Privacy Policy

When accessing this website, information is automatically processed in so-called server log files by the hosting and security service providers used.

The following data may be processed:

• IP address
• Date and time of the request
• Accessed page or URL
• Browser type and version
• Operating system
• Referrer URL

Processing is carried out to ensure secure and stable technical operation of the website and to defend against misuse and attack attempts.

The service providers Vercel and Cloudflare act as data processors and have been contractually obligated in accordance with Art. 28 GDPR.

Log data is generally deleted or anonymized automatically within 7 to 30 days, unless security-relevant events (e.g. attack attempts) require longer retention for evidence preservation.

This website itself does not store any cookies on your device. No cookies are used for analytics, tracking or advertising purposes.

However, technically necessary cookies may be set as part of the CDN and security service provided by Cloudflare, in particular:

• __cf_bm — Bot detection and protection against automated attacks. Storage duration: max. 30 minutes.
• cf_clearance — May be set after a successful security check. Storage duration: up to 30 days.

These cookies do not contain any personal information beyond what is necessary for bot detection, and are not used for profiling.

This website does not embed any external content (maps, videos, social media plugins, third-party web fonts, tracking pixels or analytics scripts). Fonts and all JavaScript libraries are served exclusively from this website's own server. When you load a page, no data is transmitted to third parties beyond the hosting and security services named in sections 2 and 5.

When you contact us by email or via a contact form, the personal data you provide will only be processed to handle your inquiry.

When you submit the contact form, we process the following data:

• Name
• Email address
• Company (optional)
• Selected service areas (optional)
• Message content
• IP address and timestamp for spam and abuse prevention (rate limiting; stored in memory for a maximum of 15 minutes)

Confirmation and notification emails are sent via the service provider Resend, Inc. (2261 Market Street #5039, San Francisco, CA 94114, USA), which acts as a data processor and has been contractually obligated in accordance with Art. 28 GDPR. This involves a transfer of your contact data to the USA — see section 5.

Data will be deleted as soon as the purpose of processing no longer applies and there are no legal retention obligations — typically within 6 months after the end of correspondence, unless a business relationship is established. In the case of business initiation, statutory retention periods under commercial and tax law apply (§ 132 BAO, §§ 190, 212 UGB).

In the context of using the deployed service providers, personal data may be transferred to third countries, in particular to the USA. This concerns the following processors:

• Vercel Inc. — 340 S Lemon Ave #4133, Walnut, CA 91789, USA Website hosting
• Cloudflare, Inc. — 101 Townsend St, San Francisco, CA 94107, USA CDN and security (DDoS protection)
• Resend, Inc. — 2261 Market Street #5039, San Francisco, CA 94114, USA Transactional email delivery (contact form)

The transfer is based on appropriate safeguards pursuant to Art. 46 GDPR, in particular through the conclusion of EU standard contractual clauses and supplementary technical and organizational measures by the respective providers.

The transfer is technically necessary to ensure the security, stability and worldwide availability of the website as well as the processing of your inquiries.

You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority of your choice — in particular at the place of your habitual residence, place of work or place of the alleged infringement. The competent authority for Austria is:

We implement appropriate technical and organizational measures to protect personal data against loss, misuse or unauthorized access.

Content is transmitted encrypted via TLS. However, complete protection of data from access by third parties cannot be guaranteed.

No automated decision-making within the meaning of Art. 22 GDPR, including profiling, takes place in connection with this website.