Privacy Statement Lighthouse Organizational Development OG
The objective of this privacy statement is the protection of personal data, which is particularly important to us. The following notes will explain how we process your personal data. Processing takes place within the framework of the General Data Protection Regulation (GDPR) (EU) 2016/679.
By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
​
0. Definitions
The data protection declaration of the Lighthouse Organizational Development OG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). In this data protection declaration, we use, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person ("data subject").
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
e) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Controller or controller responsible in respect to the General Data Protection Regulation (GDPR) or other European Data Protection Regulation is:
Lighthouse Organizational Development OG, Margaretenstrasse 96/14, 1050 Vienna, Austria (Tel.: +4368110746411; E-Mail: office@lighthouse-od.at)
f) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
g) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
g) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
i) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
​
1. Subject of Data Protection Policy
Visiting our website www.lighthouse-od.at is generally possible without submitting personal data.
The website of Lighthouse Organizational Development OG collects a series of general data and information when a data subject or automated system accesses the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information.
By using the above mentioned general data and information, Lighthouse Organizational Development OG does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
If you decide to contact us via our website contact form or website chat interface, we need your personal data (name, e-mail address, your personal message outlining your request) to process your request. If data is collected in this context, this is solely for the purpose of processing your request. If you decide to submit your data via our website forms (contact forms, registration forms, sign-up forms, case study download forms) or website chat interface, you give us permission to contact you, however, you can opt-out at any time by contacting us at office@lighthouse-od.at. Your personal data will not be passed on to third parties unless this is necessary for the provision of the service or for the execution of the contract.
​
2. Hosting, Google Analytics, Facebook Pixel Wix, LinkedIn Insight Tag and Cookies
The website of Lighthouse Organizational Development OG is hosted by Wix.com. Your data may be stored through Wix.com's data storage, databases and the general Wix.com applications. Wix.com stores your data on secure servers behind a firewall.
Please note that for international data transfers from the EU/EEA to countries outside this region (including the United States where Wix.com operates), we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission or other appropriate safeguards as the legal mechanism for such transfers. While we are working to formalize all our data transfer agreements, we have implemented strong security measures to protect your data, including two-factor authentication, complex passwords, and secure access controls.
For information on how Wix handles site visitors' data please review sections 8, 12, and 13 of Wix's Privacy Policy: https://www.wix.com/about/privacy.
The website of Lighthouse Organizational Development OG uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies". "Cookies" are text files that are stored on your computer and allow you to analyze your usage behaviour of the website.
The information about your usage behaviour generated with the help of the cookie is then transmitted to a Google Inc. server in the USA where it is stored.
On behalf of the operator of this website, Google will use this information to evaluate your website's use behaviour to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. The data transmitted in this context is only used for the evaluation of your usage behaviour and is not brought together with other data from Google. You can prevent the storage of cookies on your computer by using appropriate browser settings. However, we would like to draw your attention to the fact that in this case you may not be able to use all the functions of our website.
If you do not wish that Google processes the data generated by the cookie, you can prevent it by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=en.
For more information on the terms of use and privacy, please visit http://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/policies/.
The website of Lighthouse Organizational Development OG uses "Facebook Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If the user has given us his explicit consent, his behavior can be tracked after he has seen or clicked on a Facebook advertisement. This process is designed to evaluate the impact of Facebook ads for statistical and market research purposes and may help to optimize future advertising efforts.
Data collected shall remain anonymous and cannot be used to draw any conclusion about the identity of the user. However, those data are stored and processed by Facebook to enable a connection to the respective user profile and to allow Facebook to use those data for its own advertising purposes in accordance with the Facebook Privacy Policy (https://www.facebook.com/about/privacy/). You may allow Facebook and its partners to place ads on and outside of Facebook. A cookie may also be stored on your computer for these purposes. These processing operations only take place if express consent is given in accordance with Art. 6 (1) point a GDPR.
Consent to the use of the Facebook pixel may only be given by users who are older than 13 years of age. If you are younger, please ask your legal guardian for permission.
If you want to disable the use of cookies on your computer, you can set your Internet browser so that cookies can no longer be stored on your computer in the future and/or cookies that have already been stored will be deleted. However, when disabling all cookies, some functions of our internet pages may no longer be able to be executed. You can also disable the use of cookies by third parties such as Facebook on the Digital Advertising Alliance website.
This website uses LinkedIn Insight Tag, a tracking and analytics tool, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.
The LinkedIn Insight Tag enables the collection of data regarding members' visits to your website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching members across devices), and members' direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
We don't share the personal data of members with you; we only provide reports and alerts (which do not identify members) about your website audience and ad performance. We also provide retargeting for website visitors, enabling you to show personalized ads off your website by using this data, but without identifying the member. We also use data that doesn't identify members to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
​
3. Opportunity to Contact Us via The Website
The website of Lighthouse Organizational Development OG contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail, via a contact form, or via website chat interface, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
​
4. Erasure of Personal Data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely erased in accordance with legal requirements.
We are currently developing more comprehensive data retention and deletion policies. Currently, we have implemented email retention policies in Gmail and can delete client data upon request.
​
5. Rights of The Data Subject
Each data subject shall have the right granted by the European legislator:
to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed
to obtain from the controller free information about his or her personal data stored at any time and a copy of this information
to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her
to obtain from the controller the erasure of personal data concerning him or her without undue delay whenever no legal grounds applies and as long as the processing is not necessary
to obtain from the controller restriction of processing where a legal ground applies
to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format
to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions
to withdraw his or her consent to processing of his or her personal data at any time
While we are in the process of formalizing our procedures for handling data subject rights requests, we can currently handle such requests on a case-by-case basis. If the data subject wishes to exercise any of these rights, he or she may contact Lighthouse Organizational Development OG at office@lighthouse-od.at.
If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in a way, you can submit a complaint to the supervisory authority. In Austria, this is the data protection authority: www.dsb.gv.at
​
6. Data Protection for Applications and the Application Procedures
The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment or subcontractor contract with an applicant, the submitted data will be stored for the purpose of processing the employment or subcontractor relationship in compliance with legal requirements.
​
7. Security Measures
We have implemented significant technical and organizational security measures to protect your personal data. These include:
Two-factor authentication across all platforms that support it
Complex passwords (20+ characters) for platforms without 2FA
Biometric authentication for device access
Secure password management through a password manager
Role-based access controls within platforms
Secure folder structures in file storage platforms
Restricted sharing permissions
Regular security reviews
We are continuously working to enhance our security measures and formalize our data protection procedures.
​
8. Data Breach Notification
We are in the process of developing formal data breach response procedures. In the event of a personal data breach, we will notify the relevant supervisory authority and affected data subjects as required by applicable law. While our formal procedures are being developed, our team is aware of the need to report potential breaches immediately.
​
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.
​
10. Contact Us
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at office@lighthouse-od.at.
Last updated: July 1, 2025