Get in touch ↗ Menu
Get in touch

PRIVACY POLICY

As of 05/2026

Protecting your personal data is important to us. We process your data in accordance with the applicable legal provisions (in particular, the GDPR, the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2021 (TKG 2021)). With this privacy policy, we would like to inform you, in accordance with Article 13 of the General Data Protection Regulation (GDPR), about how we, as the data controller, process your personal data in connection with this website and the services and offerings described below.

We strive to present the information in this privacy policy in a clear and comprehensible manner.

1. Name and Contact Details of the Data Controller

We, Trever GmbH, are the point of contact and the data controller within the meaning of the EU General Data Protection Regulation (GDPR) for the processing of your personal data in connection with the activities described below.

You can reach us at the following contact details:

Trever GmbH
Gadollaplatz 1
8010 Graz
Austria
contact@trever.io

Alternatively, you are also welcome to contact our Data Protection Coordinator directly:

Daniel Merl
privacy@trever.io

2. General Information on Data Processing

Purposes of Data Processing

We process your personal data for the following purposes:

  • to provide and operate this website and to further improve and develop our website and services;
  • to detect, prevent and investigate attacks on our website and systems;
  • to communicate with prospective customers, customers, partners and other business contacts;
  • for marketing and promotional purposes;
  • to respond to your inquiries and requests;
  • to establish, manage and perform contractual relationships and to carry out pre-contractual measures;
  • to manage customer relationships, projects, support requests and contractual commitments;
  • to ensure the security, availability and reliability of our services and systems;
  • to comply with legal obligations and regulatory requirements.

The following legal bases apply to the processing of your personal data in accordance with Article 6 of the GDPR:

  • If we obtain your consent for the processing of your personal data, the legal basis is Article 6(1)(a) GDPR.
  • If the processing of your personal data is necessary for the performance of a contract with you or for the initiation of a contractual relationship, the legal basis is Article 6(1)(b) GDPR.
  • If the processing of your personal data is required to fulfill a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.
  • If the processing of your personal data is necessary to safeguard our legitimate interests or those of a third party, and your interests, fundamental rights, and freedoms do not override these interests, the legal basis is Article 6(1)(f) GDPR.

Recipients of Personal Data

For the purposes described above, we may disclose or transfer your personal data to the following categories of recipients:

  • IT and cloud service providers engaged by us;
  • hosting, infrastructure and support service providers;
  • customer relationship management and communication providers;
  • payment service providers and banks;
  • accountants, tax advisors, auditors and legal advisors;
  • marketing, analytics and communication providers;
  • business partners and contractors where necessary for the provision of our services;
  • public authorities and courts where required by law.

International Data Transfers

Some of the recipients mentioned above may be located outside the European Economic Area ("EEA") or may process your personal data outside the EEA.

The level of data protection in countries outside the EEA may not correspond to the level of data protection within the EEA. However, we only transfer your personal data to countries for which the European Commission has issued an adequacy decision or where appropriate safeguards pursuant to Article 46 GDPR are in place.

Such safeguards may include, in particular, the conclusion of the European Commission's Standard Contractual Clauses ("SCCs") and, where applicable, additional technical and organizational measures. In certain cases, recipients may also be certified under recognized adequacy frameworks such as the EU-U.S. Data Privacy Framework.

Storage Duration

We retain your personal data only for as long as necessary for the purposes for which it was collected or otherwise processed. If processing is based on your consent, we will delete the relevant data after you withdraw your consent, unless another legal basis or statutory retention obligation applies.

Further storage may occur if required by European or national laws, regulations, or other legal provisions to which we are subject. In such cases, processing will be restricted accordingly where required.

3. Data Processing on the Website

This section describes how we process personal data when you visit our website and related publicly accessible web offerings under the domain trever.io and its subdomains.

Logfiles and Technical Data

To ensure that our website functions properly on your computer or mobile device, we process certain personal data. In some cases, it is necessary to store this data for the duration of your session.

Additionally, we temporarily store your personal data in log files to ensure the website's functionality and maintain the security of our IT systems. The data contained in log files is not used for marketing purposes or creating user profiles.

The collected data includes:

  • Your IP address is processed to enable communication with our website. Where IP addresses are stored in server logs for security purposes, they are truncated or anonymized where technically possible.
  • Date and time of access
  • The source or referral through which you reached our website
  • Name and version of your web browser
  • The operating system used
  • The success or failure status of the access attempt

Purpose of Processing: The purpose of data processing is to provide the website, ensure its technical functionality, and protect the IT systems in use.

Legal Basis: Article 6(1)(f) GDPR (legitimate interest in the stated purpose of processing).

Storage Duration: Server log files processed in connection with the operation of our website are generally stored for a period of up to 30 days and are subsequently deleted or anonymized.

Where log data is processed in connection with our online services or applications for security, troubleshooting, or abuse-prevention purposes, longer retention periods may be required. In such cases, log data is retained only for as long as necessary for these purposes and is subsequently deleted or anonymized.

Cookies and Tracking

Our website uses technically necessary cookies. With your consent, we also use analytics cookies to understand how our website is used and to improve our content.

Types of Cookies

  • Technically necessary cookies: Required for the operation of the website.
  • Analytics cookies (Google Analytics): Used to analyze user behavior and optimize our content.

Technically Necessary Cookies

To ensure the smooth operation of our website, we use technically necessary cookies. These cookies are essential for the proper functioning of key website features and services, making navigation and use easier. Without these cookies, many essential functions would not be available, such as:

  • Managing language settings
  • Ensuring stable navigation
  • Storing your cookie preferences

Technically necessary cookies may store certain personal data, which is used exclusively to enable these functions. No further processing of this data takes place.

Purpose of Processing: Ensuring the availability and smooth operation of our website.

Legal Basis: Article 6(1)(f) GDPR (legitimate interest in the stated purpose of processing).

Storage Duration: These cookies are either deleted at the end of your session (session cookies) or remain on your device for a predefined period (persistent cookies).

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU, EEA, and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that allow us to analyze how you use our website. The information collected by these cookies about your use of the website is typically transferred to a Google server in the United States and stored there.

In Google Analytics 4, IP anonymization is enabled by default. As a result, your IP address is truncated by Google within EU member states or in other states that are part of the European Economic Area (EEA) agreement before being processed. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated. According to Google, the IP address transmitted by your browser within Google Analytics is not merged with other Google data.

During your website visit, Google Analytics may collect information about your interaction with our website and your device, such as page views, session information, click paths, scrolling behavior, clicks on external links, internal searches, interactions with content, file downloads, approximate location, date and time of access, device and browser information, referrer URL, and language settings.

Purpose of Processing: Google uses this information on our behalf to analyze the use of our website and to compile reports on website activity. The reports provided by Google Analytics help us evaluate and improve the performance of our website.

Recipients: The recipients of the data are/can be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a data processor under Article 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Transfers to Third Countries For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU–US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU Standard Contractual Clauses (SCCs) with Google. Storage Duration: The data we send and link to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.

Legal Basis: Consent pursuant to Article 6(1)(a) GDPR.

Withdrawal of Consent: You may withdraw your consent at any time with effect for the future by adjusting the cookie settings on our website. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Alternatively, you can delete cookies or prevent their storage through your browser settings. This may limit the functionality of our website.

Leadinfo

If you have provided your consent, we use the service Leadinfo provided by Leadinfo B.V., Rotterdam, Netherlands, on our website.

Leadinfo recognizes visits to our website by companies based on IP addresses and provides us with publicly available information such as company names or addresses. In addition, Leadinfo may use technologies such as cookies or similar storage mechanisms (e.g. local storage) to analyze the use of our website and correlate IP addresses with companies.

Purpose of processing: Analysis of visits to our website by companies and optimization of our sales and marketing activities.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR.

Further information can be found in Leadinfo's privacy policy at: https://www.leadinfo.com/de/datenschutz/

You may withdraw your consent at any time via the cookie settings on our website or disable data collection by Leadinfo via the following link: https://www.leadinfo.com/en/opt-out.

Hosting

Our website is hosted by GitLab (GitLab B.V. and GitLab Inc.). GitLab is also used to improve the performance of the website and to implement security measures, such as protection against DDoS attacks and defense against malicious bots.

As part of its service provision, GitLab may process technical data, including:

  • IP addresses
  • DNS log data
  • Security fingerprints
  • Other similar information required for service operation

These data are processed in compliance with the GDPR.

For more details, please refer to GitLab's Privacy Policy.

4. Support

For processing and managing support requests, we use the customer service tool Freshdesk, a service provided by Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA.

Freshworks is certified under the EU-U.S. Data Privacy Framework. Where personal data is transferred to the United States, this certification may serve as a transfer mechanism under GDPR. As part of our collaboration with Freshdesk, we have ensured that data processing primarily takes place on servers within the European Union.. As part of our collaboration with Freshdesk, we have ensured that data processing primarily takes place on servers within the European Union.

Purpose of Processing
The use of Freshdesk allows us to efficiently record, manage, and process incoming support requests. In doing so, we store your contact details as well as information related to your request to provide you with fast and targeted assistance.

Legal Basis
The processing of your personal data depends on the specific context:

  • Contract fulfillment under Article 6(1)(b) GDPR, if the processing is necessary to fulfill contractual obligations.
  • Legitimate interest under Article 6(1)(f) GDPR, particularly to improve our customer service and efficiently handle support requests.

Storage Duration
Personal data collected as part of a support request is stored for up to three years. This retention period allows us to track previous inquiries and provide continuous support. If legal retention obligations apply, the data will be archived accordingly and deleted after the statutory retention periods expire.

For more information about data protection at Freshdesk, please refer to Freshworks' Privacy Policy.

5. Trust Center Access

To gain access to our Trust Center on compliance.trever.io, a request must be submitted. This requires providing your name, email address, and company name. The management of these requests is handled by Vanta, an external provider specializing in security and compliance management, headquartered at 369 Hayes Street, San Francisco, USA.

Vanta may process personal data on servers located outside the European Union, in particular in the United States. Vanta is certified under the EU–US Data Privacy Framework. In addition, we have concluded Standard Contractual Clauses pursuant to Art. 46 GDPR with the provider in order to ensure an adequate level of data protection.

Purpose of Processing
The collection and processing of this data are solely for the review and management of access requests to our Trust Center. This ensures that only authorized individuals can access confidential compliance documents.

Legal Basis
The processing of your personal data is based on:

  • Contract fulfillment under Article 6(1)(b) GDPR, if access is required as part of an existing or prospective business relationship.
  • Legitimate interest under Article 6(1)(f) GDPR, as we must ensure that our Trust Center is only accessible to authorized individuals, thereby protecting our compliance information.

Storage Duration
Your data will be stored for up to three years to maintain an auditable access history. If statutory retention periods apply, the data will be archived accordingly and deleted after the retention period expires.

For more information about data protection at Vanta, please refer to Vanta's Privacy Policy.

6. Newsletter

On our website, you have the option to subscribe to our newsletter, which provides regular updates about our company, products, and upcoming events. To register, we collect your email address, as well as your first and last name.

To ensure that the registration is genuinely submitted by you, we use the double opt-in procedure. This means that we will only send you the newsletter after you confirm your subscription by clicking a confirmation link sent to your email. Once you confirm your subscription, we store the following data:

  • Your personal data provided during registration (name, email address)
  • The timestamp of your registration
  • The IP address used during registration

This data is used exclusively for sending the newsletter and for verifying your subscription. Every newsletter also includes a link that allows you to update your personal information.

Purpose of Processing
The collection and storage of this data are solely for the delivery of our newsletter and the management of your subscription.

Legal Basis
The processing of your personal data is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time by clicking the unsubscribe link in any newsletter or by contacting us via the provided contact details. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Storage Duration
Your personal data will only be processed as long as your consent remains valid. If you unsubscribe from the newsletter, your data will be deleted, unless legal retention obligations prevent deletion.

Processing by Mailchimp

For sending our newsletter, we use Mailchimp, a service provided by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. This service enables us to manage and distribute our newsletters efficiently.

Mailchimp processes the data required for sending the newsletter on our behalf. In addition, Mailchimp may process certain technical usage data for its own security, stability, compliance and abuse-prevention purposes.

Please note that Mailchimp may collect information about you from other sources, such as social media or third-party providers. We have no influence over this additional data processing.

For more details about your rights to object or request deletion, please refer to Intuit's Privacy Policy.

Mailchimp is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection.

7. Contact and Business Communications

If you contact us by email, contact form or through other communication channels, or if we communicate with you in the context of an existing or prospective business relationship, we process the personal data you provide or that is generated in the course of such communication.

This may include, in particular, your name, business contact details, company affiliation, role or job title, communication content and related metadata.

Purpose of Processing: Processing and responding to inquiries, maintaining business communications, managing customer and prospect relationships, and coordinating contractual or pre-contractual matters.

Legal Basis: Article 6(1)(b) GDPR where the processing is necessary for the performance of a contract with you or for pre-contractual measures at your request. In other cases, in particular where you act as a representative or contact person of an organization, the legal basis is Article 6(1)(f) GDPR based on our legitimate interest in responding to inquiries, maintaining business communications, and managing business relationships.

Storage Duration: We retain your data only for as long as necessary to process your request, manage the business relationship and any subsequent communication, unless longer retention is required by law or necessary to establish, exercise or defend legal claims.

8. Social Media

We maintain company pages on various social media platforms in order to provide information about our company and our services and to communicate with users. Our company is present on the following platforms:

When visiting our social media pages, personal data may be processed by the respective platform operators. This may include, in particular, usage data such as interactions, page views, profile information, device information, log data and similar information processed by the respective platform.

The platform operators may provide us with aggregated statistics ("page insights") based on this data.

The processing is carried out on the basis of our legitimate interest in effectively informing users and communicating with interested parties (Art. 6(1)(f) GDPR).

Further information on data processing by the platform operators and your rights can be found in their respective privacy policies:

You may exercise your data subject rights against us with regard to processing carried out by us. For processing carried out by the platform operators, you may also exercise your rights directly against the respective platform operator.

Communication via Social Media

If you contact us via our social media pages (e.g. by message or comment), we process the data you provide in order to handle your request.

This processing is based on our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR). Where necessary, processing may also take place to comply with legal obligations or on the basis of your consent.

9. Job Applications

If you apply for a position via our application form, we process your personal data for the purpose of carrying out the application process. Further information on the processing of your personal data in connection with applications can be found in the applicant privacy notice linked in the respective application form.

10. Your Rights as a Data Subject

You have the right to:

  • Obtain information about whether and what personal data we process about you and to request copies of this data.
  • Request the correction, supplementation, or deletion of your personal data if it is inaccurate or not processed in compliance with applicable laws.
  • Request a restriction on the processing of your personal data.
  • Request the transfer of your personal data in a structured, commonly used, and machine-readable format.
  • Object to the processing of your personal data under certain conditions or withdraw your previously given consent for processing.
  • Be informed about the recipients or categories of recipients to whom your personal data has been disclosed.
  • Lodge a complaint with the relevant supervisory authority if you believe that the processing of your personal data violates applicable data protection laws or your data protection rights have been infringed.

11. Complaints

Contact Details of the Data Controller

Trever GmbH
Gadollaplatz 1
8010 Graz, Austria
Email: contact@trever.io

Supervisory Authority

If you believe that the processing of your data violates data protection laws, you have the right to file a complaint with the relevant supervisory authority.

In Austria, the responsible authority is the Data Protection Authority (Datenschutzbehörde): https://www.dsb.gv.at