Privacy Policy

1. Data controller

Responsible for data processing within the meaning of Art. 4 No. 7 GDPR:

Data controller

Webagentur Hochmeir e.U.

Represented by

Jonathan Hochmeir

Address

Moorweg 7
4845 Rutzenmoos
Austria

Email

hello@webhoch.com

VAT ID

ATU78855106

2. Plain-language summary

Short and honest: This page is a pure HTML page. It does not store anything about you on our servers, sets no tracking cookies, has no analytics, no ad network, and no login. We do not want to know anything about you.

What technically still happens: so that the page also works offline, a Service Worker stores the page files in a local browser cache. In addition, your browser loads fonts from Google Fonts, and the server delivering this page briefly records — like any web server — that a request came from your IP address.

More details below.

3. Server log files

When you visit this site, the web server automatically collects information in so-called server log files, which your browser transmits. These include:

• IP address of the requesting device
• Date and time of access
• Name and URL of the file accessed
• HTTP status code and amount of data transferred
• Referrer URL (previously visited page, if transmitted by the browser)
• Browser used and the operating system (user-agent)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in technically error-free presentation and security of the IT systems).
Retention period: log files are kept for a maximum of 14 days and then automatically deleted.
Hosting: IONOS SE (registered office: Montabaur, Germany); data-centre location per provider contract within the EEA.
The data is not combined with other data sources.

4. Local browser storage (Service Worker / PWA cache)

This page sets no cookies and uses no localStorage for your data.

So that the page loads faster and stays usable without an internet connection (Progressive Web App), a Service Worker stores copies of the page files — HTML, CSS, JavaScript, images — in a local cache in your browser. This cache stores no personal data, only the publicly available components of the website itself.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a fast presentation that is also available offline).
Deletion: you can remove this cache at any time via your browser settings (clear site data).

5. Google Fonts

The website embeds the fonts Fraunces and Newsreader via the content delivery network Google Fonts. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit the site, your browser establishes a connection to Google's servers (fonts.googleapis.com and fonts.gstatic.com) to load the fonts. In doing so, your IP address and user-agent are transmitted to Google. Google may process this data in the USA.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in consistent and appealing presentation of the website).
Third-country transfer: The transfer to the USA is covered by the EU-US Data Privacy Framework Adequacy Decision (10.07.2023), provided Google is certified under the framework.
More info: policies.google.com/privacy

Note: If you want to avoid this, you can block fonts in your browser (e.g. with uBlock Origin or privacy browsers like Brave / Firefox with advanced settings). The site remains functional, but falls back to system fonts.

6. No third-party trackers, no analytics, no ads

We deliberately do not use:

• Google Analytics, Matomo, or comparable statistics tools
• Facebook Pixel, Twitter/X tracker, LinkedIn Insight Tag
• Ad networks (AdSense, Taboola, Outbrain, etc.)
• Tracking cookies or browser fingerprinting
• Embeds from YouTube, Vimeo, Instagram, etc. (no iframes)

7. External links and sister sites

This overview page links to the individual pages of the series (e.g. ki-verstehen.webhoch.com, datenschutz-verstehen.webhoch.com, sicher-im-netz.webhoch.com and others) as well as to external websites. These links are only followed once you actively click on them. Each page of the series has its own privacy policy. We have no influence over the data processing of the linked external providers.

In addition, the floating "Powered by webhoch.com" badge in the bottom-right leads to our sister site webhoch.com. This link is also only followed once you actively click on it.

8. Your rights

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR) — what we have stored about you (in this case: nothing persistently)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR, "right to be forgotten")
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to lodge a complaint with the supervisory authority (Art. 77 GDPR) — competent authority is the Austrian Data Protection Authority (DSB), Barichgasse 40-42, 1030 Vienna, Austria.

To exercise your rights, an informal notification by email to hello@webhoch.com is sufficient.

9. Retention period

We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations:

• Server log files: max. 14 days, then automatic deletion
• Local browser cache (Service Worker): until you clear site data (under your sole control); contains no personal data
• At the hosting provider (IONOS): standard retention periods per their privacy policy

No persistent storage beyond this takes place on our side — we operate no database, no account system and no analytics.

10. Recipients / categories of recipients

Personal data is generally not passed on to third parties. The following categories of recipients may technically gain knowledge:

• Hosting provider (IONOS SE, Montabaur, DE; data centre within the EEA) — IP address, server logs, request metadata for site delivery
• Content delivery network for fonts (Google Ireland Limited) — IP address and user-agent when loading Google Fonts
• Let's Encrypt (Internet Security Research Group, USA) — automated issuance of the SSL certificate; no personal data

Where required, data processing agreements pursuant to Art. 28 GDPR are in place with processors.

11. Transfer to third countries

When loading Google Fonts, the IP address and user-agent are transmitted to Google servers that may be operated in the USA. The transfer is covered by the EU-US Data Privacy Framework Adequacy Decision of the European Commission of 10.07.2023, provided Google is certified under the framework (currently the case: dataprivacyframework.gov/list).

No other third-country transfers take place.

12. Technical and organisational measures (TOMs)

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Specifically:

• TLS/SSL encryption of all data transmission (Let's Encrypt, automatically renewed)
• HSTS header (HTTP Strict Transport Security, 2 years, preload-eligible) enforces HTTPS
• Content Security Policy (CSP) restricts allowed resource sources
• No database, no account system, no server-side storage of personal data
• Server access exclusively for authorised personnel via encrypted connections
• Security updates applied regularly

13. No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

14. Encryption (TLS/SSL)

This site is delivered exclusively via a TLS-encrypted connection (HTTPS) (certificate by Let's Encrypt, automatically renewed). You can recognise a secure connection by the lock icon in your browser's address bar.

15. Changes to this policy

We reserve the right to adapt this privacy policy when the legal situation, technical processes, the services used or our offerings change. The version published on this website at any given time applies.