Privacy Policy

General

The protection and security of your personal data is important to us. This website therefore stores and processes data exclusively in accordance with the Austrian and European General Data Protection Regulation (GDPR). As a user, you consent to data processing within the meaning of this declaration. The current version of the GDPR can be found at eur-lex.europa.eu

This privacy policy applies only to this website. If you are redirected to other sites via links on our pages, please inform yourself directly on the redirected website about its handling of your data. Your personal data (e.g. salutation, name, address, email address, telephone number, bank details, credit card number) is only processed by us in accordance with the provisions of Austrian data protection law. The following provisions inform you about the type, scope and purpose of the collection, processing and use of personal data.

Use of this website is generally possible without providing personal data. Where personal data (e.g. name, address or email addresses) is collected on our pages, this is, where possible, always on a voluntary basis. This data is not passed on to third parties without your express consent.

We point out that data transmission on the internet (e.g. when communicating by email or via unencrypted websites) may have security gaps. Complete protection of data from access by third parties is not possible.

When you place an order via our website, the data you transmit or enter is checked and, if necessary, reconciled manually or automatically against existing records for validity and accuracy in order to correct the data we hold. To this end, it may be necessary for our staff to contact you. This is done by email or by telephone. The data you enter is used exclusively for processing the order or handling the registration; the data is not passed on to third parties.

Data subject rights

Under Austrian data protection law and the European GDPR, you as a data subject have extensive rights. These rights are intended above all to provide more transparency. Your rights as a data subject are the right to access the personal data concerning you, to rectification, erasure, restriction of processing, objection to processing, and the right to data portability (only where there is a contractual relationship or consent), as well as the right to withdraw consent at any time.

As a data subject, you can most easily exercise your rights by emailing office@motion-group.at. You may also exercise them by letter, in person, or via the website's contact form.

You also have the right at any time to lodge a complaint with the data protection authority regarding the processing of your personal data. The contact details of the data protection authority are:

Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Phone: +43 1 521 52-25 69
Email: dsb@dsb.gv.at

Data deletion

Your data is deleted as soon as the respective contract with you has been fulfilled and there is no longer any legal obligation to store the data. As a rule, your data is deleted after seven years; retention period under § 132 BAO (Austrian Federal Fiscal Code).

Statutory or legal retention obligations or contractual obligations — e.g. towards customers from warranty or damages, or towards contractual partners — are a basis for continuing to store personal data. (Art. 6(1)(c) GDPR — basis for the lawfulness of processing: statutory / legal obligation)

Links

We review links that leave our website very carefully from an editorial standpoint. Nevertheless, we accept no responsibility or liability whatsoever for the content of pages to which links are made from this website or from any other internet presence.

Application form

If you send us your applications via the application form, your details from the form, including the contact data you provide there, and your application documents will be stored with us for the purpose of processing the application. We will not pass on this data without your consent. Your data submitted will be deleted no later than 6 months after the position has been filled.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored with us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

Registration

For users who register on our website, we additionally store the personal information they provide in their user profile. All users can view, change or delete their personal information at any time (the username cannot be changed). Website administrators can also view and change this information.

If you are a registered user and upload photos to this website, you should avoid uploading photos with EXIF GPS location data. Visitors to this website could download photos stored on this site and extract their location information.

Inventory data

Without your express consent or without a legal basis, your personal data will not be passed on to third parties outside the scope of contract processing. After complete contract processing, your data will be blocked from further use. After the expiry of tax and commercial law regulations, this data will be deleted unless you have expressly consented to further use.

Your personal data, insofar as it is necessary for the establishment, content or modification of the contractual relationship (inventory data), is used exclusively for contract processing. For example, in order to deliver goods, your name and address must be passed on to the goods supplier.

Information about cookies

A distinction is made between three categories of cookies:

• strictly necessary cookies to ensure basic website functions
• functional cookies to ensure the performance of the website
• targeting cookies to improve the user experience.

The internet pages partially use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can configure your browser so that you are informed about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies in certain cases or generally, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.

If you write a comment on our website, this may be considered consent to store your name, email address and website in cookies. This is a convenience feature so that you do not have to re-enter all this data when writing another comment. These cookies are stored for one year.

If you have an account and log in to this website, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your display options. Login cookies expire after two days, and display option cookies expire after one year. If you select "Stay logged in" when logging in, your login will remain active for two weeks. When you log out of your account, the login cookies will be deleted.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie contains no personal data and only refers to the post ID of the article you just edited. The cookie expires after one day.

Functional limitations without cookies

If you do not allow us to use cookies in general, certain features and pages will not work as expected. In particular, login will not work.

Web analytics with Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses targeting cookies.

For more information on how user data is handled by Google Analytics, please see the Google privacy policy: support.google.com/analytics/answer/6004245

You can prevent the collection of data generated by the cookie and related to your use of the website by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout

Facebook social plugins

We use social plugins from facebook.com, operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The plugins can be identified by the Facebook logo or the addition "Facebook Social Plugin". If you, for example, click the "Like" button or leave a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. Furthermore, Facebook makes your preferences public to your Facebook friends. If you are logged in to Facebook, Facebook can directly assign the visit to our site to your Facebook account. Even if you are not logged in or do not have a Facebook account at all, your browser transmits information (e.g. which website you have visited, your IP address) that is stored by Facebook. We point out that as a provider of the pages we have no knowledge of the content of the transmitted data or its use by Facebook.

For details on how Facebook handles your personal data and your related rights, please see Facebook's privacy policy: facebook.com/policy.php. If you do not want Facebook to associate the data it collects about you via our website with your Facebook account, you must log out of Facebook before visiting our pages.

Instagram social plugins

We use social plugins from Instagram. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to our site with your user account. We point out that as a provider of the page we have no knowledge of the content of the transmitted data or its use by Instagram.

For more information, please see the Instagram privacy policy: instagram.com/about/legal/privacy

YouTube social plugins

We use social plugins from the site YouTube, operated by Google. The operator of this site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit our site equipped with a YouTube plugin, a connection to YouTube's servers is established. The YouTube server is informed that you have visited our pages.

If you are logged in to your YouTube account, you allow YouTube to assign the visit to our site to your user account. You can prevent this by logging out of your YouTube account.

For more information on how user data is handled, please see the YouTube privacy policy at google.de/policies/privacy

LinkedIn social plugins

We use social plugins from the LinkedIn service. These functions are provided by LinkedIn Inc., 1000 West Maude Avenue Sunnyvale, CA 94085, USA. You can recognise the LinkedIn plugins by the corresponding logo or the "Recommend" button. Please note that when you visit our website the plugin establishes a connection between your respective internet browser and the LinkedIn server. LinkedIn thereby receives the information that you have accessed the corresponding page of our website. If you click the "Recommend" button on LinkedIn while logged in to your LinkedIn account, you enable LinkedIn to associate your visit to our website with you or your user account. We point out that as a provider of the page we have no knowledge of the content of the transmitted data or its use by LinkedIn.

For more details on data collection and your legal options and settings, see linkedin.com/static?key=privacy_policy

Google AdWords

We also use the advertising tool "Google AdWords" to promote our website. In this context, we use the "Conversion Tracking" analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA on our website. If you reached our website via a Google ad, a cookie is placed on your computer. Cookies are small text files that your internet browser places and stores on your computer. These so-called "conversion cookies" expire after 30 days and do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that you, as a user, clicked on one of our ads placed with Google and were redirected to our site.

The information collected with the "conversion cookies" is used by Google to create visit statistics for our website. From these statistics we learn the total number of users who clicked on our ad and, in addition, which pages of our website were subsequently called up by the respective user. However, we do not receive any information that personally identifies users.

You can prevent the installation of the "conversion cookies" by setting your browser accordingly, e.g. via a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only the cookies from the "googleadservices.com" domain.

The relevant Google privacy policy is available at the following link: policies.google.com/privacy

Facebook Pixel

Our website uses the remarketing function "Facebook Pixel" from Facebook Inc. ("Facebook"). This function serves to present visitors to this website with interest-based advertising ("Facebook ads") in the context of their visit to the Facebook social network. To this end, Facebook Pixel has been implemented on our website. Via Facebook Pixel, a direct connection to Facebook's servers is established when you visit the website. The Facebook server is informed that you have visited this website, and Facebook assigns this information to your personal Facebook user account.

For more information on the collection and use of data by Facebook and on your rights and options for protecting your privacy, please see Facebook's privacy notices at facebook.com/about/privacy.

Alternatively, you can deactivate Facebook's remarketing function at facebook.com/settings?tab=ads. To do this, you must be logged in to Facebook.

Hotjar

We use Hotjar to better understand the needs of our users and to optimise the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and don't like, etc.), and this helps us tailor our offering to our users' feedback. Hotjar uses cookies and other technologies to collect data about our users' behaviour and their end devices, in particular IP address of the device (collected and stored only in anonymised form during your use of the website), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), and preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, see the "About Hotjar" section on Hotjar's help page help.hotjar.com/About-Hotjar.

SalesViewer

On this website, data is collected and stored for marketing, market research and optimisation purposes using SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator's legitimate interests (Art. 6(1)(f) GDPR).

For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding usage. The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.

The data stored as part of SalesViewer will be deleted as soon as it is no longer required for its purpose and there are no statutory retention obligations preventing deletion.

You can object to the collection and storage of data at any time with effect for the future by clicking this link salesviewer.com/opt-out to prevent recording by SalesViewer® within this website in the future. An opt-out cookie will be placed for this website on your device. If you delete your cookies in this browser, you must click this link again.

Newsletter

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively to send the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, e.g. via the "unsubscribe" link in the newsletter.

SSL encryption

For security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator, this site uses SSL encryption. You can recognise an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Collection and storage of personal data; type, purpose and use

When you access this website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your input and stored until automated deletion:

• IP address of the requesting computer,
• date and time of access,
• name and URL of the file retrieved,
• website from which access is made (referrer URL),
• browser used and, if applicable, your computer's operating system as well as the name of your access provider.

We currently use the option to use this data on the legal basis of Art. 6(1)(1)(f) GDPR for purposes such as

• ensuring a smooth connection to the website,
• ensuring comfortable use of our website,
• evaluating system security and stability and
• for further administrative purposes.

The data collected will under no circumstances be used to draw conclusions about you as a person.

Data security

The provider uses technical and organisational security measures to protect the data stored by the provider against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Data transfers between service providers are carried out using SSL (Secure Socket Layer). This software encrypts all information transmitted by and to supporters.

All data is stored on the server of this website or on the servers of our service providers with whom processing agreements pursuant to § 28 GDPR have been concluded, with appropriate checks.

If you have any questions, please contact us at the following email address: office@motion-group.at

Google API Services User Data Policy (Xenya app)

The Xenya application (available at app.xenya.ai) lets users connect their Google Calendar via OAuth 2.0 so that Xenya can automatically join scheduled online meetings (Zoom, Google Meet, Microsoft Teams, etc.), record and transcribe them, and provide AI-based sales coaching. Xenya's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google user data we access

When you connect your Google Calendar to Xenya, we request only the following OAuth scopes:

• https://www.googleapis.com/auth/calendar.events.readonly — read-only access to your calendar events.
• https://www.googleapis.com/auth/userinfo.email — your primary Google email address, used to identify the connected account.

Based on these scopes, Xenya processes and stores: your Google email address and display name, OAuth access and refresh tokens (encrypted at rest), and, for each calendar event: title, start and end time, the embedded meeting URL (Zoom, Google Meet, Teams, Webex, GoTo), iCal UID, platform ID and the list of attendees (name and email) where included on the event. We do not access Gmail content, Google Drive files, contacts, or any other Google data.

How we use Google user data

Calendar data retrieved from Google is used solely for the following user-facing features:

• displaying your upcoming meetings inside the Xenya dashboard so you can choose which calls the Xenya notetaker should join;
• automatically dispatching a meeting bot (via our sub-processor Recall.ai) at the scheduled start time so that recording, transcription and AI-based sales coaching can be delivered;
• associating meetings with companies/contacts inside your workspace (for example based on attendee email domain) for CRM-style analytics within Xenya.

Data retrieved is processed exclusively to provide or improve these user-facing features.

Limited Use: what we do NOT do with Google user data

Xenya complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We do not sell Google user data to any third party.
• We do not use Google user data for advertising of any kind — including personalised, targeted or retargeted advertising.
• We do not transfer Google user data to data brokers, information resellers, or other data sellers.
• We do not use Google user data to determine creditworthiness or for lending decisions.
• We do not use Google user data to train, fine-tune or augment generalised AI/machine-learning models, and we do not use it to build generic databases.
• Humans only access Google user data in the limited circumstances permitted by Google's policy (e.g. with your explicit consent, for security and abuse-prevention purposes, to comply with applicable law, or in aggregated, anonymised form for internal operations).

Who we share Google user data with

We do not share Google calendar data with third parties for their own purposes. To provide the Xenya services we rely on the following sub-processors, who process personal data only on our instructions under data-processing agreements pursuant to Art. 28 GDPR:

• Recall.ai — receives OAuth refresh tokens and meeting metadata in order to dispatch the notetaker bot to meetings at the scheduled time.
• Hetzner Online GmbH (data centres in Germany and Finland) — hosting and object storage for the application and the resulting recordings/transcripts.
• AssemblyAI — transcription of recorded meeting audio.
• Anthropic / OpenAI — LLM-based evaluation of transcripts to produce scorecards and coaching recommendations. No model training is performed on your data; we operate under no-training agreements with these providers.

Beyond this, we only share Google user data when you give your explicit consent, when required to comply with applicable law, or when necessary to maintain the security and integrity of the service (e.g. investigating potential abuse).

How we protect Google user data

We protect Google user data with appropriate technical and organisational measures:

• All data transmissions take place exclusively over TLS/HTTPS.
• OAuth access and refresh tokens are encrypted at the application layer (Active Record Encryption based on AES-256) before being stored in the database.
• Databases and object storage are encrypted at rest and hosted on servers located within the EU (Germany/Finland).
• Access to production systems is restricted to a narrow set of authorised employees, protected by multi-factor authentication and logged.
• We operate our own OAuth integration and commission annual security reviews of our platform.

Data retention and deletion

Google calendar data is retained for as long as you keep your Google Calendar connected to Xenya. You can at any time:

• Disconnect the calendar inside Xenya: under Settings → Calendar, you can disconnect at any time. Xenya then actively revokes the refresh token via Google's revocation endpoint (https://oauth2.googleapis.com/revoke), deletes all stored OAuth tokens, and removes the associated calendar events from our operational databases within 30 days.
• Revoke access directly at Google: you can revoke Xenya's access at any time at myaccount.google.com/permissions.
• Delete your account: upon request by email to office@motion-group.at or hello@xenya.ai, we will delete your Xenya account and all associated Google calendar data within 30 days, subject to statutory retention obligations (in particular § 132 BAO for invoice data).

Backups that may contain Google calendar data are permanently overwritten on the standard backup rotation cycle (maximum 35 days).

Withdrawing consent and complaints

The connection to your Google account is based on your explicit consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time with effect for the future by disconnecting the calendar inside Xenya or revoking access at Google. For questions or complaints regarding the processing of your Google user data, please contact hello@xenya.ai.