authorized to use subcontractors to provide the service.

Wowflow GmbH remains responsible for the protection of your data in all cases. The processors work exclusively in accordance with our instructions, which is ensured by strict contractual regulations, by technical and organizational measures and by supplementary controls.

  1. Wowflow as a processor

Wowflow is a collaborative software solution. Accordingly, other users have access to your personal data stored in the app, as Wowflow would otherwise not be able to fulfill its functions.

With regard to the above-mentioned data, Wowflow GmbH acts on the one hand as controller and on the other hand as processor of the licensee concerned. If you yourself are a licensee of Wowflow, we process the data specified in point 5. We process the aforementioned data on your behalf in accordance with the provisions of the license agreement concluded between us and you and the order processing agreement , so that you are responsible for data processing within the meaning of the GDPR. As controller, you can decide for yourself which other users have access to your personal data processed in Wowflow.

If you have been registered as a user by the owner of an admin account with your consent as a user (for example, if you are an employee of the licensee and use Wowflow professionally or are added by the licensee as a user of a collaborating business partner), Wowflow GmbH acts as a processor of the relevant licensee and processes the data specified in point 5. in accordance with the license agreement concluded between us and the relevant licensee and the processor agreement on behalf of the licensee. In this case, the licensee for is the data controller within the meaning of the GDPR. In these cases, the relevant licensee/controller may grant appropriate access to the data, define roles and enable/execute data processing. In this case, Wowflow GmbH has no influence on which accesses are granted, roles are defined or data processing is enabled/carried out. Only the owner of the relevant admin account can decide which other users have access to your personal data processed in Wowflow . In such cases, please contact the owner of the admin account that registered you as a user directly for more information .

  1. Data security

Wowflow GmbH and its processors take appropriate technical and organizational measures to protect your personal data against accidental loss, destruction, misuse, damage and unauthorized and unlawful access to .

  1. Rights of data subjects

If your personal data is processed, you have the following rights vis-à-vis the data controller:

  1. Right to information

You have the right to information about the personal data processed by Wowflow GmbH .

  1. Right to rectification

You also have the right to request the rectification of inaccurate personal data concerning you and to have incomplete personal data completed at .

  1. Right to erasure

You are entitled to request the erasure of personal data concerning you . We will delete your personal data if

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • a consent required for the processing is revoked;
  • the personal data have been unlawfully processed ;
  • the deletion of personal data is necessary to fulfill a legal obligation

Data that Wowflow GmbH requires for the assertion, exercise or defense of legal claims and data that Wowflow GmbH must retain due to mandatory provisions are exempt from erasure.

  1. Right of withdrawal

You can revoke any consent you may have given to the collection and storage of your personal data at any time, in whole or in part, with effect for the future. In the event of your revocation, certain services may no longer be provided or may only be provided to a limited extent .

  1. Further rights of data subjects

You may also have the right to restrict the processing of your data and the right to receive the personal data you have provided in a structured, commonly used and machine-readable format.

  1. Assertion of rights

Declarations or requests under this point of the privacy policy should be sent to in writing to the address given in point 1. named responsible person. To protect your security and privacy , we reserve the right to verify your identity before responding to the content of your request or taking any of the above measures .

  1. Right of appeal

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way , you have the right to lodge a complaint with the data protection authority at .

  1. Language Disclaimer

This document is a translation of the original German version. It is provided for convenience only. In the event of any discrepancies, inconsistencies, or interpretation differences between this translation and the German version, the German version shall prevail and be legally binding.

Complaints should be addressed to:

Austrian Data Protection Authority

Barichgasse 40-42

1030 Vienna

Phone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

Status: April 2025