Privacy Policy – Boom Software / ECM Connector
As of April 2026
The protection of your personal data is of particular importance to us.
We therefore process your data exclusively on the basis of applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act, and other applicable data protection regulations.
With this privacy policy, we inform you about which personal data we process, for what purposes, on what legal basis, and what rights you are entitled to.
This privacy policy applies to:
• the use of our websites (e.g. ecm-connector.com), and
• the use of the ECM Connector web platform as a digital collaboration and order processing system.
1. General information on data processing
Personal data refers to all information relating to an identified or identifiable natural person.
Unless otherwise stated, Boom Software is the data controller within the meaning of data protection law for the processing activities described herein.
2. Data processing when visiting our websites
2.1 Processed Data
When you use our website for purely informational purposes, we only process the data that is technically necessary to display the website correctly and ensure its security:
• IP address
• Date and time of access
• Pages/URLs accessed
• Referrer URL
• Browser and device information
• Log and security data
• Cookie information
Legal basis:
Art. 6 (1) (f) GDPR (legitimate interest in the secure and stable operation of the website).
2.2 Storage Duration
As a general rule, the data is stored for up to three months. Longer storage only takes place if necessary for the investigation or prevention of security incidents or for the enforcement of legal claims.
3. Cookies, tracking & analytics
Our website uses cookies and similar technologies. Further details can be found in our separate Cookie Policy (https://www.boomsoftware.com/cookie-richtlinie-eu/).
The services used may include, but are not limited to:
• Google Tag Manager
• Google Analytics (with IP anonymization enabled)
• Google Ads
• LeadForensics
Data processing is carried out either on the basis of your consent or, where technically necessary, on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR.
4. Protection against automated access (cloudflare turnstile)
To protect our website and web forms from automated input and abuse (e.g. bots), we use the service Cloudflare Turnstile.
Cloudflare Turnstile is a so-called CAPTCHA alternative that verifies whether requests are made by human users or by automated programs. The service generally operates without interactive challenges and analyzes technical connection characteristics to detect and prevent automated access.
Provider: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany (hereinafter “Cloudflare”)
Data processed:
When using Cloudflare Turnstile, the following technical data may be processed in particular:
• IP address
• Browser and device information (e.g. user agent)
• Timestamp and technical connection data
No further profiling or use for advertising purposes takes place.
Purpose of processing:
Prevention of non-human and automated input, as well as ensuring the technical security and functionality of our website.
Legal basis:
Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Our legitimate interest lies in protecting our online services from abuse, spam, and automated attacks.
Recipients / Data transfers:
Cloudflare processes the data as a processor on our behalf. Data may be transferred to the United States.
Cloudflare is certified under the EU–US Data Privacy Framework (DPF). In addition, Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR have been concluded to ensure an adequate level of data protection.
Storage duration:
Data is stored only for as long as necessary to achieve the stated purposes.
Right to object:
You have the right to object to this processing at any time on grounds relating to your particular situation (Art. 21 GDPR).
5. Contact and marketing communication
When you contact us (e.g. via form or email), we process the data you provide in order to handle your request.
Legal basis: Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures).
Newsletter and marketing communications are only sent based on your explicit consent and can be withdrawn at any time.
6. ECM Connector platform operation (collaboration & order processing system)
6.1 Description of platform operation
The ECM Connector enables customers to digitally create, assign, and manage maintenance orders in railway vehicle maintenance and to process them with qualified external providers (e.g. workshops).
As activities in the railway sector may have safety-critical implications, we ensure that only ECM-certified companies are allowed to create or accept orders.
Personal data is processed insofar as it is necessary for:
• order initiation
• order execution
• documentation
• traceability
6.2 Roles and responsibilities (Art. 26 GDPR)
Depending on the processing activity, different data protection roles apply:
• Commissioning customers act as controllers for the personal data they process in the context of order placement.
• Service providers (e.g. workshops) act as independent controllers for the personal data they process for the execution and documentation of their services.
• Boom Software provides the technical platform and processes personal data:
- for platform operation
- for user and role management
- for secure transmission of order-related information
- for system and access security
Depending on the processing context, Boom Software acts either:
• as an independent controller, or
• as a joint controller pursuant to Art. 26 GDPR.
The respective responsibilities are defined in contractual arrangements (terms of use, joint controllership agreements, and/or data processing agreements where applicable).
6.3 Categories of personal data
The following categories of personal data may be processed within the platform:
• name and business contact details of contact persons
• role and permission information
• company and site assignments
• order-related communication and status data
• history and documentation data for regulatory and compliance purposes
No profiling or marketing use by other platform participants takes place.
6.4 Purposes and legal bases
Data is processed in particular for the following purposes:
• performance of contracts and order processing (Art. 6 (1) (b) GDPR)
• secure and efficient platform operation (Art. 6 (1) (f) GDPR)
• compliance with legal and regulatory obligations (Art. 6 (1) (c) GDPR)
6.5 Data disclosure within the network
Personal data is only made accessible to those platform participants who:
• are required for the respective order processing, and
• have appropriate authorization
Disclosure is purpose-limited, role-based, and restricted to the minimum necessary scope.
6.6 Retention and deletion
Personal data is stored only for as long as:
• required for order processing, or
• an ongoing business relationship exists, or
• statutory retention and documentation obligations apply
Once the purpose no longer applies, the data will be deleted or anonymized, unless conflicting legal obligations require retention.
7. Security of processing
Boom Software implements appropriate technical and organizational measures pursuant to Art. 32 GDPR to protect personal data against loss, misuse, and unauthorized access.
The platform is operated in the Microsoft Azure cloud within the European Union.
8. Data subject rights
You have the right to:
• access (Art. 15 GDPR)
• rectification (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• object (Art. 21 GDPR)
These rights must be exercised against the entity that determines the purposes and means of processing. In cases of joint controllership, requests are handled in a coordinated manner.
9. Complaints & supervisory authorities
You have the right to lodge a complaint with a data protection supervisory authority, in particular:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna, Austria
dsb@dsb.gv.at
10. Contact
Boom Software AG
Hasendorfer Straße 96
A-8430 Leibnitz
office@boomsoftware.com
Data Protection Contact: