1. introduction & scope of application
This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter "data") by our company and about your rights as a data subject.
It applies to all users of the website www.10-q.at as well as for persons who submit bookings or applications via our forms or act as subcontractors.
2. responsible person
Company: 10/kju:/e.U.
Company headquarters: Wehlistraße 157/19, 1020 Vienna, Austria
Owner & responsible person: Amid Amidov
E-Mail: office@10-q.at
Operational support: Marian Hadjiev (not legally responsible)
3. data protection officer
Amid Amidov
E-Mail: office@10-q.at
4. safety & protective measures
Our website uses SSL/TLS encryption. Further technical and organizational measures:
- Internal role and authorization concept
- Regular backups via our hosting provider
- PGP encryption (in preparation)
- AV contracts with all processors
5. hosting & technical infrastructure
- Hosting: All-Inkl.com (Germany)
- CMS: WordPress
- CDN: planned - Cloudflare or Amazon CloudFront
- Plugins: Borlabs Cookie CMP, WP Rocket, TranslatePress, RankMath Pro, Gravity Forms
6. server log data
Automatically collected and stored for a maximum of 14 days:
- IP address (anonymized)
- Date/Time
- Browser type/version
- Operating system
- Referrer URL
Legal basis: 6 para. 1 lit. f GDPR (legitimate interest)
7. cookies & consents (Borlabs CMP)
Our website uses the cookie consent tool Borlabs Cookieto obtain your consent to the use of cookies and integrated third-party services.
When you visit the website for the first time, you will receive the following information:
We need your consent before you can continue to visit our website. If you are under the age of 16 and wish to give your consent to optional services, you must ask your parent or guardian for permission.
We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), e.g. for personalized ads and content or the measurement of ads and content.
There is no obligation to consent to the processing of your data in order to use this offer. You can revoke or adjust your selection at any time via the cookie symbol.
Please note that not all functions of the website may be available due to individual settings.
Data transfer to the USA:
Some services (e.g. Google, Meta, Microsoft, TikTok) process personal data in the USA. By consenting to the use of these services, you also consent to the transfer of data to the USA in accordance with Art. 49 para. 1 lit. a GDPR.
The European Court of Justice classifies the USA as a country with an inadequate level of data protection. In particular, there is a risk that US authorities may be able to access your data without you as an EU citizen having effective legal remedies at your disposal.
Cookie categories & storage duration:
- Essential cookies (cannot be deselected) - technically required
- Statistics cookies (e.g. Google Analytics)
- Marketing cookies (e.g. Google Ads, Meta Ads)
Storage duration: 12 months
Legal basis: 6 para. 1 lit. a GDPR (consent)
8. tracking & online marketing
Only with active consent:
- Google Analytics 4 (with anonymized IP)
- Google Ads incl. remarketing & conversion tracking
- YouTube Ads (planned)
- Facebook, TikTok, LinkedIn, Microsoft Ads (planned)
- Hotjar (heatmaps, user behavior)
Legal basis: 6 para. 1 lit. a GDPR
9. contact forms & communication
- Tools: Gravity Forms, SendGrid, Brevo, WhatsApp Business (only with active use), Airtable
- Planned integration: reCAPTCHA
- Data collected: Name, telephone number, e-mail, travel request, flight number, etc.
- Corporate clients: additionally company name, address, UID
10. Booking & payment processing
- Payment provider: Stripe Payments Europe Ltd.
- Payment: directly in the form via credit card (PCI-DSS compliant)
- Card data: are not stored by us
- Utilization: also for customer analysis (e.g. customer lifetime value)
Legal basis: 6 para. 1 lit. b GDPR
11. Driver communication & subcontractors
- Only receive trip-related data
- No access to customer data or prices outside the journey
- Communication via WhatsApp, Airtable or SMS
- GPS positioning for quality assurance
12. Applications
- Processed data: Name, ID, driver's license, GISA, UID, vehicle data, insurance
- Storage duration: 6 months (rejected), 7 years (discontinued)
- Deletion on request: Art. 17 GDPR possible
13. Third-party providers & tools used
All with AV contract and SCC (standard contractual clauses) where applicable:
- Google Ireland Ltd - Analytics, Ads, Tag Manager, reCAPTCHA
- YouTube (Google LLC) - Video playback
- SendGrid (Twilio Inc.) - e-mail dispatch
- Brevo (Sendinblue GmbH) - E-mail communication
- Hotjar Ltd - UX Analysis
- Airtable (Formagrid Inc.) - CRM
- Zapier Inc - Automation
- Stripe Payments Europe Ltd. - Payment processing
14. Transfer to third countries
Only for:
- Existence of SCCs
- Existence of a Appropriateness decision
- Or explicit consent Art. 49 para. 1 lit. a GDPR
15. Storage duration
| Data type | Storage duration |
| Booking/invoice data | 7 years (tax law) |
| Contact forms | 12 months |
| Applicant data | 6 months (rejected) |
| Analytics data (Google) | max. 26 months |
16. Rights of the data subjects
You have the following rights under the GDPR:
- Information (Art. 15)
- Rectification (Art. 16)
- Deletion (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Objection (Art. 21)
- Withdrawal of consent (Art. 7 para. 3)
Contact for all matters: datenschutz@10-q.at
17. Automated decisions / profiling
- Stripe can carry out a credit check
- No further automated profiling takes place
18. Newsletter
We currently ship none newsletters or automated e-mail campaigns.
19. Data security
- Password-protected systems
- SSL/TLS encryption
- Use of Google Drive (no local firewall)
20. Changes to this privacy policy
This declaration is updated regularly.
Last update: 04.07.2025
Previous versions: available on request