Privacy Policy

At Layest FlexCo ("Layest", "we", "us", or "our"), we take the protection of your personal data very seriously. This Privacy Policy describes how we, as the data controller under the General Data Protection Regulation ("GDPR"), process your personal data when you ("you" or "your") and other users of the platform (together referred to as the "users") use our website www.layest.com ("Website") and/or the platform accessible via the website (the "Digital Platform").

Our contact details are:

Layest FlexCo
Tegetthoffstraße 7, A-1010 Vienna
Email: privacy@layest.com

3.1 Basic Services

We operate the technical infrastructure of the Digital Platform. Users can use this to jointly map digital business processes, digitize and manage investments in private assets, and/or participate in them. The Digital Platform can also be used for the administration of holdings or for conducting business activities. The structure of the investments can include investment vehicles, holding companies, operating companies, start-ups, or other investors or their legal representatives ("Investment Structure"). Thus, the respective Investment Structure is responsible for processing all personal data related to the management of investments through it, including using the Digital Platform's communication functions to send/receive messages and documents.

Important: For personal data processed by third parties (e.g., contractors, investors) when using the Digital Platform, those third parties are independently responsible under the GDPR.

We are solely responsible for the following types of data processing:

3.1 Server Log Files

When accessing our website, information is automatically collected by the web server and stored in server log files to ensure proper functionality, system stability, and security. Logged data includes:

-IP address (shortened/anonymized if possible)
-Date and time of access
-Accessed pages/files
-Transferred data volume
-Success message (HTTP status code)
-Referrer URL
-Browser type and version
-Operating system
-Name of access provider

Legal Basis: Legitimate interest under Art. 6(1)(f) GDPR, namely:

-Ensuring a smooth connection
-Comfortable website use
-System security and stability
-Technical error analysis and prevention

Retention: Max. 14 days unless needed longer for security reasons.

No Disclosure: No transfer to third parties unless legally required or in case of suspected illegal use.

Note: These data are technically required for safe and stable operation.

3.2 Contact via Contact Form or Email

If you use the contact form on our website, the following data are required:

-First and last name
-Valid email address

Optional: phone number, company name, website

Purpose: Responding to your inquiry based on your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time (Art. 7(3) GDPR).

If contacting us via email (e.g., support@layest.com), the legal basis is Art. 6(1)(b) GDPR if your inquiry is contract-related.

No Disclosure: Unless necessary for fulfilling your request or legally required.

No Automated Decision-Making: Your data will not be processed for the purposes of automated decision-making or profiling within the meaning of Art. 22 GDPR.

Retention: Data are deleted when the conversation ends and no legal retention obligation exists.

3.3 Requesting a Software Demo via Calendly

You can book a free demo via Calendly (Calendly LLC, USA). Required data:

-First and last name
-Email address

Legal Basis: Consent under Art. 6(1)(a) GDPR. You can revoke consent at any time.

Data Transfer to Third Countries: Calendly is based in the U.S. and certified under the EU-U.S. Data Privacy Framework. Transfer is compliant with Art. 45 GDPR.

No disclosure to third parties: Your data will not be passed on to unauthorized third parties and will only be used to process your demo request.

No Automated Decision-Making: Your data will not be processed for the purposes of automated decision-making or profiling within the meaning of Art. 22 GDPR.

Retention: Data are deleted after the demo unless a contractual relationship justifies further processing.

See Calendly's Privacy Policy for more details.

3.4 Registration and Use of the Digital Platform

Registration requires collection of:

-First and last name
-Business email
-Password
-Company name
-Optional: industry and role

Purpose:

-Verify authorization per Terms & Conditions
-Restrict access to authorized users
-Ensure platform security
-Prevent misuse

Legal Basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(a) GDPR (for optional data)

While using the platform, the following are also processed:

-IP address
-Access time
-Accessed functions/content
-Uploaded/edited content
-Duration and interactions

This data processing serves the technical provision, error analysis and improvement of the user experience. Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

Retention: Registration data deleted upon cancellation unless legal retention obligations exist. Usage data deleted no later than 30 days after contract ends.

Data Processing on Behalf: If interacting with third parties on the platform, Layest is a processor per Art. 28 GDPR. The project owner is the controller (Art. 4(7) GDPR).

We may transfer your personal data to recipients outside the European Union (EU) or the European Economic Area (EEA).

Some of these recipients are located in countries for which the European Commission has determined an adequate level of data protection (so-called "adequacy decision" pursuant to Art. 45 GDPR). In these cases, the transfer is permitted under data protection law.

Other recipients, in particular certain service providers in the USA, are located in countries without an adequacy decision. In these cases, we ensure that an appropriate level of protection for your personal data is guaranteed by concluding standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR and by taking additional technical and organizational measures. You can request a copy of the standard contractual clauses used via the contact details provided under point 1 of this privacy policy.

Personal data are stored only as long as legally required or permissible, especially for the exercise or defense of legal claims (e.g., under § 1489 ABGB or § 207 UGB).

After these periods, data are deleted or anonymized.

Data processed for purposes listed in section 3 are stored as long as legally necessary. In case of legal disputes, data may be stored until conclusion of proceedings.

You have the following rights, which you can exercise by contacting us via the contact details above. Rights may be limited if data involves business or trade secrets.

6.1 Right of Access (Art. 15 GDPR)
Right to access your personal data and relevant details.

6.2 Right to Rectification (Art. 16 GDPR)
Right to correct inaccurate or incomplete data.

6.3 Right to Erasure (Art. 17 GDPR)
Right to delete data where permitted ("Right to be Forgotten").

6.4 Right to Restriction of Processing (Art. 18 GDPR)
Applicable if:
-Data accuracy is contested
-You request restriction instead of deletion
-Data no longer needed by us, but required by you for legal claims
-Objection pending

6.5 Right to Data Portability (Art. 20 GDPR)
Right to receive or transmit data in structured, common, machine-readable format.

6.6 Right to Object (Art. 21 GDPR)
Right to object at any time for reasons relating to your situation.

6.7 Right to Withdraw Consent (Art. 7(3) GDPR)
You may revoke your consent at any time, free of charge and without formality.

6.8 Notification Obligation (Art. 19 GDPR)
We will inform recipients of any rectification, erasure, or restriction unless this is impossible or involves disproportionate effort.

6.9 Right to Lodge a Complaint
You can lodge a complaint with the data protection authority if you believe your data rights are violated. In Austria, the authority is:

Austrian Data Protection Authority
Barichgasse 40–42, A-1030 Vienna
Website: www.dsb.gv.at

We reserve the right to update or supplement this Privacy Policy at any time. The current version is always available at: https://www.layest.com/privacy