DE Request a demo
Legal

Privacy policy.

The protection of your personal data is a central concern for us. In the following, we provide transparent information about which data is collected, how we use it and which rights you have.

Language: English Jurisdiction: AT & DE As of: May 2026

This English text is a convenience translation. The legally binding version is the German original available at mediaintel.co/datenschutz.

01Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is:

online360 service GmbH
Jakob-Regenhart-Gasse 16
2380 Perchtoldsdorf
Austria
Email: office@mediaintel.co

02Data collection on our website (server log files)

When you access our website, the provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer (IP address, anonymised where applicable)
  • Time of the server request

This data is not merged with other data sources. The collection takes place on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website — for this purpose the server log files must be collected.

03Web analytics (Matomo cookieless)

On this website we use the open-source tool Matomo to analyse browsing behaviour — with the protection of your data as our top priority:

No cookie tracking

Matomo is configured by us so that no tracking cookies are set in your browser (cookieless tracking). Your IP address is anonymised immediately upon collection.

The data collected by Matomo (pages visited, time spent, anonymised region of origin) is stored exclusively on our own servers in the EU and is not passed on to third parties. The processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the anonymous statistical analysis carried out to optimise our offering technically and in terms of content.

04Fonts (web fonts)

To ensure consistent display of typefaces, we use the fonts IBM Plex Sans, IBM Plex Mono and Source Serif 4. These are loaded locally from our own servers (self-hosting). This involves no connection to third-party servers — in particular not to Google Fonts — and therefore no transmission of your IP address to external providers.

05Contact & enquiry form

If you contact us by email or via the enquiry form, the data you provide (name, email address, company, telephone, message text, enquiry type) is stored by us in order to process the enquiry and for any follow-up questions. We do not pass on this data without your consent. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and lit. f GDPR (legitimate interest in responding) respectively.

Enquiries are deleted as soon as they are no longer required, at the latest upon expiry of any statutory retention obligations.

06Client access & platform

For business customers with client access, we additionally process:

  • Login and profile data (name, email, hashed password, role, client affiliation) for authentication and access control — Art. 6 para. 1 lit. b GDPR.
  • Usage logs (page views, API requests, audit trail) to ensure data isolation between clients and for abuse detection — Art. 6 para. 1 lit. f GDPR.
  • Configuration and content data (sources, topics, monitoring fields, reports) necessary for providing the contractually agreed service — Art. 6 para. 1 lit. b GDPR.

Client (tenant) isolation and role-based rights management are technically enforced. Data processing in the client context takes place on the basis of a data processing agreement (DPA) between the client and online360 service GmbH.

07Processors & third-party services

To provide our services, we use carefully selected processors based in the EU or offering appropriate safeguards pursuant to Art. 44 et seq. GDPR. A complete list of current providers and processing purposes is available on request to office@mediaintel.co.

Payment processing for paid client plans is handled via Stripe (Stripe Payments Europe, Limited, Dublin, Ireland). Stripe is PCI-DSS certified; credit card and bank details are stored exclusively at Stripe, not with us.

08Social media monitoring

As part of our media and reputation monitoring we process publicly available social media posts about the organisations, brands, public figures and topics that our business clients explicitly ask us to monitor. We process a text excerpt, an author identifier, a timestamp, a link and engagement metrics (e.g. likes, views, comments), together with features derived from these (sentiment, topics, mentioned entities).

Sources: the public interfaces of X and YouTube and — via our processor Apify Technologies s.r.o. (Prague, Czech Republic) — Instagram, Facebook and TikTok. Only publicly visible content is processed; no access restrictions are circumvented.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing a media/reputation intelligence service). A legitimate-interest assessment has been carried out; we will share its essence on request. No automated decision producing legal effects concerning you takes place (Art. 22 GDPR).

Data minimisation & pseudonymisation

Author identifiers are stored pseudonymised by default; for private individuals no clear identifiers are kept and they are suppressed from client-facing analytics. Post raw text is deleted after 30 days; derived, aggregated metrics are retained longer where necessary for the purpose.

Recipients & third countries: our processor is Apify (EU). Where data is transferred to sub-processors in third countries (e.g. the USA), this is done on the basis of the EU Standard Contractual Clauses (Art. 46 GDPR).

As we do not obtain this data from you directly but from public sources, and the data subjects are not known to us in advance, individual notification would involve disproportionate effort (Art. 14(5)(b) GDPR). You may object to the processing at any time (Art. 21 GDPR) or request erasure (Art. 17 GDPR) — see section 09. On objection or an erasure request we remove your data from monitoring without undue delay; a short message to office@mediaintel.co is sufficient.

09Your rights as a data subject

Within the scope of the applicable statutory provisions, you have the right at any time to:

  • Access (Art. 15 GDPR): to your stored personal data, its origin and recipients, and the purpose of the processing.
  • Rectification (Art. 16 GDPR): of incorrect or incomplete data.
  • Erasure (Art. 17 GDPR): of your data stored by us.
  • Restriction of processing (Art. 18 GDPR): blocking of your data, where we may not yet delete it due to statutory obligations.
  • Data portability (Art. 20 GDPR): machine-readable export of your data.
  • Objection (Art. 21 GDPR) and withdrawal (Art. 7 para. 3 GDPR): of a consent given, with effect for the future.

If you are of the opinion that the processing of your data violates data protection law, you have a right to lodge a complaint (Art. 77 GDPR) with the competent supervisory authority — in Austria: Österreichische Datenschutzbehörde (Austrian Data Protection Authority), Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at. In Germany: the respective state data protection authority.