Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: January 26, 2026

Table of Contents

• Preamble
• Controller
• Overview of Processing
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Storage and Deletion
• Provision of Online Offering and Web Hosting
• Contact and Inquiry Management
• Amendments and Updates
• Definitions

Controller

Max Haslehner
Altenbergerstrasse 202/2
4203 Altenberg

Authorized representatives: Max Haslehner

Email address: haslehnermax1349@gmail.com

Imprint: /imprint

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

• Contact data.
• Content data.
• Usage data.
• Meta, communication, and procedural data.
• Log data.

Categories of Data Subjects

• Communication partners.
• Users.

Purposes of Processing

• Communication.
• Security measures.
• Organizational and administrative procedures.
• Feedback.
• Provision of our online offering and user-friendliness.
• Information technology infrastructure.

Relevant Legal Bases

Relevant legal bases according to GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be applicable in individual cases, we will inform you of these in the privacy policy.

• Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes in particular the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains special provisions on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and their separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Furthermore, we consider the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt information transmitted between the website or app and the user's browser (or between two servers), protecting data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Transfer of Personal Data

In the context of our processing of personal data, it may happen that this data is transferred to other entities, companies, legally independent organizational units, or persons, or that it is disclosed to them. Recipients of this data may include service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies (which is recognizable by the postal address of the respective provider or if the privacy policy expressly refers to data transfer to third countries), this always takes place in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission dated July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations to protect your data.

This dual protection ensures comprehensive protection of your data: The DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the DPF framework, the standard contractual clauses will serve as a reliable fallback option. In this way, we ensure that your data remains adequately protected even in the event of any political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, appropriate security measures apply, in particular standard contractual clauses, express consent, or legally required transfers. Information on third country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are revoked or there are no further legal bases for processing. This applies to cases where the original processing purpose ceases to exist or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer storage or archiving of data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that specifically applies to certain processing processes.

If there are multiple retention periods or deletion deadlines for data, the longest period always applies. Data that is no longer retained for the originally intended purpose, but because of legal requirements or other reasons, is processed exclusively for the reasons that justify their retention.

Retention and deletion of data: The following general periods apply under Austrian law for retention and archiving:

• 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices, as well as all necessary work instructions and other organizational documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
• 6 years - Other business documents: Received commercial or business letters, copies of sent commercial or business letters, and other documents if they are tax-relevant. These include, for example, hourly wage slips, operating statements, calculation documents, price labels, and payroll documents, provided they are not already accounting documents and cash register receipts (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
• 3 years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries based on previous business experiences and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).

Start of period at the end of the year: If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the period-triggering event occurred. In the case of ongoing contractual relationships within which data is stored, the period-triggering event is the time when the termination or other termination of the legal relationship takes effect.

Provision of Online Offering and Web Hosting

We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the browser or terminal device of users.

• Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, persons involved). Log data (e.g., log files concerning logins or retrieval of data or access times).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
• Retention and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion".
• Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures, and services:

• Provision of online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent from or otherwise obtain from a corresponding server provider (also called "web hoster"); Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of accessed web pages and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure server utilization and stability; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
• Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service that helps deliver content from an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Hosting via Vercel

This website is provided through the hosting service provider Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes personal data such as IP addresses, access times, and technical log data as part of the hosting service.

Processing is based on our legitimate interest in secure, fast, and efficient provision of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR.

Vercel is certified under the EU-US Data Privacy Framework. Further information on data processing by Vercel can be found in Vercel's privacy policy:https://vercel.com/legal/privacy-policy

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media), as well as within existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

• Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or pictorial messages and contributions, as well as information concerning them, such as information on authorship or time of creation). Meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, persons involved).
• Data subjects: Communication partners.
• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the section "General Information on Data Storage and Deletion".
• Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Contact Form via Google Forms

For processing contact inquiries, we use Google Forms, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data you enter in the contact form is transmitted to Google and processed there.

Processing is based on Art. 6 Para. 1 lit. b GDPR (pre-contractual measures) and Art. 6 Para. 1 lit. f GDPR (legitimate interest in efficient communication).

Google is certified under the EU-US Data Privacy Framework. Further information can be found in Google's privacy policy:https://policies.google.com/privacy

Further information on processing processes, procedures, and services:

• Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This generally includes information such as name, contact information, and any other information communicated to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Amendments and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and ask you to verify the information before contacting them.

Definitions

In this section, you will find an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

• Content data: Content data includes information generated in the course of creating, editing, and publishing content of all kinds. This category of data may include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not only limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.
• Contact data: Contact data is essential information that enables communication with persons or organizations. It includes, among other things, telephone numbers, postal addresses, and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
• Meta, communication, and procedural data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. It may include information on file size, creation date, author of a document, and modification histories. Communication data captures the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks, and chat histories, including the persons involved, timestamps, and transmission paths. Procedural data describes the processes and workflows within systems or organizations, including workflow documentation, logs of transactions and activities, as well as audit logs used to track and verify operations.
• Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data includes a wide range of information that shows how users use applications, which features they prefer, how long they stay on certain pages, and through which paths they navigate an application. Usage data can also include frequency of use, timestamps of activities, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences, and potential problem areas within digital offerings.
• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Log data: Log data is information about events or activities that have been logged in a system or network. This data typically contains information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system problems, for security monitoring, or to create performance reports.
• Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, whether it is the collection, evaluation, storage, transmission, or deletion.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke