Privacy Policy
Last updated: July 2026
The protection of your personal data is important to us. This Privacy Policy explains how we collect, process, store, and protect personal data when you visit our website, contact us, submit a service request, or subscribe to our newsletter.
Personal data means any information relating to an identified or identifiable natural person.
1. Controller
The controller responsible for processing personal data through this website is:
CASA SI Marketing u. VertriebsgmbH
Obkirchergasse 36
A-1190 Vienna
Austria
Telephone: +43 1 440 28 62
Fax: +43 1 440 28 62-17
Email: office@casasi.com
Questions regarding the processing of your personal data may be sent to office@casasi.com.
2. Visiting Our Website
When you visit our website, certain technical information is processed automatically to display the website correctly, ensure its security, and protect it against misuse.
This information may include:
IP address
Date and time of access
Browser type and browser version
Operating system and device information
Referring website
Pages visited
Technical error and security information
The legal basis for processing this information is our legitimate interest in operating a secure, functional, and user-friendly website in accordance with Article 6(1)(f) GDPR.
Technical information is stored only for as long as necessary for the operation and security of the website, unless longer storage is required by law or necessary to investigate a security incident.
3. Squarespace Website Platform and Hosting
Our website is created and hosted using Squarespace.
For users in the European Economic Area, the relevant Squarespace service provider is:
Squarespace Ireland Limited
Squarespace House
Ship Street Great
Dublin 8, D08 N12C
Ireland
Squarespace processes technical website and visitor information on our behalf to host, deliver, secure, maintain, and improve the website.
This information may include:
Browser, network, and device information
IP address
Pages visited before accessing our website
Pages viewed on our website
Clicks and internal links
Search activity
Scrolling activity
Date and time of access
The legal basis is Article 6(1)(f) GDPR, based on our legitimate interest in securely and reliably operating our website.
Where Squarespace uses non-essential analytics or performance cookies, processing is based on your consent under Article 6(1)(a) GDPR.
Squarespace may process personal data outside the European Economic Area. Where required, such transfers are protected by suitable safeguards in accordance with applicable data-protection law.
4. Squarespace Analytics
We use Squarespace Analytics to understand how visitors use our website and to improve its content, performance, and usability.
Squarespace Analytics may process information such as:
IP address
Browser and device information
Approximate geographical location
Referring website
Pages viewed
Number and duration of visits
Clicks and internal links
Website searches
Date and time of visits
Squarespace Analytics may use cookies and similar technologies to distinguish visitors and analyse website usage.
Non-essential analytics and performance cookies are activated only after you have provided consent through our cookie banner.
The legal basis for this processing is your consent under Article 6(1)(a) GDPR.
You can reject analytics cookies or withdraw your consent at any time using the cookie settings available on our website. Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.
5. Cookies and Similar Technologies
Our website uses cookies and similar technologies.
Cookies are small text files stored on your device when you visit a website.
Necessary cookies
Necessary cookies are required for the secure and proper operation of the website. They may be used for:
Website security
Network management
Saving your cookie preferences
Providing website and form functions
Preventing misuse
Maintaining the technical operation of the website
Necessary cookies may be used without consent where they are technically required for providing the website.
Analytics and performance cookies.
Analytics and performance cookies help us understand how visitors interact with our website.
These cookies are used only after you provide consent through our cookie banner. The legal basis is Article 6(1)(a) GDPR.
You can accept, reject, or manage non-essential cookies through the cookie banner. You may withdraw your consent at any time by reopening the cookie settings.
You may also restrict or delete cookies through your browser settings. Please note that restricting necessary cookies may affect the functionality of the website.
6. Contact and Customer-Service Forms
Our website includes contact and customer-service forms through which you may contact us, request information, or submit a complaint or service request.
Depending on the form, we may collect:
First name and last name
Email address
Telephone number, where requested
Country
Subject of the inquiry
Message and other information you provide
Product or purchase information
Complaint or warranty information
Files or photographs voluntarily uploaded
Date and time of submission
We process this information to review and respond to your inquiry, provide customer service, process complaints, and communicate with you.
The legal basis may be:
Article 6(1)(b) GDPR, where processing is necessary to take steps at your request or perform a contract
Article 6(1)(c) GDPR, where processing is necessary to comply with a legal obligation
Article 6(1)(f) GDPR, based on our legitimate interest in responding to inquiries and providing customer support
The forms are provided through Squarespace.
After you submit a form, the information is forwarded to and stored in the relevant CASA SI email mailbox. Squarespace processes the information as our website service provider while transmitting the form submission.
We retain form submissions and related email correspondence for as long as necessary to process the inquiry.
Information may be retained for a longer period where necessary to comply with legal obligations, manage warranty or product-liability matters, or establish, exercise, or defend legal claims.
Please do not submit sensitive personal data through our forms unless it is strictly necessary for processing your request.
7. Contact by Email or Telephone
When you contact us by email or telephone, we process the information you provide, including your contact details and the content of your inquiry.
We use this information to process and respond to your request and, where relevant, to manage an existing or potential business relationship.
Processing is based on Article 6(1)(b) GDPR where your inquiry relates to a contract or potential contract.
For general inquiries, processing is based on our legitimate interest in responding to communications under Article 6(1)(f) GDPR.
Correspondence is retained for as long as necessary to process your request and thereafter only for applicable legal retention periods or where necessary for the establishment, exercise, or defence of legal claims.
8. Newsletter and Squarespace Email Campaigns
You may subscribe to our newsletter through the newsletter form on our website.
When you subscribe, we process your email address and may also process:
Date and time of registration
IP address
Information documenting your consent
Newsletter delivery information
Links clicked in a newsletter
Subscription and unsubscription activity
Newsletter addresses are stored and managed using Squarespace Email Campaigns.
We use this information to send you news, product information, company updates, event announcements, and other marketing communications from CASA SI.
The legal basis is your consent under Article 6(1)(a) GDPR.
Squarespace processes subscriber information on our behalf to manage subscriptions, send newsletters, and provide campaign statistics.
You may withdraw your consent and unsubscribe at any time by:
Clicking the unsubscribe link contained in a newsletter, or
Contacting us at office@casasi.com
After unsubscribing, your email address will no longer be used to send newsletters.
We may retain limited information on a suppression list where necessary to ensure that no further marketing emails are sent to you.
Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
9. Website Font – League Spartan
Our website uses the typeface League Spartan, which is available through Google Fonts and is selected through the Squarespace website-design system.
The font is used to ensure the consistent and correct presentation of our website and corporate design.
Technical information may be processed when website resources and font files are delivered to your browser. Depending on Squarespace’s technical implementation, this may include:
IP address
Browser and device information
Date and time of access
The page on which the font is displayed
The legal basis is our legitimate interest in presenting a consistent, readable, and professionally designed website in accordance with Article 6(1)(f) GDPR.
Where the font files are delivered directly by Squarespace, the related processing is covered by the Squarespace processing described in this Privacy Policy.
10. External Links and Social Media
Our website contains links to external websites and online platforms, including:
Instagram
Facebook
YouTube
LinkedIn
Amazon
Alza
HEYDRY
These are generally standard external links.
No personal data is transmitted to the external provider simply because the link appears on our website. Data may be transmitted after you actively click the link and access the external website.
The external provider may then process information such as:
IP address
Browser and device information
Account information
Information about your interaction with the external platform
If you are logged into an account with the external provider, the provider may associate your visit with your account.
We do not control the data processing carried out by external providers. The respective provider’s privacy policy applies after you leave our website.
11. Recipients of Personal Data
Personal data is shared only where necessary and legally permitted.
Recipients may include:
Squarespace as our website hosting and platform provider
Squarespace Email Campaigns as our newsletter service
CASA SI employees responsible for processing inquiries
IT service providers and website administrators
Email service providers
Professional advisers, such as legal or tax advisers
Public authorities where disclosure is required by law
External platforms that you actively choose to access
Service providers processing data on our behalf are required to process personal data in accordance with applicable data-protection law and our instructions.
12. International Data Transfers
Some of our service providers may process personal data outside Austria or outside the European Economic Area.
Where personal data is transferred to a country for which the European Commission has not issued an adequacy decision, appropriate safeguards are used where required.
These safeguards may include:
European Commission-approved Standard Contractual Clauses
Contractual data-protection obligations
Technical and organisational security measures
Other legally recognised transfer mechanisms
Despite these safeguards, data processed outside the European Economic Area may be subject to the laws of the respective country, including possible access by public authorities.
13. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected.
The applicable retention period may depend on:
The duration of an inquiry or business relationship
Your consent and any subsequent withdrawal
Contractual and statutory warranty periods
Statutory accounting and retention obligations
Applicable limitation periods
The need to establish, exercise, or defend legal claims
Technical and security requirements
Newsletter subscriber data is generally retained until you unsubscribe or withdraw your consent.
Contact-form and email information is retained until the inquiry has been completed and thereafter only where continued storage is legally required or necessary to protect our legal interests.
When personal data is no longer required, it is deleted or anonymised unless continued storage is required by law.
14. Your Rights
Subject to the conditions of the GDPR, you have the right to:
Request information about the personal data we process about you
Request correction of inaccurate or incomplete data
Request deletion of your data
Request restriction of processing
Receive certain data in a structured, commonly used, and machine-readable format
Object to processing based on legitimate interests
Withdraw consent at any time
Lodge a complaint with a data-protection supervisory authority
Where processing is based on your consent, withdrawal applies to future processing and does not affect processing carried out before consent was withdrawn.
Requests concerning your rights may be sent to office@casasi.com.
We may request suitable proof of identity where necessary to protect your personal data against unauthorised access.
15. Right to Object
Where we process your personal data on the basis of a legitimate interest under Article 6(1)(f) GDPR, you have the right to object to the processing for reasons arising from your particular situation.
We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims.
You may object to processing for direct-marketing purposes at any time.
16. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data-protection law.
The competent Austrian supervisory authority is:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
Austria
Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at
You may also contact another competent supervisory authority in the European Union, particularly in the country of your habitual residence or place of work.
17. Data Security
We use appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
Our website uses encrypted HTTPS connections.
However, no internet-based transmission or storage system can guarantee absolute security.
18. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes to our website, services, data-processing activities, or legal requirements.
The current version of the Privacy Policy will always be available on our website. The date of the latest update is shown at the beginning of the policy.