Get in touch ↗ Menu
Get in touch

PRIVACY POLICY

March 2026

Protecting your personal data is important to us. We process your data exclusively in accordance with the applicable legal provisions (in particular, the GDPR, DSG, and TKG 2003). With this privacy policy, we would like to inform you, in accordance with Article 13 of the General Data Protection Regulation (GDPR), about how we, as the data controller, process your personal data in connection with this website and the services and offerings described below.

We strive to present the technical information related to the data protection of this website in a manner that is as clear and comprehensible as possible.

1. Name and Contact Details of the Data Controller

We, Trever GmbH, are the point of contact and the responsible entity within the meaning of the EU General Data Protection Regulation (GDPR) for the processing of your personal data in connection with the activities described below.

You can reach us at the following contact details:

Trever GmbH
Gadollaplatz 1
8010 Graz
Austria
contact@trever.io

Alternatively, you are also welcome to contact our Data Protection Coordinator directly:

Daniel Merl
privacy@trever.io

2. General Information on Data Processing

We process your personal data only to the extent necessary for the proper functioning of our website, as well as for the provision of our content and services.

The following legal bases apply to the processing of your personal data in accordance with Article 6 of the GDPR:

  • If we obtain your consent for the processing of your personal data, the legal basis is Article 6(1)(a) GDPR.
  • If the processing of your personal data is necessary for the performance of a contract with you or for the initiation of a contractual relationship, the legal basis is Article 6(1)(b) GDPR.
  • If the processing of your personal data is required to fulfill a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.
  • If the processing of your personal data is necessary to safeguard our legitimate interests or those of a third party, and your interests, fundamental rights, and freedoms do not override these interests, the legal basis is Article 6(1)(f) GDPR.

STORAGE DURATION

Your personal data will be deleted as soon as the purpose of storage no longer applies or, if you have a right of withdrawal, as soon as you revoke your consent. Further storage may occur if this is required by European or national legislation in regulations, laws, or other legal provisions to which we are subject. In such cases, the processing will be restricted accordingly.

3. Data Processing on the Website

This privacy policy applies to our website and to all online services and web offerings operated by us under the domain trever.io and its subdomains.

LOGFILES AND TECHNICAL DATA

To ensure that our website functions properly on your computer or mobile device, we process certain personal data. In some cases, it is necessary to store this data for the duration of your session.

Additionally, we temporarily store your personal data in log files to ensure the website's functionality and maintain the security of our IT systems. The data contained in log files is not used for any other purposes.

The collected data includes:

  • Your IP address is processed to enable communication with our website. Where IP addresses are stored in server logs for security purposes, they are truncated or anonymized where technically possible.
  • Date and time of access
  • The source or referral through which you reached our website
  • Name and version of your web browser
  • The operating system used
  • The success or failure status of the access attempt

Purpose of Processing: The purpose of data processing is to provide the website, ensure its technical functionality, and protect the IT systems in use.

Legal Basis: Article 6(1)(f) GDPR (legitimate interest in the stated purpose of processing).

Storage Duration: Server log files processed in connection with the operation of our website are generally stored for a period of up to 30 days and are subsequently deleted or anonymized.

Where log data is processed in connection with our online services or applications for security, troubleshooting, or abuse-prevention purposes, longer retention periods may be required. In such cases, log data is retained only for as long as necessary for these purposes and is subsequently deleted or anonymized.

COOKIES AND TRACKING

Our website uses cookies to enhance the display of content and to conduct statistical evaluations.

Types of Cookies

  • Technically necessary cookies: Required for the operation of the website.
  • Analytics cookies (Google Analytics): Used to analyze user behavior and optimize our content.

Technically Necessary Cookies

To ensure the smooth operation of our website, we use technically necessary cookies. These cookies are essential for the proper functioning of key website features and services, making navigation and use easier. Without these cookies, many essential functions would not be available, such as:

  • Managing language settings
  • Ensuring stable navigation
  • Storing your cookie preferences

Technically necessary cookies may store certain personal data, which is used exclusively to enable these functions. No further processing of this data takes place.

Purpose of Processing: Ensuring the availability and smooth operation of our website.

Legal Basis: Article 6(1)(f) GDPR (legitimate interest in the stated purpose of processing).

Storage Duration: These cookies are either deleted at the end of your session (session cookies) or remain on your device for a predefined period (persistent cookies).

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU, EEA, and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that allow us to analyze how you use our website. The information collected by these cookies about your use of the website is typically transferred to a Google server in the United States and stored there.

In Google Analytics 4, IP anonymization is enabled by default. As a result, your IP address is truncated by Google within EU member states or in other states that are part of the European Economic Area (EEA) agreement before being processed. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated. According to Google, the IP address transmitted by your browser within Google Analytics is not merged with other Google data.

During Your Website Visit, the Following User Interactions ("Events") Are Tracked:

  • Page views
  • First visit to the website
  • Session start
  • Visited pages
  • Your "click path" (interactions with the website)
  • Scrolls (whenever a user scrolls to 90% of a page)
  • Clicks on external links
  • Internal searches
  • Interaction with videos
  • File downloads
  • Viewed/clicked advertisements
  • Language settings

Additionally, the Following Information Is Collected:

  • Your approximate location (region)
  • Date and time of visit
  • Your IP address (in truncated form)
  • Technical information about your browser and device (e.g., language settings, screen resolution)
  • Your internet service provider
  • The referrer URL (the website or advertisement through which you reached this website)

Purpose of Processing: On behalf of the operator of this website, Google will use this information to analyze your use of the website and to compile reports on website activity. The reports provided by Google Analytics help us evaluate and improve the performance of our website.

Recipients:
The recipients of the data are/can be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a data processor under Article 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Transfers to Third Countries
For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU–US Data Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g., Singapore) cannot be completely ruled out, we have also concluded the EU Standard Contractual Clauses (SCCs) with Google.
Storage Duration: The data we send and link to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.

Legal Basis: Consent pursuant to Article 6(1)(a) GDPR.

Withdrawal of Consent: You may withdraw your consent at any time with effect for the future by adjusting the cookie settings on our website. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

Alternatively, you can delete cookies or prevent their storage through your browser settings. This may limit the functionality of our website.

Leadinfo

If you have provided your consent, we use the service Leadinfo provided by Leadinfo B.V., Rotterdam, Netherlands, on our website.

Leadinfo recognizes visits to our website by companies based on IP addresses and provides us with publicly available information such as company names or addresses. In addition, Leadinfo may use technologies such as cookies or similar storage mechanisms (e.g. local storage) to analyze the use of our website and correlate IP addresses with companies.

Purpose of processing: Analysis of the use of our website by companies and optimization of our sales and marketing activities.

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR.

Further information can be found in Leadinfo’s privacy policy at:
https://www.leadinfo.com/de/datenschutz/

You may withdraw your consent at any time via the cookie settings on our website or disable data collection by Leadinfo via the following link:
https://www.leadinfo.com/en/opt-out.

SUPPORT

For processing and managing support requests, we use the customer service tool Freshdesk, a service provided by Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA.

Freshworks may process personal data in the United States. However, the company is an active participant in the EU-U.S. Data Privacy Framework, ensuring a secure and compliant transfer of personal data from EU citizens to the U.S. As part of our collaboration with Freshdesk, we have ensured that data processing primarily takes place on servers within the European Union.

Purpose of Processing
The use of Freshdesk allows us to efficiently record, manage, and process incoming support requests. In doing so, we store your contact details as well as information related to your request to provide you with fast and targeted assistance.

Legal Basis
The processing of your personal data depends on the specific context:

  • Contract fulfillment under Article 6(1)(b) GDPR, if the processing is necessary to fulfill contractual obligations.
  • Legitimate interest under Article 6(1)(f) GDPR, particularly to improve our customer service and efficiently handle support requests.

Storage Duration
Personal data collected as part of a support request is stored for up to three years. This retention period allows us to track previous inquiries and provide continuous support. If legal retention obligations apply, the data will be archived accordingly and deleted after the statutory retention periods expire.

For more information about data protection at Freshdesk, please refer to Freshworks' Privacy Policy.

TRUST CENTER

To gain access to our Trust Center on compliance.trever.io, a request must be submitted. This requires providing your name, email address, and company name. The management of these requests is handled by Vanta, an external provider specializing in security and compliance management, headquartered at 369 Hayes Street, San Francisco, USA.

Vanta may process personal data on servers located outside the European Union, in particular in the United States. Vanta is certified under the EU–US Data Privacy Framework. In addition, we have concluded Standard Contractual Clauses pursuant to Art. 46 GDPR with the provider in order to ensure an adequate level of data protection.

Purpose of Processing
The collection and processing of this data are solely for the review and management of access requests to our Trust Center. This ensures that only authorized individuals can access confidential compliance documents.

Legal Basis
The processing of your personal data is based on:

  • Contract fulfillment under Article 6(1)(b) GDPR, if access is required as part of an existing or prospective business relationship.
  • Legitimate interest under Article 6(1)(f) GDPR, as we must ensure that our Trust Center is only accessible to authorized individuals, thereby protecting our compliance information.

Storage Duration
Your data will be stored for up to three years to maintain an auditable access history. If statutory retention periods apply, the data will be archived accordingly and deleted after the retention period expires.

For more information about data protection at Vanta, please refer to Vanta’s Privacy Policy.

NEWSLETTER

On our website, you have the option to subscribe to our newsletter, which provides regular updates about our company, products, and upcoming events. To register, we collect your email address, as well as your first and last name.

To ensure that the registration is genuinely submitted by you, we use the double opt-in procedure. This means that we will only send you the newsletter after you confirm your subscription by clicking a confirmation link sent to your email. Once you confirm your subscription, we store the following data:

  • Your personal data provided during registration (name, email address)
  • The timestamp of your registration
  • The IP address used during registration

This data is used exclusively for sending the newsletter and for verifying your subscription. Every newsletter also includes a link that allows you to update your personal information.

Purpose of Processing
The collection and storage of this data are solely for the delivery of our newsletter and the management of your subscription.

Legal Basis
The processing of your personal data is based on your consent under Article 6(1)(a) GDPR. You can withdraw your consent at any time by clicking the unsubscribe link in any newsletter or by contacting us via the provided contact details. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Storage Duration
Your personal data will only be processed as long as your consent remains valid. If you unsubscribe from the newsletter, your data will be deleted, unless legal retention obligations prevent deletion.

Processing by Mailchimp

For sending our newsletter, we use Mailchimp, a service provided by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. This service enables us to manage and distribute our newsletters efficiently.

Mailchimp processes personal data exclusively on our behalf for the purpose of sending the newsletter. Without your consent and the provision of your data, we are unable to send you the newsletter.

In addition to processing on our behalf, Mailchimp may also process certain technical usage data to ensure the security and stability of its systems, including:

  • Your device information (IP address, operating system, browser, hardware details)
  • The email application used to read the newsletter
  • Technical data related to your hardware and internet connection
  • Usage data, such as the time you open emails and click behavior (e.g., which links you clicked)

These data are used by Mailchimp for system security and stability, compliance with its terms of service, and prevention of misuse. The processing of this data is based on Mailchimp’s legitimate interest under Article 6(1)(f) GDPR.

Please note that Mailchimp may collect information about you from other sources, such as social media or third-party providers. We have no influence over this additional data processing.

For more details about your rights to object or request deletion, please refer to Intuit’s Privacy Policy.

Mailchimp is certified under the EU-U.S. Data Privacy Framework (DPF), ensuring an adequate level of data protection.

HOSTING

Our website is hosted by GitLab (GitLab B.V. and GitLab Inc.). GitLab is also used to improve the performance of the website and to implement security measures, such as protection against DDoS attacks and defense against malicious bots.

As part of its service provision, GitLab may process technical data, including:

  • IP addresses
  • DNS log data
  • Security fingerprints
  • Other similar information required for service operation

These data are processed in compliance with the GDPR.

For more details, please refer to GitLab’s Privacy Policy.

4. Contact

We also collect personal data if you voluntarily provide it to us, for example, when you contact us. The personal data you share with us in this context will be used exclusively for the purpose for which you provided it as part of your inquiry.

Providing this data is voluntary and done at your own discretion. If you share contact details (such as your email address or phone number), we will use them solely to communicate with you in response to your request.

Purpose of Processing: The purpose of processing your data is to handle and respond to your inquiry.

Legal Basis: The legal basis for processing the data you provide in your inquiry is our legitimate interest in fulfilling the stated purpose, in accordance with Article 6(1)(f) GDPR.

Storage Duration: The personal data collected as part of your inquiry will be deleted once it is no longer necessary for its original purpose, your request has been fully processed, and no further communication with you is required or requested.

5. Social Media

We maintain company pages on various social media platforms in order to provide information about our company and our services and to communicate with users. Our company is present on the following platforms:

When visiting our social media pages, personal data may be processed by the respective platform operators. This particularly includes usage data (e.g. interactions, page views) and, where applicable, profile data.

The platform operators may provide us with aggregated statistics (“page insights”) based on this data. With regard to this processing, we act as joint controllers with the respective platform operator in accordance with Art. 26 GDPR.

The processing is carried out on the basis of our legitimate interest in effectively informing users and communicating with interested parties (Art. 6(1)(f) GDPR).

Further information on data processing by the platform operators and your rights can be found in their respective privacy policies:

You may exercise your data subject rights both against us and against the respective platform operators.

Communication via Social Media

If you contact us via our social media pages (e.g. by message or comment), we process the data you provide in order to handle your request.

This processing is based on our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR). Where necessary, processing may also take place to comply with legal obligations or on the basis of your consent.

6. Job Applications

If you apply for a position via our application form, we process your personal data for the purpose of carrying out the application process. Further information on the processing of your personal data in connection with applications can be found in the applicant privacy notice linked in the respective application form.

7. Your Rights as a Data Subject

You have the right to:

  • Obtain information about whether and what personal data we store about you and to request copies of this data.
  • Request the correction, supplementation, or deletion of your personal data if it is inaccurate or not processed in compliance with applicable laws.
  • Request a restriction on the processing of your personal data.
  • Request the transfer of your personal data in a structured, commonly used, and machine-readable format.
  • Object to the processing of your personal data under certain conditions or withdraw your previously given consent for processing.
  • Be informed about any third parties to whom your personal data has been transferred.
  • Lodge a complaint with the relevant supervisory authority if you believe that the processing of your personal data violates applicable data protection laws or your data protection rights have been infringed.

In Austria, the responsible supervisory authority is the Data Protection Authority (Datenschutzbehörde). More information can be found on its website: https://www.dsb.gv.at.

8. Complaints

CONTACT DETAILS OF THE DATA CONTROLLER

Trever GmbH
Gadollaplatz 1
8010 Graz, Austria
Email: contact@trever.io

SUPERVISORY AUTHORITY

If you believe that the processing of your data violates data protection laws, you have the right to file a complaint with the relevant supervisory authority.

In Austria, the responsible authority is the Data Protection Authority (Datenschutzbehörde): https://www.dsb.gv.at