Data Protection & Privacy

Have a look at our data protection policy to learn about what kind of data we track and your options.

In accordance the the GDPR policy of the European Union we have written the following text to explain what data is transferred from you, as a user of our homepage, to us and how we are using them. We also describe your options to decide if and how we are using your data.

While the GDPR is arguably the data protection act that affects the most people, it is not the only one. However since it favours consumer rights over company rights we hope that we are compliant in most jurisdictions.

Automated data collection

With any webpage that you are visiting, there are certain data automatically exchanged, like the page you are requesting from the server (the computer that sends this page to you) and your IP address, your phone-number-like address that our server sends this page to. There is also information about your browser, local time, language, screen resolution etc. - these are mostly technical data (as opposed to personal data) that are necessary for the internet to work and for you to be able to see this page. We do not use this data directly and do not pass them on to third parties, except as specified below. We do our best to protect these data on our server but cannot guarantee data protection in case of third party criminal activity.

Data encryption

All data that is transferred from you to us, is encrypted with TLS (Transport Layer Security), a internet protocol that ensures that no one but us can decrypt the data. If you do send us data via other channels (e.g. not encrypted email) we cannot guarantee that third parties can read (and change) the data.

Personal data

We do not record any personal information, except if you actively send us personal data like your name and email to get in contact with us. We will use this data for the sole purpose to communicate with you and deliver our services. We keep the data secure, but cannot guarantee data protection in case of criminal activity.

Your rights

You retain full rights over your personal data as detailed by the GDPR policy of the European Union. If you would like to have information about your data or want it deleted, please contact us.

Form data

We do work with the company Formspree Inc. (Headquarters: 309 E 21st St, Rm 3331, Austin, Texas, 78705, United States) to send form data that you enter on our homepage to us. All data is encrypted during the transfer. Formspree complies with the GDPR. For more information see Formspree’s privacy policy.

Please note that data which is necessary to fulfill a contractual obligation including pre-contract preparation is exempt from the GDPR according to Article 6, paragraph 1b. This includes your personal contact information, that you send via our forms. We will not use this information for any other purpose than the one stated in or inferred by your message.

Newsletter data

We used to allow visitors or our website to register for a newsletter, but discontinued this service. All personal information (name and email address) was deleted. No personal information was sent to third parties.

Cookies and Google Analytics

We are not recording or reading any cookies related to your personal information. The only cookies we use are technical cookies that ensure the usability and security of our website (for example CSRF tokens to improve security).

Outdated legacy cookies

We allowed google analytics cookies only with visitor’s active opt-in up until and including January 19. 2023. No personal data were accessible to us, however, data were transmitted to the Google Analytics service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). To ensure GDPR compliance we have signed a DPA (data protection addendum) with Google Inc.. To learn more about Google’s compliance with the GDPR, have a look at their GDPR compliance page. Despite this, the Austrian Data Protection Authority (DPA), an independent governmental organization tasked with enforcing GDPR compliance, recently ruled (pdf, translated to english) the data protection standards for this type of data transmission insufficient.

For technical reasons we used to set a cookie to document your opt-in or rejection of google analytics cookies up until and including January 19. 2023. Our cookies started with rh_cookie and only contain yes|no information about your consent or refusal to accept google analytics cookie. These cookies had a maximum validity of 1 year and automatically expire after that.

If you accepted our cookies, you can delete these cookies at any time (rh_cookie...). You can also delete cookies placed by Google Analytics, these are starting with _ga and _gid, however this might have influence beyond the scope of our website. More information can be found on Google Analytics cookie information page. To manually delete cookies refer to your browsers documentation. On many browsers the following will work: Press the F12 function key to open the developer console within your browser, then navigate to Application, select our website address under Cookies, then select the cookies you want to delete from the list and press Del.