Privacy Policy

The protection of your personal data is a priority for me. This policy informs you pursuant to Art. 13 GDPR about the nature, scope, and purpose of data processing on this website.

This is a courtesy translation. The German version (Datenschutzerklärung) is the legally binding document.

01 · ControllerData Controller under GDPR

02 · DataData Collected

Server log files. Each time this website is accessed, technical access data is automatically recorded by the web server and stored in log files:

• IP address (truncated / anonymised)
• Date and time of access
• Requested URL and HTTP status code
• Volume of data transferred
• Referrer URL
• Browser type, version, and operating system (user agent)

Contact form. When you use the contact form, I process the data you provide:

• First and last name
• Email address
• Company
• Content of your message
• Optional: request for a free website audit (checkbox)

Audit form. When you request the free website audit, I process:

• Your website URL
• Your email address (for PDF delivery)

Email correspondence. When you contact me directly by email, the submitted details (email address, name, and message content) are stored for the purpose of handling the enquiry.

03 · Legal basisLegal Basis for Processing

Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in the secure and functional operation of the website).

04 · PurposePurpose of Processing

• Provision and secure operation of the website
• Handling contact and audit requests and conducting business
• Creation and delivery of the requested website audit
• Ensuring IT security and detecting misuse

05 · RetentionRetention Period

Personal data is retained only for as long as necessary for the respective purposes, or as required by statutory retention obligations (e.g. §132 BAO, seven years for business-relevant records).

Server log files are deleted or anonymised after a maximum of 14 days, unless a security-relevant event requires longer retention. Contact and audit enquiries are deleted after full processing and the expiry of any applicable warranty or limitation periods.

06 · HostingHosting

This website is operated on a dedicated server provided by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The server is located in a data centre in Germany within the European Union. All data processing therefore takes place exclusively within the scope of the GDPR.

A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner. Further information on data protection at Hetzner: hetzner.com/rechtliches/datenschutz.

Personal data is not disclosed to third parties unless there is a legal obligation to do so.

07 · SchedulingAppointment Booking (self-hosted)

For booking initial consultations I use Easy!Appointments, an open-source scheduling tool that is self-hosted on the same server as this website (Hetzner, Germany / EU). No data is transferred to third parties. When you make a booking, the following data is processed exclusively on my own infrastructure: name, e-mail address, chosen date and time, and any optional message. The legal basis is Art. 6(1)(b) GDPR (performance of pre-contractual measures). Data is deleted once the appointment purpose has been fulfilled or upon request.

08 · Analytics & CookiesWeb Analytics with Umami (self-hosted)

For statistical analysis of website usage, I use Umami Analytics, a privacy-friendly open-source web analytics tool (umami.is). Umami is self-hosted on the same server as this website (Hetzner, Germany / EU). No data is transferred to third parties, and in particular not to Google, Meta, or other non-EU providers.

Data collected. Umami collects only aggregated, pseudonymised usage statistics:

• Page visited (URL path, page title)
• Referrer (referring website)
• Browser type and version, operating system, device type
• Screen resolution, language setting
• Country (derived from IP address; the IP itself is not stored)
• Time of visit, time spent on page

No cookies, no fingerprinting. Umami sets no cookies and uses no persistent identifier. To distinguish visits within a day, a daily rotating hash is derived from the IP address and user agent (Daily Hash) and discarded after 24 hours. Identification of individual persons or cross-site tracking is therefore not possible.

Legal basis. Processing is based on my legitimate interest pursuant to Art. 6(1)(f) GDPR in privacy-friendly, low-reach audience measurement to improve the service. Since no cookies or comparable technologies are used to store or read information on the end device, no consent is required under §165(3) TKG 2021 or Art. 5(3) of the ePrivacy Directive.

Retention. Aggregated usage statistics are stored indefinitely in pseudonymised form, as they no longer carry personal data. The daily hash is automatically discarded after 24 hours.

Opt-out. You can object to analysis at any time, for example by activating the "Do Not Track" setting in your browser or using a script blocker (e.g. uBlock Origin).

09 · Your rightsData Subject Rights

Under Art. 15–21 GDPR you have the right at any time to:

• Access the data processed about you
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restriction of processing
• Data portability
• Object to processing

To exercise these rights, an informal email to markus@zukunftssicher.at is sufficient.

10 · ComplaintRight to Lodge a Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority:

11 · ChangesChanges to This Policy

This privacy policy will be updated in the event of legal or technical changes. The current version is always available on this page.