Data Controller (Art. 4(7) GDPR) for the processing of personal data on this website. Where data processors (e.g., hosting or IT service providers) are engaged for specific processing activities, this is carried out in accordance with Art. 28 GDPR. Please direct any data protection inquiries (e.g., requests for access, deletion, or objection) preferably by email to the address listed above. Alternatively, you may contact us by post. Data Protection Officer: If legally required or voluntarily appointed, you can reach our DPO at: [DPO Contact / 'not appointed'].

We process personal data only where a legal basis applies. Depending on the purpose, processing is carried out in particular on the basis of: - Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures) - Art. 6(1)(c) GDPR (legal obligation) - Art. 6(1)(f) GDPR (legitimate interests, e.g., IT security, stability, prevention of misuse) - Art. 6(1)(a) GDPR (consent), where we explicitly obtain it.

When you visit this website, information is automatically collected and stored in so-called server log files by the hosting provider and/or the web server. This typically includes: IP address, date/time, accessed pages/files, status codes, amount of data transferred, referrer URL, browser type/version, operating system. Purpose: operation of the website, troubleshooting, defence against attacks, ensuring system stability. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in security and availability). Retention period: [e.g., 14 days] (unless further retention is required for security analysis or evidence preservation).

We use only technically necessary cookies and/or technically required storage mechanisms (e.g., for language selection or security-related functions). No tracking or marketing cookies are used. Legal basis: Sec. 165(3) Austrian Telecommunications Act 2021 (exception for strictly necessary cookies) and Art. 6(1)(f) GDPR (legitimate interest in providing the website in a technically reliable manner). Note: If analytics/tracking cookies are used in the future, they will be deployed only after prior consent via an appropriate consent solution.

If you contact us by e-mail or via a contact form, we process the data you provide (e.g., name, e-mail address, content of the request) for the purpose of handling and responding to your enquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance) and Art. 6(1)(f) GDPR (efficient communication). Retention period: until the enquiry has been fully handled; thereafter only if statutory retention obligations apply or if retention is necessary for the establishment, exercise or defence of legal claims.

We use Matomo for technical analysis and optimisation of our website. Configuration: IP anonymisation enabled; [cookies disabled / cookieless configuration]; no merging with other data sources; no disclosure of raw data to third parties. Purpose: reach measurement, error analysis, performance and SEO optimisation. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving and securely operating the website). If Matomo sets cookies or consent becomes legally required, Matomo will be used only on the basis of Art. 6(1)(a) GDPR in conjunction with Sec. 165(3) Austrian Telecommunications Act 2021. Objection/Opt-out: [opt-out link or note: "You can object to the tracking at any time"] Retention period: [e.g., 6 months / 12 months] (aggregated statistics may be retained longer).

We use Google Search Console to technically monitor the visibility of our website in Google Search (e.g., indexing status, search queries in aggregated form). Google Search Console primarily provides aggregated reports and supports SEO optimisation. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical optimisation and discoverability). Note: Data processing in the context of Google Search generally takes place within Google’s area of responsibility. Further information is available in Google’s privacy notices.

To provide this website, we may use service providers (processors), e.g., hosting, e-mail providers, IT security/maintenance providers. Transfers to third countries (outside the EU/EEA) take place only where necessary for service provision and where the requirements of the GDPR are met (e.g., adequacy decision or appropriate safeguards such as Standard Contractual Clauses). Specific providers used: [hosting provider + country], [mail provider + country], [Matomo: self-hosted/provider + country].

We implement appropriate technical and organisational measures (TOMs) to protect personal data against loss, misuse, unauthorised access and unauthorised disclosure (e.g., TLS encryption, access controls, hardening, backup/recovery concept).

Subject to the applicable legal requirements, you have the following rights in particular: access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent with effect for the future. If you believe that the processing of your data violates data protection law, you may lodge a complaint with the Austrian Data Protection Authority (DSB).

We reserve the right to update this Privacy Policy due to technical changes or new legal requirements. Version: January 2026.