Privacy Policy

The controller responsible for processing personal data on this platform is:

If you have questions about data protection or wish to exercise your rights, you can contact us at any time at hallo@unfallbericht.at.

A data protection officer has not currently been appointed because, in our current assessment, there is no statutory obligation to appoint one. We will reassess this if the platform is expanded, the data volume grows significantly, special categories of personal data are processed more extensively, or new partner, AI or upload functions are added.

Whether individual existing or new processing activities require a data protection impact assessment is reviewed internally on a risk-based basis. This privacy policy does not replace legal review of individual cases and does not guarantee full GDPR compliance.

We process personal data only to the extent necessary to provide, use, secure, troubleshoot and improve the platform, where a legal obligation exists, or where you have given us consent.

Personal data means any information relating to an identified or identifiable natural person. This includes in particular names, contact details, vehicle data, location information, insurance data, accident and damage data, photos, signatures, technical usage data and communication data.

The following processing activities, purposes and legal bases are particularly relevant for the platform:

Depending on how the platform is used, the following data in particular may be processed:

1. Master and profile data: name, email address, phone number, user account, language settings, profile information, login data and other information you provide when using the platform.
2. Accident report data: information about the accident location, accident time, accident circumstances, accident type, involved persons, vehicles, insurance providers, damage, comments, sketches, signatures and other report content.
3. Vehicle and insurance data: license plates, make/model, vehicle identification number, keeper data, insurance company, policy numbers, green card data, broker data and other information for claims handling.
4. Photos, sketches and files: accident photos, damage photos, sketches, signatures, driving licence scans, insurance cards or other files uploaded by you.
5. Communication data: emails, support requests, follow-up questions about accident reports, technical notifications, review requests and, where used, technical delivery or opening events.
6. Technical and usage data: browser and device information, operating system, screen size, pages accessed, usage behavior, technical events, error data, cookies, consent status and similar technical information.
7. Partner and referral data: information about whether partner offers were displayed, requested or used, as well as data required for specifically requested claims management.

When you create an accident report via unfallbericht.at, we process the data you enter in order to digitally record and store the accident report, enable joint editing with other involved parties, provide it as a PDF and make it usable for further claims handling.

This includes recording involved persons, vehicle and insurance data, accident circumstances, photos, sketches, comments, signatures, PDF reports and provision to authorized involved parties.

Processing is carried out for performance of the user relationship and on the basis of legitimate interests in proper documentation, traceability, claims handling and legal defense.

Providing data that is marked as mandatory in the platform or is required to create, store, provide and handle an accident report is necessary for using the respective function.

Without this data, we cannot provide the accident report or individual functions, or can provide them only in a limited form. Voluntary information is not mandatory; if you do not provide it, this will not disadvantage you. However, individual convenience, analytics, partner or additional functions may then be unavailable or limited.

For OCR and scan functions, you may alternatively enter the relevant information manually. Uploading a document is therefore not mandatory.

Users may enter data about other persons in an accident report, in particular data about accident participants, vehicle keepers, policyholders, witnesses, passengers and other data subjects.

The source of this data is usually the respective user or accident participant who creates, edits or supplements the report.

The categories concerned correspond to the accident, contact, vehicle, insurance, damage, photo, signature and communication data entered or uploaded for the respective report.

Processing takes place to create, edit, document, provide and handle the accident report and to protect legitimate documentation and legal defense interests.

Information under Art. 14 GDPR is provided to data subjects no later than at the first contact, provision of an access link, invitation to joint editing or in another suitable way, unless a statutory exception applies.

Data subjects may exercise their rights of access, rectification, erasure, restriction, objection and data portability subject to the statutory requirements.

The platform enables joint editing of an accident report by several accident participants. Certain data you enter may become visible to other authorized participants, in particular name, contact details, vehicle data, insurance data, information about the accident circumstances, photos, sketches, comments and signatures.

Please therefore enter only data that is necessary or useful for creating and documenting the accident report.

Because an accident report regularly concerns several persons, one individual participant cannot freely dispose of the entire report. A deletion or correction request by one person therefore does not necessarily result in deletion of the entire accident report if legitimate interests of other participants, documentation purposes, legal claims or statutory retention obligations conflict with this.

For recipients and partners, we distinguish between necessary or user-initiated disclosure, claims-handling partners, and marketing or partner offers.

A. Necessary or user-initiated recipients: This includes other accident participants, authorized involved parties, insurance providers, recipients selected by the user and recipients of PDF reports or access links. Data is transmitted only where initiated by use of the function or required for the report and claims handling.

B. Claims-handling partners: This may include repair shops, assessors, roadside assistance, towing services, replacement mobility providers and insurance or claims management service providers. Personal data is disclosed to such partners only where this is required in the specific accident context, actively requested or selected by the user, or supported by a viable legal basis.

C. Marketing, recommendations and partner offers: Promotional contact or partner offers that are not directly required take place only with separate consent or on another clear statutory basis. Partners are not allowed to freely contact all users.

Where partners are merely displayed in the platform or in the PDF, this does not automatically mean that the respective partner receives accident report data. If you open a partner link or actively contact a partner, the privacy information of the respective partner also applies.

You can upload or capture photos, sketches, signatures and other files within the platform.

Signatures are stored as image files. We do not perform biometric evaluation or analysis of signatures for the purpose of uniquely identifying a person.

The platform is not primarily intended for processing health data. Please do not upload sensitive content, especially injury photos or health data, unless this is required for accident documentation.

Where special categories of personal data, in particular health data, are processed, this is done only where necessary for documenting the accident event, handling claims or establishing, exercising or defending legal claims, or where explicit consent has been given.

In these cases, in addition to an appropriate legal basis under Art. 6 GDPR, the legal basis is in particular Art. 9(2)(f) GDPR for legal claims or Art. 9(2)(a) GDPR where explicit consent is given.

The platform may offer functions for capturing driving licence or insurance data by photo and OCR. If you use such a function, uploaded document photos or data read from them may be processed in order to simplify input and support creation of the accident report.

An external AI or OCR service may be used for text recognition and evaluation, in particular Claude by Anthropic, where the function is actively used and configured accordingly.

This function is used only if you actively use the relevant scan or upload function. You may alternatively enter the relevant data manually.

Location data is not permanently collected automatically. If you enter an accident location or actively use a location function in the browser, we process the location information you provide to create and document the accident report.

If you use camera, file or upload functions, the platform processes the photos, files or camera content you select only within the scope of the respective function.

Camera or location access is granted through your browser and only if you grant it. You can change or revoke permissions you have granted at any time in your browser settings.

Google Maps, Google Places, Google Geocoding and OpenStreetMap or Overpass services may be used for map, address or location functions.

Technical data, location information or entered addresses may be transmitted to the respective providers where this is necessary to display maps, search for places or process address information.

We use Resend to send emails. This includes in particular login emails, Magic Links, technical notifications, invitations, follow-up questions, support messages, information about accident reports and other transactional emails.

In particular, the email address, name, message content, sending time, delivery status and technical delivery information are processed.

Where our email service provides technical opening events or corresponding settings are active, we use these only to the extent necessary for delivery control, error analysis, security or support. Non-essential analysis, review or marketing communication requires a consent or opt-out review.

After completion of an accident report, your name and email address may be transmitted to a review partner, in particular Trustpilot, so that you can be sent an invitation to review our service.

This processing takes place only where legally permissible, in particular on the basis of consent or a legitimate interest after separate legal review. You may object to the use of your data for review requests at any time.

We use analytics and statistics services to understand how the platform is used, identify technical problems, improve functions and further develop user-friendliness.

We use in particular Microsoft Clarity and Google Analytics. Analytics and tracking services that are not technically necessary are used only on the basis of your consent via our cookie or consent banner. You can withdraw or adjust your consent at any time with effect for the future.

Our platform uses cookies and similar technologies. We distinguish between technically necessary technologies and analytics or statistics cookies, which are used only with consent.

You can manage your cookie settings via the consent banner used on the website and withdraw any consent you have given at any time.

We use external service providers and recipients only where this is required for operation, maintenance, security, troubleshooting, contract performance, communication, analytics or the respective actively used function.

A transfer to a third country takes place only where a suitable basis exists, in particular an adequacy decision, the EU-US Data Privacy Framework, Standard Contractual Clauses or other suitable safeguards. Concrete provider roles and transfer mechanisms must be reviewed against the latest provider DPAs and configurations.

We store personal data only for as long as necessary for the respective purposes, as long as legal obligations exist, legitimate interests conflict with deletion, or evidentiary and legal defense purposes require further storage.

When storage is no longer required, personal data is deleted or anonymized.

We may anonymize or aggregate data and then use it for statistical evaluations, quality assurance, error analysis, product development or industry statistics.

Anonymized data does not allow conclusions to be drawn about individual persons and is no longer subject to the GDPR.

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration or disclosure.

These include in particular access restrictions, authentication mechanisms, encryption, logging, permission management, secure storage and regular technical development.

Despite careful measures, no electronic data transmission or storage can be guaranteed to be completely risk-free.

We do not use personal data for automated decision-making within the meaning of Art. 22 GDPR that has legal effect on you or similarly significantly affects you.

Subject to the statutory requirements, you have the following rights:

1. right of access to the personal data processed by us;
2. right to rectification of inaccurate or incomplete data;
3. right to deletion of personal data;
4. right to restriction of processing;
5. right to data portability;
6. right to object to processing based on legitimate interests;
7. right to withdraw consent granted with effect for the future;
8. right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us at hallo@unfallbericht.at. Please note that we may need additional information to confirm your identity when processing your request.

Where processing is based on your consent, you may withdraw this consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

If we process personal data on the basis of legitimate interests, you may object to this processing on grounds relating to your particular situation. You may object to processing for direct marketing purposes at any time.

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority.

In Austria, the competent authority is:

We may adapt this Privacy Policy if our platform, our data processing activities, the service providers we use or legal requirements change.

The current version is available on our website.

Last updated: May 2026