Privacy Policy
Last updated: 09.07.2025
Who is responsible for data processing and whom can I contact?
Secret Nutri GmbH, based at Krugerstraße 2/7, 1010 Vienna, Austria, is the controller within the meaning of Art. 4(7) of the General Data Protection Regulation (“GDPR”) for the processing of your personal data in connection with your use of the website https://www.secretnutri.com/ (hereinafter referred to as the “Website”).
As a company, we place great importance on the protection of your data. Safeguarding our customers, their personal information, and their users is our top priority. With our extensive expertise in information security, proven practices, and innovative cybersecurity solutions, we support you in effectively protecting your business from digital threats.
Whether you’re a public authority, a private or public company, or part of a specialized industry – we are your reliable partner in tackling security-related challenges in an increasingly connected world.
Contact:
Secret Nutri GmbH
Krugerstraße 2/7
1010 Vienna, Austria
Tel.: +43 667 3350637
E-Mail: office@secretnutri.com
Website: www.secretnutri.com
The protection of your personal data is a priority for us. Therefore, your data is always handled confidentially and in accordance with the applicable data protection laws – in particular, the GDPR and the current Austrian Data Protection Act (DSG).
This privacy policy explains which data processing activities take place. The terminology used aligns with that of the GDPR. For easier understanding, we provide the key terms and their legal definitions below.
Key Definitions
Personal data: Any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be identified, directly or indirectly – e.g., by name, ID number, location data, online identifier, or characteristics revealing physical, physiological, genetic, economic, cultural, or social identity.
Processing: Any operation related to personal data – regardless of whether by automated means – including collection, storage, organization, modification, retrieval, use, transmission, deletion, or restriction.
Data subject: The individual whose personal data is being processed.
Controller: The natural or legal person, public authority, or organization that determines the purposes and means of processing personal data, alone or jointly with others.
Processor: A natural or legal person, public authority, or organization that processes personal data on behalf of the controller.
Consent (of the data subject): A freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by statement or clear affirmative action, signify agreement to the processing of personal data concerning them.
For what purposes and on what legal basis is your personal data processed?
1. Website operation
To ensure secure and stable operation of our website, we process certain personal data. This is based on our legitimate interest under Art. 6(1)(f) GDPR – particularly to provide the website technically, and to detect, prevent, and investigate potential attacks.
The following data is processed:
-
Accessed URL (page address)
-
Date and time of access
-
IP address of the accessing device (computer or mobile device)
-
Browser name and version
-
Browser type and settings (e.g., screen resolution, color depth, time zone, installed plugins, fonts used, language)
-
Operating system
-
Referrer URL (previously visited page)
This processing is necessary for the proper and functional provision of the website.
2. Contact via website, email, mail, or phone
If you contact us via contact form, email, phone, or mail, we process your personal data to handle your request.
This is done either:
-
to carry out pre-contractual measures or to fulfill a contract (Art. 6(1)(b) GDPR), or
-
based on our legitimate interest in processing your inquiry efficiently (Art. 6(1)(f) GDPR).
The following data may be processed:
-
First and last name
-
Email address
-
Phone number (if provided)
-
Content of your message
-
Any additional information you voluntarily provide
Processing your contact data (at minimum, name and email address or phone number) is required to respond to your inquiry.
Marketing Communications, Newsletters & Event Participation
Electronic marketing messages
We send electronic communications (e.g., via email, SMS, MMS, or messaging apps) to our customers to inform them about our products and services (“marketing communications”). We process the following personal data:
-
First and last name
-
Email address
-
Phone number
-
Any other voluntary information you provide in connection with receiving such messages
The legal basis for sending electronic marketing messages is § 174(4) of the Austrian Telecommunications Act (TKG) 2021.
You can unsubscribe at any time by emailing support@secretnutri.com. Each marketing message also includes information on how to unsubscribe.
Postal advertising
You may receive promotional materials by mail based on our legitimate interest under Art. 6(1)(f) GDPR in informing you about relevant products and services. We process:
-
First and last name
-
Your postal address
-
Other voluntarily provided information related to receiving postal communications
You may object to receiving postal marketing at any time by emailing office@secretnutri.com.
Information based on your consent
If you voluntarily provide your contact data for the purpose of receiving informational material, processing is based on your consent under Art. 6(1)(a) GDPR.
You may revoke your consent at any time by emailing office@secretnutri.com. This does not affect the legality of processing prior to revocation.
Legal enforcement
If legal proceedings (administrative or judicial) arise, we process the necessary personal data to assert or defend legal claims. This may include passing data to legal representatives, courts, or authorities.
This includes your contact data (name, address) and any other information relevant to the legal matter – for example, your behavior on our website.
Processing is based on our legitimate interest in legal enforcement under Art. 6(1)(f) GDPR and Art. 9(2)(f) GDPR.
Who receives your personal data?
We work with processors (Art. 28 GDPR) who perform certain services on our behalf. These service providers process your data only under our instructions and exclusively for the agreed purposes. We contractually require them to maintain confidentiality and ensure robust data protection.
As data protection levels outside the European Economic Area (EEA) may not match those within the EEA, we only transfer data to countries confirmed by the European Commission to have adequate data protection levels. Alternatively, we ensure appropriate safeguards – e.g., standard contractual clauses – are in place.
How long is your personal data stored?
Your personal data is generally stored only for as long as necessary to fulfill the purpose for which it was collected.
Secret Nutri GmbH may retain your data beyond this period if required to meet legal retention obligations (e.g., under § 132(1) BAO or §§ 190 and 212 UGB – typically 7 years) or to assert, exercise, or defend legal claims (typically up to 3 years). In the case of ongoing or foreseeable legal proceedings, data may be retained longer.
If data processing is based on your consent, Secret Nutri GmbH will retain your data until you revoke your consent. You may revoke your consent at any time by emailing office@secretnutri.com. Processing conducted before revocation remains lawful.
What rights do you have?
Under the GDPR, you have the following rights:
-
Right of access to your data (Art. 15 GDPR)
-
Right to rectification of inaccurate data (Art. 16 GDPR)
-
Right to erasure ("right to be forgotten") (Art. 17 GDPR)
-
Right to restrict processing (Art. 18 GDPR)
-
Right to object to processing (Art. 21 GDPR)
-
Right not to be subject to automated decision-making, including profiling (Art. 22 GDPR)
-
Right to data portability (Art. 20 GDPR)
You also have the right to lodge a complaint with a data protection authority (Art. 77 GDPR).
More information on your rights is available at:
https://www.dsb.gv.at/rechte-der-betroffenen
For questions regarding the processing of your personal data or to exercise your rights, please contact us as described in section 1.3 above.
The competent data protection authority is:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
More info: https://www.dsb.gv.at/
Cookie Policy and Similar Technologies
Last updated: 09.07.2025
This Cookie Policy informs you about the use of cookies on the website of
Secret Nutri GmbH, Krugerstraße 2/7, 1010 Vienna, Austria (“Secret Nutri GmbH”, “we”, “us”).
What are cookies?
Cookies are small text files placed by a web server and stored on your device via your browser. Our website primarily uses cookies to recognize you or your device, to retain your preferences during your visit or for future visits.
If you consent, we also use cookies to analyze your browsing behavior and to display behavior-based advertising.
What types of cookies are there?
Based on purpose:
-
Essential cookies: Technically necessary for the proper functioning of the website.
-
Functional cookies: Help us analyze usage of the website to improve performance and user experience.
-
Marketing cookies: Used to display personalized advertising.
Based on domain:
-
First-party cookies: Set and read exclusively by our domain.
-
Third-party cookies: Set by external domains (other providers).
Based on storage duration:
-
Session cookies:
Temporary cookies that are automatically deleted once you close your browser. These cookies enable websites to remember your actions during your visit. Without them, websites would not be able to recall previous interactions. -
Persistent cookies:
These remain on your device even after the browser is closed. They are either manually deleted or expire automatically after a set period. Persistent cookies help the website remember your preferences, such as chosen language or menu settings.
How can you reject, delete, or manage cookies?
Upon your first visit to our website, a cookie banner will appear requesting your consent for functional and marketing cookies. You can withdraw or modify your consent at any time under the menu item “Privacy / Cookie Settings.”
Most browsers also allow you to manage cookie storage or delete existing cookies. You can find instructions for popular browsers here:
-
Chrome: https://support.google.com/chrome/answer/95647?hl=de
-
Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies?tid=221101038
-
Opera: http://www.opera.com/browser/tutorials/security/privacy/
What cookies and similar technologies are used on the website?
Below is an overview of cookies and similar technologies used on our website, including their purpose, duration, type, and data categories processed:
Essential Cookies
These cookies are required for the basic functionality of the website. They are set without user consent based on our legitimate interest in providing the website’s core features.
Borlabs Cookie
| Name | Duration | Purpose | Data Categories |
|---|---|---|---|
borlabs-cookie |
60 days | Stores consent settings for service groups and individual services (selected via banner) | Consent status, timestamp, browser info, IP address, device info, resolution, language preferences, user ID |
Language Settings (via Polylang / WPML)
These cookies store the language selected by the visitor.
| Name | Duration | Purpose | Data Categories |
|---|---|---|---|
pll_language, icl_current_language |
6 months | Stores the visitor's chosen language | Language preference, session info (language chosen during current/previous session), browser settings |
Marketing and Functional Cookies
These cookies are set only with your prior consent.
YouTube Videos (Embedded for playback)
| Name | Duration | Purpose | Data Categories |
|---|---|---|---|
ENID |
13 months | Stores preferences and other info | Session IDs, preferences (e.g. language, SafeSearch, results count), consent status, security data, demographics |
YSC |
Session | Verifies requests originate from the user, not malicious sites | Browser session info |
AEC |
6 months | Prevents malicious sites from sending requests on user's behalf | Browser session info |
NID |
6 months | Stores user preferences and settings | Preferences, language, personalized content preferences |
Google reCAPTCHA (Bot/spam protection)
| Name | Duration | Purpose | Data Categories |
|---|---|---|---|
_GRECAPTCHA |
6 months | Prevents automated programs from abusing website forms | Device data, browser info, OS, resolution, tech characteristics indicating human or bot interaction |
Google Analytics (Website statistics)
| Name | Duration | Purpose | Data Categories |
|---|---|---|---|
_ga |
2 years | Assigns random user ID for session tracking | User behavior, usage data, device info, demographics, location, campaign info, transactions, interactions, flow paths |
_gid |
1 day | Tracks Click IDs, returning visits | Same as above, short-term session analytics |
_gcl_au |
3 months | Google Ads conversion tracking | Google ad session ID, randomly generated user ID |
_uetvid |
1 year | Microsoft Ads user ID tracking | Random user ID for identifying repeat visitors |
_uetsid |
1 day | Microsoft Ads session tracking | Random session ID, allows grouping multiple interactions into a single session |
_ga_* |
1 year | Tracks unique Google Analytics ID | Unique user tracking ID |
CONSENT |
1 year | Stores consent for Google Cookies | Consent status, timestamp |
Google Fonts
Our website uses the free “LATO” font from the Google Fonts library for visual consistency. However, the font is hosted locally on our server, so no connection to Google servers is made and no personal data is transmitted to third parties.
Social Media Links / Plugins
Our website contains links to social media platforms such as Facebook, Instagram, and TikTok. These are identified by their logos.
When you click such a link, you will be directed to the official Secret Nutri GmbH presence on that platform. In doing so, the following data is transmitted to the respective platform’s servers:
-
URL of the referring website
-
Date and time of access
-
Browser and OS information
-
Your IP address
If you are logged into your social media account when clicking, the platform may associate this data with your profile. To avoid this, log out of your social media accounts before clicking such links.
For the data processing practices of these platforms, refer to their respective privacy policies and legal bases (e.g., consent).
Please note: The servers of these providers may be located in the USA or other countries outside the EU, where data protection laws may not offer the same level of protection.
