Select your language

Data Protection Declaration

NIGHTFALL GMBH  places great importance on protecting your personal data. Since data protection at NIGHTFALL GMBH  is thus also a high priority, your personal data is handled in accordance with the valid data protection regulations (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DPA 2018), Austrian Telecommunications Act 2003 (TKG 2003)).

In the following, we will inform you about the processing operations related to your personal data within the framework of our online content and our website.

Contact Details of the Individual Responsible

The data protection officer for the websites

Nightfall GmbH
Riederstraße 35 / Halle 1 / Tor 4
A-4931 Mettmach

Company register number:  FN 509438 z

Should you have any questions regarding how NIGHTFALL GMBH processes your data, please do not hesitate to contact us as follows:

By post to the address listed above, for the attention of the data protection officer
by tel.:+43/ 660 7400671
by email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Using the contact details listed above, you can contact our data protection officer who will be happy to help you with any questions relating to data protection and rights of the affected. 


Data Processing – General Information

We process your personal data in a responsible manner and in accordance with the relevant data protection regulations.

Personal data is only collected if you provide it, for example, over the course of an online order, an inquiry form, or a registration.

Personal data is only passed on to third parties in accordance with legal regulations. We will only pass on users’ personal data to third parties if this takes place, for example, on the basis of your consent in accordance with Art. 6 Sec. 1 Clause a GDPR, if it is necessary for contractual purposes on the basis of Art. 6 Sec. 1 Clause b GDPR, if it is necessary on the basis of legal obligations in accordance with Art. 6 Sec. 1 Clause c GDPR, or if it takes place on the basis of legitimate interests in accordance with Art. 6 Sec. 1 Clause f GDPR (economic and effective business operation).

Processing Personal Data during a Visit to our Website

You can always visit our websites without providing personal information. When you access our website, the following information is collected and temporarily stored in a web server logfile:

  • The IP address of the requesting web-enabled device
  • The time and date of access
  • The quantity of transferred data in bytes
  • The name and the URL of the file retrieved
  • The website/application from which our website was accessed (referrer URL)
  • Your browser and potentially the operating system of your web-enabled device

We have no influence on automated data storage. The data collected will not allow for any direct conclusions about your identity, and we will not draw any conclusions.

We use the data mentioned above for the following purposes:

  • Establishing a smooth connection
  • Ensuring the website is convenient to use
  • Assessing the system security and stability
  • Statistical assessment of the data to optimize our online presence and the associated technology

The data mentioned above is stored for 120 weeks and backed up for another six months.

According to Art. 6 Sec. 1 Clause f GDPR, the legal basis for processing the listed data is our legitimate interest which results from the purposes listed above.

Contacting Us

When you contact us (via the contact form or email), the personal data you provide to process and handle the contact inquiry or to initiate and fulfill a contract is processed to carry out pre-contractual measures according to the legal basis of Art. 6 Sec. 1 Clause b GDPR.

When you contact us using the contact forms on the website, we process the following personal data:

  • Company
  • Form of address
  • Title (optional), First name, Surname
  • Email address
  • Address
  • Telephone number, fax
  • Website
  • Your individual message

Your details are stored in our customer relationship management system (CRM system) or a similar inquiry set-up.

The data is processed for the duration of the business relationship initiation. Should the business relationship end, the data shall be stored even after the end of the business relationship in accordance with the applicable legal provisions and retention requirements.

Data Security

If we receive your personal data, for example over the course of an order, it will be encrypted using the SSL process (secure socket layer). The SSL process distorts your data before it is sent to the NIGHTFALL GMBH  server so that a third party is unable to reconstruct it. This encryption process also ensures that your data is only sent to the server from which it was requested. You can find additional information under SSL Encryption.

For that matter, we will provide you with appropriate technical and organizational security measures to protect the personal data we store and to secure against loss, destruction, access, modification, and distribution by unauthorized persons, taking into account the state of the art, the implementation costs, as well as the nature, scope, circumstances and purposes of the processing and the likelihood and severity of the risk to the rights and freedoms of individuals. Our security measures are continuously improved according to technological advancements.


We use cookies on this website which facilitate internet usage and communication. Cookies are small text files that our website sends to your browsers and are saved on your device.

Our website uses two types of cookies. One reason for our use of cookies is to make the use of our services more comfortable for you. We therefore use session cookies to detect whether you have already visited individual pages on our website. These remain in your browser’s cookie file until you leave our website and are automatically deleted at the end of your visit. The second type we use are long-term cookies which are stored for a specified time period to improve user friendliness and enable our website to recognize your browsers next time you visit. Should you visit our website again to make use of our services, it will automatically detect that you have visited the website before and it will recall the entries and settings you configured, so you won’t have to enter these again. The storage period for the cookies depends on your purpose of use and is not the same for all users.

You can configure your browser to inform you about cookie usage so you can make individual decisions about accepting cookies, or prevent the acceptance of cookies in specified cases or in general. However, disabling cookies may lead to a limitation of our website’s functionality.

We will inform you about the usage or setting of cookies using a cookie banner. You can accept all cookies or only selected cookies under "Cookie settings". If you wish to change your cookie settings at a later date, you can do so under "Cookie settings" in the footer of the website.

The legal basis for the setting of cookies is our legitimate interest in offering online services and optimizing our website in accordance with Art. 6 Sec. 1 Clause f GDPR, as well as, where appropriate, your consent in accordance with Art. 6 Sec. 1 Clause a GDPR.


Website Optimization

Google AdWords and Conversion Tracking

This website uses the online advertising program Google AdWords as well as Google Conversion Tracking, an analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google is certified under the European Commission’s adequacy resolution (Privacy Shield Agreement), thus providing a guarantee to comply with European data protection law.

To this end, Google uses cookies which are stored on your device if you accessed our website via a Google advertisement. These cookies are only valid for a limited time and are not used for personal identification. If you visit specific pages on our website, we and Google – provided the cookie has not yet expired – can detect that you accessed our website via a Google advertisement. Each Google AdWords customer receives a different cookie. Cookies therefore cannot be tracked via the AdWords customer websites. Conversion statistics are created using the data gathered via conversion cookies. This allows us to gather information about the total number of users who accessed a site with a conversion tracking tag via an advertisement. However, we do not receive any personal information through which individual users could be identified. If you would like to prevent the tracking process, you can disable the storage of the required cookies by configuring your browser software accordingly. You can also deactivate cookies for Google Conversion Tracking by configuring your browser so that cookies from the domain “” are blocked. You can find additional information about Google data protection regulations on the following website:

Integration of Third-Party Services and Content



On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), we use social plugins (“plugins”) for the social network operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”). The plugins include interaction elements and content (e.g., videos, graphics, or text posts) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “Like” or a “thumbs up” symbol), or are marked with the phrase “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be seen here:

Facebook is certified under the Privacy Shield Agreement, thus providing a guarantee to comply with European data protection law.

If a user activates a function of this online content which contains such a plugin, their device will establish a direct connection with the Facebook servers. The content of the plugin is directly transmitted from Facebook to the user’s device and integrated in the online content. During this process, user profiles can be created for the users using the processed data. We therefore have no influence on the scope of the data collected by Facebook using this plugin and thus inform users according to our knowledge base.

By integrating these plugins, Facebook receives the information that a user has accessed the respective site of the online content. If the user is logged onto Facebook, then Facebook can allocate the visit to their Facebook account. If users interact with the plugins, for example, to click the Like button or to leave a comment, the corresponding information is directly transmitted from their device to Facebook and stored there. Even if a user is not a member of Facebook, Facebook may still learn and save their IP address. According to Facebook, only an anonymized IP address is saved in Germany.

Information regarding the purpose and scope of the data collection as well as further processing and usage of the data by Facebook, as well as the related rights and configuration options to protect the user’s privacy can be found in Facebook’s data protection notice:

If a user is a Facebook member and does not wish for Facebook to collect data about them through this online content and link it to their member data stored by Facebook, then they must log out of Facebook before using our online content and delete their cookies. Further settings and objections regarding the use of data for advertising purposes can be made via the Facebook profile settings: or via the American site or via the EU site These settings are independent of the platform, i.e., they are adopted for all devices such as desktop computers and mobile devices.


Facebook pixel – extended data synchronization

Within our online environment, the "Facebook pixel" from the social network Facebook is used in extended data synchronization mode, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").

On the basis of his or her express consent, when a user clicks on an advertisement placed by us and displayed on Facebook, a suffix is added to the URL of our linked page by the Facebook pixel. Then, after the user is redirected, this URL parameter is written into the user's browser by a cookie that is set by our linked page itself. In addition, this cookie records specific customer data, such as the email address that we collect on our website linked to the Facebook advertisement during transactions such as purchases, account login, or registrations (extended data synchronization). The cookie is then read by the Facebook pixel and enables the data, including the specific customer data, to be forwarded to Facebook.

With the help of the Facebook pixel with extended data synchronization, Facebook is able to precisely determine the visitors to our online environment as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel with extended data synchronization in order to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (for example, interests in certain topics or products determined on the basis of the websites visited), which we send to Facebook (referred to as "custom audiences"). With the help of the Facebook pixel with extended data synchronization, we also wish to ensure that our Facebook ads match the potential interest of users and are not annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes, by tracking whether users were redirected to our website after clicking on a Facebook ad (what is known as "conversion"). Compared to the standard version of the Facebook pixel, the advanced data synchronization feature helps us to better measure the effectiveness of our advertising campaigns by capturing more assigned conversions.

All transmitted data is stored and processed by Facebook such that a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with Facebook's data policy ( The data may enable Facebook and its partners to serve advertisements both on Facebook and outside it.

These processing operations are carried out only if express consent is granted in accordance with Art. 6 Sec. 1 Clause a GDPR.

The information generated by Facebook is usually transferred to a Facebook server and stored there; it may also be transferred to the servers of Facebook Inc. in the USA. Facebook Inc., with registered offices in the USA, is certified in line with the US-European "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU.



For this website, the SmartMaps service of YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe, Germany, is used to display maps. This allows interactive maps to be displayed directly on the website and enables the use of the map function. For the provision of the map material, YellowMap processes your IP address and other technical data. The data collected is used exclusively for the creation of the map and is deleted after 10 min. has elapsed. No cookies are set.

For more information on the purpose and scope of data collection and its processing by YellowMap, please visit
There you will also receive further information on your rights in this regard.
The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. b DSGVO).



On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), functions of the YouTube service are integrated in our website to display and replay videos. These functions are provided by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. You can find additional information in the YouTube data protection guidelines.

The extended data protection mode is used here, which only initiates storage of user information once the video(s) is/are played according to the supplier’s statement. Should the replay of integrated YouTube videos be started, YouTube will use cookies to gather information about user behavior. According to YouTube, these are used for purposes including recording video statistics, improving user friendliness, and preventing improper usage. Independently of whether the integrated videos are replayed, a connection to the Google network “DoubleClick” is established every time you access our website which could lead to further data processing operations without our influence.

You can find additional information about YouTube’s use of cookies within the YouTube privacy policy at:

Your Rights

We will naturally be happy to inform you about the processing of your personal data. According to the data protection regulations, you have the following rights and remedies as an affected person:

  • The right to informationabout your personal data which we have stored according to Art. 15 GDPR. To provide this information, we may require you to verify your identity in a suitable manner.
  • Right to the correctionof incorrect personal data or the completion of incomplete personal data according to Art. 16 GDPR.
  • Right to the deletionof your personal data according to Art. 17 GDPR insofar as the reasons outlined in Art. 17 Sec. 1 Clause a to f GDPR (e.g. cessation of the reason for processing) exist and the processing of your personal data is not required according to Art. 17 Sec. 3 GDPR.
  • Right to the limitationof the processing of your personal data according to Art. 18 GDPR.
  • Right to data portabilityaccording to Art. 20 GDPR.
  • Right to the objection against the processing of your personal data according to Art. 21 GDPR.
  • Right to the revocation of the consent declarations grantedaccording to Art. 7 GDPR.
  • Right to appeal: You have the right to appeal to a regulatory authority. You can generally contact the regulatory authority of your usual place of residence or work, or our company headquarters. In Austria, this is:

Austrian data protection authority

Barichgasse 40-42

1030 Vienna

Tel: +43 1 52 152-0

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.


In order to assert your rights against NIGHTFALL GMBH , or in the event of any questions, please contact us:

by letter to the above address, for the attention of the data protection officer. 

by tel.: +43/ 660 7400671

by email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Should you take action to enforce your GDPR-related rights as listed above, NIGHTFALL GMBH  must respond to the application (or, if the legal requirements are met, comply with the application) no later than one month after receipt of your application for the requested measure.

Scope of application / links

This data protection declaration applies exclusively to NIGHTFALL GMBH  websites. We have no influence on the layout or content of websites connected to our website via links and we are unable to control how the operators of the linked websites handle your information. As a result, our data protection declaration and our area of responsibility does not include their websites.