Was ist NIS2 und wer ist in Österreich betroffen?

NIS2 ist die EU-Richtlinie zur Netz- und Informationssicherheit (Network and Information Security Directive). In Österreich betrifft sie kritische Infrastrukturen wie Energie, Verkehr, Gesundheitswesen, sowie wichtige Wirtschaftssektoren. Unternehmen ab 50 Mitarbeitern oder 10 Mio. EUR Umsatz in betroffenen Sektoren müssen die Anforderungen erfüllen. VETOSEC bietet kostenlose NIS2-Schnellprüfungen an.

Was sind Managed Security Services?

Managed Security Services bedeuten, dass ein spezialisierter Anbieter Ihre Cybersicherheit kontinuierlich überwacht und verwaltet. Dies umfasst 24/7 Bedrohungsüberwachung, Endpoint Detection and Response (EDR), Incident Response, und Security Operations Center (SOC) Funktionen. Ideal für Unternehmen ohne eigenes Security-Team.

Wie lange dauert eine ISO27001-Zertifizierung?

Eine ISO27001-Zertifizierung dauert in Österreich typischerweise 6-12 Monate, abhängig von der Unternehmensgröße und bestehenden Sicherheitsmaßnahmen. Der Prozess umfasst Gap-Analyse, Implementierung eines Information Security Management Systems (ISMS), interne Audits und das externe Zertifizierungsaudit.

Was ist der Unterschied zwischen NIS2 und DORA?

NIS2 gilt für kritische Infrastrukturen und wichtige Wirtschaftssektoren in der gesamten EU. DORA (Digital Operational Resilience Act) ist spezifisch für Finanzinstitute und konzentriert sich auf digitale operationale Resilienz. Beide erfordern Cybersicherheitsmaßnahmen, aber DORA hat zusätzliche Anforderungen für Finanzdienstleister in Österreich.

Warum brauchen österreichische KMU Cybersicherheit?

Österreichische KMU sind zunehmend Ziel von Cyberangriffen, insbesondere Ransomware. Zusätzlich erfordern neue EU-Richtlinien wie NIS2 und DSGVO angemessene Sicherheitsmaßnahmen. Ein Sicherheitsvorfall kann zu Datenverlust, Betriebsunterbrechungen, hohen Strafen und Reputationsschäden führen. Professionelle Cybersicherheit schützt Ihr Geschäft und Ihre Kunden.

Privacy Policy

Data Protection Information

1. Controller (Data Protection Officer)

Samuel Ziegler, BSc
Email: office@vetosec.at
Website: https://vetosec.at
Address: Universitätsstraße 65/67, 9020 Klagenfurt am Wörthersee, Austria

2. Data We Collect

We collect the following types of personal data:

Contact Information: Name, email address, company name, phone number - collected when you submit contact forms or inquire about our services
Technical Data: IP address, browser type, operating system, access times, pages visited, referrer information - collected via server logs
Cookie Data: For analytics and website functionality (only with your explicit consent)
Form Submission Data: Information you voluntarily provide in contact forms or service requests

3. Purpose of Data Processing

We process your personal data for the following purposes:

Responding to your inquiries and service requests
Providing cybersecurity consulting services and support
Improving our website functionality and user experience
Website analytics and performance optimization (with your consent)
Compliance with legal and regulatory obligations (Austrian and EU law)
Legitimate business interests in understanding user behavior and service effectiveness

4. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR:

Article 6(1)(a) GDPR: Your explicit consent (e.g., Google Analytics, marketing communications)
Article 6(1)(b) GDPR: Contract performance (service delivery, consulting)
Article 6(1)(c) GDPR: Legal obligations (tax law, Austrian Corporate Code)
Article 6(1)(f) GDPR: Legitimate interests (security, website optimization, fraud prevention)

5. Data Retention Periods

We retain your personal data only as long as necessary for the stated purpose:

Contact Form Submissions: Retained for 3 years or until legal obligations are fulfilled
Server Logs: Retained for 30 days (IP addresses, access logs)
Analytics Data: Retained according to Google Analytics retention settings (26 months by default)
Customer Service Data: Retained for 7 years (Austrian tax and business law requirements)

You may request deletion of your data at any time, subject to legal and contractual obligations.

6. Cookies and Web Analytics

Google Analytics: We use Google Analytics 4 to analyze website usage, visitor behavior, and traffic sources. This processing is only activated with your explicit consent via our cookie banner. Google Analytics may transfer data to the United States under the EU-US Data Privacy Framework.

Tracking ID (if enabled): Google Analytics
Data Controller: Google Ireland Limited
Processing Purpose: Website analytics and user behavior analysis
Cookies Set: _ga, _ga_[measurement-id], _gid
Retention: 26 months (configurable)
Manage your Google data

Essential Cookies: We may set essential cookies for website functionality without consent (e.g., CSRF tokens, session identifiers).

You can withdraw your consent at any time by adjusting your cookie preferences via our cookie settings or your browser settings.

7. External Resources and Third-Party Services

Our website uses the following third-party services, which may process your data:

Google Analytics: Tracks website usage and visitor behavior (with consent)
Google Analytics Privacy Policy
Email Service: Contact form submissions may be processed via secure email (office@vetosec.at)

8. Your Rights Under GDPR

You have the following rights regarding your personal data under GDPR and Austrian Data Protection Law:

Right of Access (Art. 15 GDPR): Obtain confirmation of whether your data is processed and receive a copy
Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete personal data
Right to Erasure/Right to be Forgotten (Art. 17 GDPR): Request deletion of your data (subject to legal obligations)
Right to Restrict Processing (Art. 18 GDPR): Limit how we use your data
Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format
Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests or direct marketing
Right to Lodge a Complaint: File a complaint with the Austrian Data Protection Authority (Datenschutzbehörde)
Right to Withdraw Consent: Withdraw consent at any time (without affecting the lawfulness of prior processing)

9. Data Security and Protection Measures

We implement comprehensive technical and organizational security measures:

All data transmission encrypted using TLS 1.2+ (HTTPS)
Secure server infrastructure with access controls
Regular security updates and patches
Limited access to personal data (need-to-know basis)
Monitoring for unauthorized access attempts
Secure disposal of data when no longer needed

10. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or automated profiling that produces legal or similarly significant effects.

11. Data Transfers and International Transfers

Personal data may be transferred to the United States for Google Analytics processing. These transfers are safeguarded under the EU-US Data Privacy Framework and Standard Contractual Clauses. You have the right to obtain information about safeguards applied to such transfers. Web fonts are served locally and do not result in international transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal changes, new technologies, or improvements to our services. We will notify you of material changes via email or a prominent notice on our website.

13. Contact and Data Subject Rights Requests

To exercise any of your rights or for privacy-related inquiries, please contact us:

Samuel Ziegler, BSc
Email: office@vetosec.at
Website: https://vetosec.at

Austrian Data Protection Authority (Datenschutzbehörde):
If you wish to lodge a complaint: www.dsb.gv.at

Last updated: March 2026