Privacy Policy

Last updated: 15th January 2026

Introduction

elitecraft AG ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website elitecraft.top and use our services.

We are the data controller responsible for your personal data. Our registered office is located at Favoritenstraße 10, 9593 Villach, Carinthia, Austria. Registration Number: FN972564a.

Data Collection

We collect and process the following types of personal data:

  • Contact Information: Name, email address, phone number, company name, and postal address when you contact us or request our services.
  • Communication Data: Information contained in any communications you send to us, including email content and enquiry details.
  • Technical Data: IP address, browser type and version, operating system, and website usage information collected through cookies and similar technologies.
  • Usage Data: Information about how you use our website, including pages visited, time spent on pages, and interaction patterns.

The data we collect helps us understand your needs and provide better services. We only collect information that is necessary for the purposes outlined in this policy.

How We Use Your Information

We process your personal data for the following purposes, based on legitimate interests and your consent where required:

  • Service Provision: To provide our micro-credentialing platform analysis and consulting services.
  • Communication: To respond to your enquiries, provide customer support, and send service-related communications.
  • Business Operations: To manage our business relationship with you, including contract management and invoicing.
  • Website Improvement: To analyse website usage and improve our online services and user experience.
  • Marketing: With your consent, to send you information about our services and industry insights that may be of interest to you.
  • Legal Compliance: To comply with legal obligations and protect our legitimate business interests.

How we use your data depends on the legal basis for processing, which may include consent, contract performance, legitimate interests, or legal obligations.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

We implement Google Consent Mode v2 to respect your privacy choices and ensure compliance with applicable data protection regulations.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our website and conducting our business, subject to confidentiality agreements.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Protection: To protect our rights, property, or safety, or that of our users or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of business assets, subject to appropriate data protection safeguards.

All third-party service providers are required to maintain appropriate security measures and use your data only for specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Contact and Communication Data: Retained for up to 7 years after last contact for business and legal purposes.
  • Client Project Data: Retained for the duration of the business relationship plus 7 years for legal and contractual obligations.
  • Marketing Data: Retained until you withdraw consent or for up to 3 years of inactivity.
  • Website Usage Data: Typically retained for up to 26 months for analytics purposes.

Data retention periods may be extended where required by law or for the establishment, exercise, or defence of legal claims.

Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights:

  • Right of Access: Request copies of your personal data and information about how it is processed.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: Request limitation of processing in certain situations.
  • Right to Data Portability: Request transfer of your data to another organisation or receive it in a structured format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Incident response and breach notification procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protection measures.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) that may have different data protection laws. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules or certification schemes

We will only transfer your data where we have ensured appropriate protection is in place.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can take appropriate action.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date at the top of this policy
  • Sending email notification for significant changes (where we have your email address)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Data Protection Contact:

Email: privacy@elitecraft.top

Phone: +43 4241977269

Post: elitecraft AG, Favoritenstraße 10, 9593 Villach, Carinthia, Austria

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority. In Austria, this is the Austrian Data Protection Authority (Datenschutzbehörde).

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Consent: Where you have given clear consent for specific processing activities.
  • Contract Performance: Where processing is necessary for the performance of a contract with you.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided this does not override your fundamental rights.
  • Legal Obligation: Where processing is required to comply with legal obligations.

We will always ensure that any processing is fair, lawful, and transparent, and that your rights and freedoms are protected.