Data protection

The person responsible for data processing is

tilo GmbH

Magetsham 19
A-4923 Lohnsburg
Phone: +43 (0)7754-400-0
Fax: +43 (0)7754-400-140
Data Protection Officer: Mag. Dieter Stuiber
Company register number: 114193g
Commercial register court: Regional Court of Ried im Innkreis
Registered office: Lohnsburg
Authority according to the ECG (Austrian E-Commerce Law): District Administrative Authority Ried im Innkreis
VAT: ATU 236 42 404 Preamble


The protection of your personal data is a particular concern of tilo GmbH. This privacy policy regulates the handling of personal data and explains how we record, save, process, disclose and transfer your personal data. We handle your data exclusively according to the relevant legal requirements (GDPR, German Telecommunications Act 2003, Development Contract Law, etc.). The following running text outlines only the information relevant for online processing.

Data which you provide/share by using our web services

Along with personal data, we receive some data automatically and, for technical reasons, when you visit our website. Every time you access our website or a file located there, the following access data are collected:
• the website from which you access our page;
• the IP address which was allocated to you by your provider;
• the date and time of access;
• the transferred data volume;
• the name of the accessed file or page;
• notification as to whether the access was successful;
• notification as to why access has failed, if applicable;
• operating system and browser software of your computer if applicable.

We require these data for technical reasons so that we are able to display our website and ensure its stability and security.

Data is processed for the purpose of fulfilling legal requirements, fulfilling contracts, processing customer inquiries about our products and services, carrying out training measures, and conducting business at tilo GmbH.

Contractual partners of tilo GmbH, such as sales partners or service providers such as transport companies for the delivery of goods or third-party software solutions, use the data transmitted by us or transmitted to us by you only to fulfill the respective defined purpose. Any other use of the data is not permitted.

We process personal data for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations, which arise, among other things, from the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO), as well as until the end of any legal dispute, ongoing warranty and guarantee periods, etc.



Our website uses “cookies”. These are small text files which are stored on your end device through your browser. They do not cause any damage to your device. We use cookies to make our website user-friendly. Some cookies are stored on your end device until you delete them. They allow us to recognise your browser when you next visit our site. If you do not want this to happen, you can adjust your browser settings so that you are notified of the use of cookies and only allow them in individual cases. If you choose to deactivate the cookies, the functionality of our website may be limited.


Web analysis

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For this purpose, cookies are used which allow to analyse the visitors’ use of the website. The information generated in this connection is transmitted to the provider’s server and stored there. You can prevent this by setting up your browser in a way that no cookies are saved.

You can also prevent any data created by the cookie and relating to your use of the website from being recorded and processed by Google by downloading and installing the browser plug-in available here: We concluded a contract for third-party data processing with Google. Your IP address will be recorded, but immediately pseudonymised. Thus, only rough localisation is possible.

The processing of data is based on the legal provisions of Section 96(3) TKG (German Telecommunications Act) and of point (a) (consent) and/or point (f) (legitimate interest) of Art. 6(1) GDPR. Our purpose in the sense of the GDPR (legitimate interest) is the improvement of our offering and of our web presence. As the privacy of our users is important to us, user data is pseudonymised. The user data will be retained for 50 months. Please refer to the privacy policy of Google for further information about the handling of user data at

Privacy policy of Google:


Tracking for personalisation 

A cookie is used to display personalised page suggestions. When you visit the website, the following data are therefore collected: Internal ID of the page accessed.


Attributes of the page accessed

Categories of the page accessed
This data is not disclosed. No IP addresses are stored. Functionality restrictions without cookies If you prevent us from using cookies, some functions and pages may not function as expected. In particular, the login will not work. You can delete cookies that are already on your computer at any time. The precise procedure depends on your browser; please look at your browser instructions (under “Help” in the browser menu)


Collection of access data and log files

We, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.


Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply. Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.



You can subscribe to our newsletter through our website. For this purpose, we need your email address and your declaration that you consent to receiving the newsletter. To provide information in a targeted manner, we also collect and process information on fields of interests, date of birth or postcode provided voluntarily by you. As soon as you have subscribed to the newsletter, we will send you a confirmation email containing a link for the confirmation of the subscription.
You can cancel your newsletter subscription at any time by unsubscribing via the button in the newsletter or by sending an email to:
We will subsequently delete your data in connection with the sending of newsletters without delay.



We integrate the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-Out:



Within our online offer, functions and content of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking regarding the content, the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the call of the above-mentioned content and functions to the profiles of the users there. Privacy policy of Instagram:



Within our online offer, functions and contents of the service Pinterest, offered by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking regarding the content, the authors of the content or subscribe to our posts. If the users are members of the platform Pinterest, Pinterest can assign the call of the above-mentioned content and functions to the profiles of the users there. Pinterest privacy policy:


Google Maps

This website uses Google Maps API on some pages to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. For more information about data processing by Google, please refer to Google's privacy policy:



Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our websites that contains functions of LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our websites with your IP address. If you click the "Recommend button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We point out that we have no knowledge of the content of the transmitted data and its use by LinkedIn. For more information, please refer to the LinkedIn privacy policy at:


Data security SSL

Your personal data, provided that you disclose it through our websites, is encrypted (SSL) and transmitted via internet. You can recognise an encrypted connection when the address line in the browser changes from “http://” to “https://”. If the SSL encryption is enabled, the data you transmit to us cannot be accessed by third parties. We take technical and organisational measures to protect our website and other systems against loss, destruction, access, modification and dissemination of your data by unauthorised individuals. You should always treat your access information confidentially and close the browser window once you have terminated the communication with us, especially if you use the computer jointly with other persons.


tilo Floor Layer App

The following notes provide a simple overview of what happens to your personal data when you use our mobile application "tilo Bodenleger" (app). Personal data is any data that can be used to identify you personally. 
When ordering floor samples via the tilo floor box, the following personal data is processed:

  • First name, last name, address, city, telephone number, e-mail address.
  • Payment data is processed by our service provider hobex AG, Josef-Brandstätter-Straße 2b, 5020 Salzburg, Austria. tilo does not store this data between.

We process aggregated (anonymous) usage statistics of our app to improve and optimize our app. This includes country code, language, manufacturer and operating system version of the devices on which our apps are installed. In addition, we collect which versions of our apps are in use. This data is collected completely anonymously; it is not possible to draw conclusions about individual users. This information is usually transferred to a server of the providers and stored there. These are as follows:
The purpose of collecting and using this data is to analyze our target group and improve our product functions based on usage metrics. The legal basis is Art. 6 para. 1f DSGVO (legitimate interest of us in analyzing user behavior in order to optimize our app) or Art. 6 para. 1a DSGVO (consent given by you). The collected data is anonymized before an analysis is performed. As a result, personal data is truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transferred to the USA.


Facebook SDK

The so-called Facebook Software Development Kit (Facebook SDK) is used in our app. The Facebook SDK is provided by Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA ("Facebook"). The following data is used for this purpose:

  • App ID,
  • the app version,
  • Mobile Ad ID (iOS IDFA or Android Ad ID).
  • Explicit events - information from events, e.g. "AddtoCart" or "logPurchase", as well as additional parameters provided by the app.
  • Automatically logged events - Basic interactions in the app (e.g. app installs, app launches) and system events (e.g. SDK loading, SDK performance) that are automatically logged.
  • Metadata from the request - mobile OS type and version, SDK version, app name, app version, device opt-out setting, user agent string, and client IP address. The SDK also collects the following device metrics: Time zone, device operating system, device model, vendor, screen size, processor cores, total memory, free space.

The Facebook SDK helps us to increase the advertising success of mobile app advertising campaigns placed via Facebook.
for example, by not displaying ads for the app on devices where the app is already installed. on which the app is already installed. The Facebook SDK also enables us to perform various analyses on the installation of our app and the success of one of our advertising campaigns. With the help of the Facebook SDK, it is also possible for us to analyze individual activities of a user within the app, for example, to be able to define the target group for advertising campaigns more precisely and better. Only this pseudonymized data is transmitted to Facebook. The pseudonym is the advertising ID provided by the operating system of the
The pseudonym is the advertising ID provided by the operating system of the end device (the name may differ depending on the operating system). The app ID can be user when the app is reinstalled. The purpose of collecting and using this data is to analyze our target group and to optimize the advertising campaigns or product information. The legal basis is Art. 6 para. 1f DSGVO (legitimate interest of us in analyzing user behavior in order to conduct individualized advertising campaigns) or Art. 6 para. 1a DSGVO (consent given by you). More information about data protection at Facebook can be found here.

Visual Studio App Center

Our app use crash reports from Visual Studio App Center, a product of Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA ("Google").  Using Visual Studio App Center, we receive information about the country code, language, manufacturer, and operating system version of the devices on which our apps are installed, as well as information about the installed version of our apps. In addition, we receive detailed crash information in case one of our apps does not work properly. More information about privacy in Visual Studio App Center can be found here.

Interest-based cross-app advertising

As described above, we work with third-party providers to serve ads. Unless you wish to do so, you can set this on your device ("Limit ad tracking" on iOS and "Disable interest-based advertising or disable personalized advertising").


Your Rights

You have the right to obtain information on whether we process your personal data. If that is the case, you have the right to information on your personal data and further information specified in art. 15 GDPR.

In cases of doubt, we may request further information to verify your identity. This is a measure to protect your personal data.

Furthermore, you have a right to rectification and erasure of incorrect or incomplete data, as well as the right to a restriction of data processing, provided that there are no legal reasons preventing this. You have the right to data portability; this means that you can request to obtain your data in a structured, commonly used and machine-readable format. You also have the right to withdraw your previously given consent to the use of your personal data at any time. If you believe that the processing of your data infringes applicable data protection legislation, or that your legal claim to data protection may be violated in some way, you can complain to the relevant supervisory authority. In Austria, this is the Austrian Data Protection Authority (email:

Please contact us regarding your rights or if you have any other questions or suggestions about our privacy policy at:

tilo GmbH, Magetsham 19, A-4923 Lohnsburg