Privacy Notice

Data Protection, Controller and Scope

We respect the privacy of our customers and other interested persons and comply with the applicable laws for the protection of your privacy. These laws include in particular the General Data Protection Regulation of the European Union ("GDPR") and the UK Data Protection Act.

This Privacy Notice covers:

• Website(s):
  
  • fonio.ai

The following categories of data subjects are covered by this Privacy Notice:

• Website visitors

The Controller for the processing of your personal data within the scope of this Privacy Notice is:

fonio GmbH

Joanelligasse 5/16

1060 Vienna

Austria

info@fonio.ai

‍

The following explains:

• the purpose for which personal data is collected and processed.
• which categories of personal data are affected by the collection and processing.
• the legal basis under which we process personal data.
• which involved third parties act as processors in the processing of personal data.
• to which third parties personal data is transferred.
• further information such as storage duration, data subject rights and other information that helps to inform about the described data processing.

Purposes for which personal data is processed: Website fonio.ai

‍

Website Hosting

Our website was created with the online service "Webflow" and is hosted there. Webflow is a product of the US company Webflow, Inc.

Webflow uses Content Delivery Network (CDN) providers such as Fastly, Amazon CloudFront or Cloudflare to deliver website content quickly and securely to website visitors.

Data collected and processed:

• Technical information such as the IP address
• Device information
• User behavior relevant for error analysis.
• Data on the website visit
• Browser information
• Log data
• Cookies

Legal basis

• Legitimate interest based on Art. 6 para. 1 lit. f GDPR
• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework

Involved Processors

• Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103, USA

Further information

• Interest based on the legal basis: Provision or use of the offered service.
• The legal basis of consent refers to the use of the CDN services.
• Further information can be found in the Webflow Global Privacy Policy.

‍

Testing the AI Telephony Assistant

We offer a function on our website to test an AI telephony assistant. After providing the necessary data, you will receive a call from our AI phone assistant. The test call is recorded for quality improvement purposes. Data transfers to third countries may also occur when using the service.

Data collected and processed:

• Identification data
• Company
• Contact details
• Information that you transmit to the AI assistant by voice

Legal basis:

• Legitimate interest based on Art. 6 para. 1 lit. f GDPR
• Data Privacy Framework
• Standard Contractual Clauses

Involved Processors

• LiveKit Inc., 4285 Payne Avenue, Suite 9154, San Jose, CA 95157, United States
• Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland
• Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, United States
• Deepgram, Inc., 548 Market St, Suite 25104, San Francisco, CA 94104-5401, United States
• OpenAI, L.L.C., 3180 18th St San Francisco, CA 94110, United States
• New Relic, Inc, 188 Spear Street, Suite 1000, San Francisco, CA 94105, United States
• PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States
• Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin, Ireland
• Hetzner Online GmbH, with registered office at Industriestr. 25, 91710 Gunzenhausen, Germany

Further information:

• Interest based on the legal basis: Provision or testing of the offered service.
• We ask you not to transmit any particularly sensitive categories of personal data when using the AI telephony assistant. These categories include, but are not limited to, the following data:
  
  • Ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Data concerning sex life or sexual orientation.
• You can avoid the collection of your data by not using the test service.

‍

Contact via Email

We publish a contact email address on our website through which you can contact us, for example, to receive more information about our services or to give us feedback.

Data collected and processed:

• Email address
• Information that you transmit to us by email

Legal basis:

• Legitimate interest based on Art. 6 para. 1 lit. f GDPR

Further information:

• Interest based on the legal basis: Asking and answering questions about products, services and other services.
• We ask you not to transmit any particularly sensitive categories of personal data when contacting us. These categories include, but are not limited to, the following data:
  
  • Ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Data concerning sex life or sexual orientation.

‍

Newsletter Dispatch

You can subscribe to our newsletter on our website so that we can regularly send you news about us and our services.

Data collected and processed:

• Identification data
• Contact details
• Data on interaction with newsletters
• Cookies

Legal basis

• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework
• Standard Contractual Clauses

Involved Processors

• MailerLite, Inc., 548 Market St, PMB 98174, San Francisco, California 94104-5401, United States

Further information

• Further information on data protection at MailerLite can be found in the MailerLite Privacy Policy and the MailerLite Data Processing Addendum.

‍

Online Appointment Scheduling

You can schedule an appointment with us on our website. For this purpose, we use the services of Cal.com. By using the appointment scheduling function, data may be transferred to third countries.

Data collected and processed:

• Identification data
• Contact details
• Company data
• Information on monthly telephone usage
• Further information that you provide to us as free text
• Technical information
• Cookies

Legal basis

• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework

Involved Processors

• Cal.com Inc., San Francisco Bay Area, West Coast, USA

Further information

• Further information can be found in the Cal.com Privacy Policy.
• We ask you not to transmit any particularly sensitive categories of personal data during the online appointment scheduling. These categories include, but are not limited to, the following data:
  
  • Ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Data concerning sex life or sexual orientation.
• You can avoid the collection of your data by not using the online appointment booking.

‍

Analysis of User Behavior

We use technologies in the form of code snippets to analyze and improve user behavior on our website, and to monitor, optimize, and acquire new customers for advertising campaigns. This may involve data transfer to third countries.

The following technologies are used:

• Google Analytics
• Google Tag Manager
• TikTok Pixel
• Meta Pixel
• LinkedIn Pixel

Data collected and processed:

• Technical information such as the IP address
• Browser data
• Data on user behavior and interactions
• Device information
• Event data
• Conversion data
• Cookies

Legal basis

• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework

Involved Processors

• TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
• Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
• Google Ireland Limited with registered office at Gordon House, Barrow Street, Dublin 4, Ireland

Further information

• Further information on TikTok and data protection can be found in the TikTok Privacy Policy.
• Further information on Meta and data protection can be found in the Facebook Privacy Policy.
• Further information on LinkedIn and data protection can be found in the LinkedIn Privacy Notice.
• Further information on data protection in connection with Google Analytics can be found on the Google Support website.
• You can find out more about data processing using Google services in the Google Privacy Policy.

‍

Display of Third-Party Content via Social Media Plug-ins and Widgets

We have integrated social media plug-ins and widgets into our site to show you content that might be interesting to you, to improve your user experience and to optimize our advertisements. This may involve data transfer to a third country.

We use Facebook plug-ins on our website. The Facebook plug-ins are marked with a Facebook logo or the addition "Facebook Social Plug-in".

We use YouTube Embeds to display YouTube videos directly on our website. When you visit a website with an embedded video, your browser automatically connects to the servers of YouTube, a subsidiary of Google. Depending on the settings, various personal data may be transferred when connecting to the Google servers. If you are logged in to YouTube at the time of the website visit, data that you have already provided directly to YouTube may also be transferred.

Data collected and processed:

• Technical information such as the IP address
• Browser information
• Data on website access
• Data on interaction with plug-ins and widgets
• Location data
• Cookies

Legal basis

• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework

Involved Processors

• Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA
• Google Ireland Limited with registered office at Gordon House, Barrow Street, Dublin 4, Ireland

Further information

• You can find more information about which plug-ins exist from Facebook and how they are used at https://developers.facebook.com/docs/plugins.
• We are not responsible for the practices and policies regarding collection, use, disclosure and data security practices of the mentioned third-party providers. We can neither freely determine the content of the transmitted data nor the type of use of such data by these third-party providers.
• If you access a page of our website that contains such a plug-in, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and integrated by it into the website.
• If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you want to prevent this, you must log out of Facebook before visiting our website.
• Further information on Facebook and data protection can be found in the Facebook Privacy Policy.
• You can find out more about data processing using Google services in the Google Privacy Policy.

‍

Google Fonts

We use the "Google Fonts" service, a free directory of fonts, to display fonts on our website.

Data collected and processed:

• Technical information such as the IP address
• Browser information
• Usage figures for fonts
• Data on website access
• Cookies

Legal basis:

• Consent of the data subject based on Art. 6 para. 1 lit. a GDPR
• Data Privacy Framework

Involved Processors:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Further information

• You can find out more about data processing using Google services in the Google Privacy Policy.

‍

Further Information

Transfer of data to the USA and the Data Privacy Framework

We point out that on July 10, 2023, the EU Commission adopted an adequacy decision on the EU-US Data Privacy Framework in accordance with Art. 45 para. 1 GDPR. Consequently, organizations or companies (as data importers) in the USA that are registered in a public list within the framework of the Data Privacy Framework self-certification offer an adequate level of protection for data transfer. This thus constitutes a valid legal basis for the use of certified US services. For all purposes mentioned in this Privacy Notice that use services from US providers with an adequate level of protection, "Data Privacy Framework" is noted in the legal basis. You can research whether a service provider is certified directly on the Data Privacy Framework website.

If a provider is not certified by the Data Privacy Framework, this will be explicitly mentioned in the respective purpose and a valid alternative legal basis will be cited.

Standard Contractual Clauses

To enable data transfer to countries without an adequacy decision, the EU Commission has drawn up contract templates (Standard Contractual Clauses). These Standard Contractual Clauses oblige contractual partners to adhere to a level of data protection comparable to that in the EU. These contract texts are made available via the European Union website. Standard Contractual Clauses are referred to in English as "Standard Contractual Clauses" and abbreviated as "SCC".

Cookies and Local Storage

This website stores personal data and information in cookies, in session storage and in local storage. The processing is carried out on the legal basis specified for the respective service.

How the web browser handles cookies and local storage, which storage processes are permitted or rejected and for how long the data is processed, can be determined in the settings of the web browser.

Storage Duration

We store your personal data only for as long as is necessary to fulfill the above-mentioned purposes or as long as contractual or statutory retention periods exist.

Data Disclosure

We only pass on your personal data to third parties if this is legally required, if it is necessary for the provision of our services, or if you have consented to the transfer. We will never sell your data to third parties without your express consent.

Data may be passed on, as far as necessary, to the following categories of recipients:

• Processors mentioned in this Privacy Policy
• Banks and payment service providers (payment processing)
• Shipping service providers (shipping of goods and invoices)
• Tax advisors (accounting and annual financial statements)
• Collection agencies (collection of debts)
• Lawyers (assertion of legal claims)

Protection of Personal Data

We protect personal data by means of appropriate technical and organizational measures that comply with current industry practices. This includes, as far as possible, in particular pseudonymization and encryption of personal data during transmission and storage.

Withdrawal of a given consent

If you have given consent to the processing of your personal data for a specific purpose on the basis of Art. 6 para. 1 lit. a GDPR, you can withdraw this consent at any time (withdrawal). The lawfulness of the processing of personal data up to the withdrawal is not affected by the withdrawal.

Mandatory Data Provision and Consequences of Non-Provision during Website Visit

The provision of personal data for visiting our website is neither legally nor contractually required. Non-provision of your personal data is possible if a visit to this website is omitted. For certain functions on our website, non-provision means that these functions cannot be used.

Data Subject Rights

Right of Access

You have the right to request information about your personal data stored by us at any time and to receive a copy of this information. Furthermore, you have the right to request confirmation as to whether personal data concerning you is being processed.

Right to Rectification

If your data is incorrect or incomplete, we will correct it upon request.

Right to Data Portability

If we process your personal data automatically with your consent or based on a corresponding agreement, you have the right to request a copy of your data in a structured, commonly used and machine-readable format that will be sent to you or another party. This only applies to the personal data that you have provided to us.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data under certain circumstances.

Right to Erasure

You have the right to have personal data processed by us erased, provided this is legally permissible.

Right to Object

You can object to the processing of your personal data, for example, by not using certain services. If you object to the processing of your personal data for certain purposes, this may lead to the affected services not being usable.

Right to Lodge a Complaint

If you believe that we are not processing your personal data correctly, you can contact us. You also have the right to lodge a complaint with a supervisory authority. Further information on the supervisory authorities in the European Union can be found here.

All rights can be exercised via the contact mentioned at the beginning of this privacy policy by email.

Changes to this Privacy Notice

We will update this Privacy Notice from time to time. All changes will be published on this page with an updated change date.

‍

Date of publication of the current version: 29.12.2025

This Privacy Notice was generated and provided by the Metasoul Privacy Generator.