Privacy policy

Privacy policy

Drafted: 22 June 2026
Last updated: 23 June 2026

This policy explains how PE Marph GmbH ("Marph", "we", "us") collects, uses, shares and protects personal data when you visit or buy from marph.co, complete one of our online assessments at scorecard.marph.co, register for one of our events, or otherwise communicate with us. It also explains your rights under the EU General Data Protection Regulation (GDPR) and Austrian data protection law.

Who we are

The data controller is:

PE Marph GmbH
Mariahilfer Straße 187/13
1150 Vienna, Austria
Company register: FN 484427v
VAT: ATU72953958
Email: info@marph.co
Telephone: +43 1 411 8627

For any question about this policy or to exercise your rights, contact us at info@marph.co.

What personal data we collect

Data you give us directly

  • Orders and checkout: name, billing and shipping address, email, telephone, the items you buy, and your payment details (entered directly with our payment providers — we do not store full card numbers).
  • Account: if you create an account or a Shop account, the login and profile details associated with it.
  • Contact and enquiries: the content of messages you send us and the details you include.
  • Online assessments and quizzes: when you complete an assessment such as the manager-type scorecard, your answers, the result generated, and any contact details you provide to receive it.
  • Event registration: the details you give when registering for a workshop or event, including through Eventbrite.
  • Email subscriptions: your email address and preferences when you sign up for updates.
  • Product reviews: the name, content and any rating you submit through our reviews tool.

Data we collect automatically

  • Device and usage data: IP address, browser and device type, pages viewed, referring pages, and interactions with the site.
  • Analytics and measurement: collected through Google Analytics 4 and Shopify's own analytics.
  • Session analytics: Microsoft Clarity may record anonymised session replays and heatmaps of how pages are used. Form fields and sensitive inputs are masked.
  • On-site messaging and testing: OptiMonk records interactions with pop-ups and on-site campaigns and supports A/B testing.
  • Cookies and similar technologies: see the section below.

Data we obtain from other sources

  • Business contact data for outreach: for our business-to-business marketing, we obtain professional contact details (such as name, role, employer and business email) from publicly available professional profiles and third-party business contact databases. We process these to contact people whose professional role suggests a relevance to our work in people, organisational culture or learning. This is explained further under "Marketing and how we obtained your details".
  • Payment and fraud signals from our payment providers, and order or delivery data from shipping partners.

Cookies and similar technologies

We use cookies and similar technologies for essential site functions, analytics and marketing. Non-essential cookies are set only where you have given consent through our cookie banner, which you can change at any time. The main categories are:

Category Examples / providers Purpose
Strictly necessary Shopify (cart, checkout, Shop Pay), hCaptcha Run the store, keep your cart, secure forms against bots. Always active.
Analytics and performance Google Analytics 4, Shopify analytics, Microsoft Clarity Understand how the site is used and improve it. Set with consent.
Marketing and personalisation Google Ads, Meta (Facebook and Instagram), LinkedIn, Google Tag Manager (and tags managed within it), OptiMonk, HubSpot, and a website visitor-identification tool Measure campaigns, show relevant messaging, and connect activity to our CRM. Set with consent.

Exact cookie names and lifespans vary by provider and can be reviewed in your browser and in each provider's documentation. You can manage or withdraw consent at any time using the cookie settings on our site, and you can block or delete cookies in your browser settings.

How and why we use your data

  • To process and deliver your orders, take payment, and provide customer support.
  • To run our online assessments and give you your result.
  • To manage event registrations and communicate about events you have signed up for.
  • To send marketing communications where permitted, and to manage our business-to-business outreach.
  • To operate, secure, measure and improve our website and services.
  • To comply with our legal, accounting and tax obligations.
  • To prevent fraud and protect our site and customers.

Legal bases for processing

We rely on the following legal bases under Article 6 GDPR:

  • Performance of a contract (Article 6(1)(b)) — to process orders, take payment and deliver products and services you request.
  • Consent (Article 6(1)(a)) — for analytics, marketing and similar cookies, and for marketing emails where consent is required. You may withdraw consent at any time.
  • Legitimate interests (Article 6(1)(f)) — to run and improve our business, secure our site, handle enquiries, and carry out relevant business-to-business outreach, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)) — to keep accounting and tax records and meet other legal duties.

Who we share your data with

We share personal data with service providers who process it on our behalf, and only as needed:

  • Store platform and checkout: Shopify.
  • Payments: our payment providers, including Shopify Payments (card and eps-Überweisung), PayPal and Klarna.
  • Shipping and fulfilment: carriers and logistics providers used to deliver physical products.
  • Marketing, CRM and forms: HubSpot.
  • Analytics and advertising: Google (Analytics, Ads, Tag Manager), Microsoft (Clarity), Meta (Facebook and Instagram) and LinkedIn.
  • Website visitor identification: a third-party business-intelligence provider that helps us recognise the organisations visiting our site, using technical data such as IP address and browsing activity.
  • On-site campaigns and testing: OptiMonk.
  • Assessments and quizzes: ScoreApp.
  • Events: Eventbrite.
  • Reviews: Judge.me.
  • Bot protection: hCaptcha.

Where you consent to advertising cookies, some partners — including Meta and LinkedIn — may act as independent or joint controllers and process your data for their own advertising purposes, governed by their own privacy policies.

We may also disclose data to our accountant and professional advisers, and to authorities where we are legally required to do so. We do not sell your personal data.

International data transfers

Some of our providers are located outside the European Economic Area, including in the United States and the United Kingdom. Where personal data is transferred outside the EEA, we rely on an appropriate safeguard, such as an EU adequacy decision (for example, the United Kingdom), certification under the EU–US Data Privacy Framework, or Standard Contractual Clauses approved by the European Commission. You can ask us for more detail on the safeguards that apply.

How long we keep your data

  • Order and invoice records: retained for seven years to meet Austrian accounting and tax obligations (§ 132 Bundesabgabenordnung).
  • Account data: for as long as your account is active, then deleted or anonymised.
  • Marketing data: until you unsubscribe or object, after which we retain only what is needed to honour your request.
  • Assessment and event data: for as long as needed for the purpose it was collected, then deleted or anonymised.
  • Analytics data: for the retention period configured in each tool.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to processing, including direct marketing;
  • receive certain data in a portable format;
  • withdraw consent at any time, without affecting processing already carried out.

To exercise any of these rights, email info@marph.co. We will respond within the time limits set by law.

You also have the right to lodge a complaint with the Austrian supervisory authority:

Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Vienna, Austria
Email: dsb@dsb.gv.at
Web: www.dsb.gv.at

If you are in the United Kingdom, you may instead lodge a complaint with the Information Commissioner's Office (ICO, ico.org.uk); if you are in Switzerland, with the Federal Data Protection and Information Commissioner (FDPIC / EDÖB, edoeb.admin.ch). Individuals in the UK and Switzerland have equivalent rights under the UK GDPR and the Swiss Federal Act on Data Protection respectively.

Marketing and how we obtained your details

If you received a marketing email from us and did not give us your details directly, we obtained your business contact information (such as your name, professional role, employer and business email) from publicly available professional profiles and third-party business contact sources. We process it on the basis of our legitimate interest in reaching professionals whose role suggests a relevance to our work in people, organisational culture or learning, in line with Article 14 GDPR.

You can object to this processing and unsubscribe at any time using the link in any email, or by contacting info@marph.co. If you object, we will stop using your details for marketing.

Profiling and automated processing

Our online assessments generate a result, such as a manager type, based on the answers you provide. This helps us tailor the information we share with you. These results do not produce legal effects or similarly significant effects, and we do not make decisions about you based solely on automated processing.

Children

Our website and products are intended for professional and business use and are not directed at children. We do not knowingly collect personal data from children.

Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. No method of transmission or storage is completely secure, but we work with reputable providers and review our measures regularly.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date above and, where appropriate, provide additional notice.

How to contact us

For any privacy question, or to exercise your rights, contact:

PE Marph GmbH
Mariahilfer Straße 187/13, 1150 Vienna, Austria
Email: info@marph.co
Telephone: +43 1 411 8627