Privacy Policy

1. Data Controller

Name: Adam Coates
Address: Austria
Email: Click to reveal email adamcoates175 [at@] gmail [dot.] com

2. Scope of This Policy

This privacy policy applies to this website, including the contact form, booking page, and any other data processing activities connected to its operation.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

3. Data Processing Activities

3.1 Contact Form

When you use our contact form, we collect:

• Your name
• Your email address
• Your message content
• The date and time of submission

Purpose: To respond to your inquiries and communicate with you.
Legal Basis: Consent (GDPR Article 6(1)(a)) for general inquiries.
Processing: Your submission is processed by a private VPS (Virtual Private Server) hosted by Netcup GmbH (Austria) and forwarded to our email address. Data is not stored on the VPS long-term.
Retention Period: Messages are stored (in our email inbox) until your request has been processed and for up to 2 years thereafter.

3.2 Appointment Booking

When you book an appointment, we collect:

• Your name
• Your email address
• Appointment details
• Selected date and time for appointments
• The date and time of submission

Purpose: To manage appointments and communicate with you about your booking.
Legal Basis: Consent (GDPR Article 6(1)(a)) and necessity for the performance of a contract (GDPR Article 6(1)(b)).
Processing: This service uses Google Script to interact with our Google Calendar (operated by Google LLC, USA). Your appointment data (name, email, date/time) is stored in Google Calendar to manage the booking.
Retention Period: Appointment data is stored for up to 2 years after the appointment date.

3.3 Cloudflare Turnstile

To protect against spam and abuse, this site uses Cloudflare Turnstile (operated by Cloudflare, Inc.). Turnstile analyzes user interactions to distinguish humans from bots, often without requiring a visual puzzle.

Data Collected: IP address, browser information, device information, and interaction data.
Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) in protecting the website from spam and misuse.
Retention: Cloudflare retains this data per its own policies (Cloudflare Privacy Policy).

3.4 Server Log Files

Our web hosting provider (Netlify, Inc.) automatically collects and stores information that your browser transmits, including:

• IP address (anonymized)
• Browser type and version
• Operating system
• Referrer URL
• Date and time of access
• Pages visited

Purpose: To ensure secure and reliable website delivery, security, system maintenance, and technical administration.
Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) in maintaining website functionality and security.
Retention Period: Log files are stored temporarily and automatically deleted by Netlify after approximately 30 days according to their privacy policy (Netlify Privacy Policy).

4. How We Use Your Data

We use your personal data for the following purposes:

• Contact Form Submissions: To respond to your inquiries and communicate with you
• Appointments: To manage appointments
• Security: To protect our website from abuse, spam, and security threats
• Technical Operations: To maintain and improve website functionality

We do NOT:

• Sell your personal data to third parties
• Use your data for marketing purposes without explicit consent
• Share your data except as described in this policy

5. Data Storage and Processing

Third-Party Services

We use the following third-party services that process personal data:

• Google Calendar / Google Script (Google LLC, USA) – for appointment booking and management (Google Privacy Policy). Google is certified under the EU-US Data Privacy Framework.
• Cloudflare, Inc. (USA) – spam protection via Turnstile (Cloudflare Privacy Policy). Cloudflare is certified under the EU-US Data Privacy Framework.
• Netcup GmbH (Austria) – VPS hosting for contact form processing (Netcup Privacy Policy). Data is processed within the EU (Austria).
• Netlify, Inc. (USA) – website hosting and delivery (Netlify Privacy Policy)

Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) – necessary for website operation, security, and reliable hosting.

Where third-party services act as data processors on our behalf, we have entered into Data Processing Agreements (DPAs) in accordance with Article 28 GDPR.

6. Data Transfers Outside the EU/EEA

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically:

• United States (Google services for booking, Netlify for hosting, Cloudflare for spam protection) – protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as approved by the European Commission

Data processed by Netcup GmbH for the contact form is hosted exclusively in Austria and does not leave the EU/EEA.

7. Cookies

This site uses only essential cookies. Cloudflare Turnstile, which we use for spam protection, is designed to work without setting non-essential cookies. Non-essential cookies are only set after your consent.

Essential Cookies

• cookie_consent – stores your consent choice; expires after 1 year

You can withdraw consent at any time by adjusting your browser settings or clearing cookies. Note that disabling cookies may affect website functionality.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Secure HTTPS/SSL/TLS encryption for data transmission
• Secure third-party service providers
• Regular security reviews

However, no internet transmission is completely secure. We cannot guarantee absolute security.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Access to your data (Art. 15 GDPR) – You can request a copy of the personal data we hold about you
• Rectification of incorrect data (Art. 16 GDPR) – You can request correction of inaccurate or incomplete data
• Erasure of your data (Art. 17 GDPR) – You can request deletion of your personal data ("right to be forgotten")
• Restriction of processing (Art. 18 GDPR) – You can request restriction of processing of your data
• Data portability (Art. 20 GDPR) – You can request your data in a structured, machine-readable format
• Withdrawal of consent (Art. 7(3) GDPR) – You can withdraw consent at any time by clearing your browser cookies
• Objection to processing (Art. 21 GDPR) – You can object to processing based on legitimate interests
• Right to lodge a complaint (Art. 77 GDPR) – with the Austrian Data Protection Authority

To exercise these rights, contact us at:
Click to reveal email adamcoates175 [at@] gmail [dot.] com

For GDPR requests, please include sufficient information to verify your identity (e.g., the email address used in the contact form). We will respond to your request within one month.

10. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Data Retention

We retain personal data only as long as necessary:

• Contact form submissions: 2 years after submission
• Appointments: 2 years after appointment date
• Server logs: Approximately 30 days
• Consent records: 3 years (for legal compliance)

12. Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority:

For Austria:
Österreichische Datenschutzbehörde
Website: https://www.dsb.gv.at/
Email: dsb@dsb.gv.at

13. Changes to This Policy

We may update this privacy policy from time to time. The "Last Updated" date at the top indicates when changes were made. Continued use of our website after changes constitutes acceptance of the updated policy. The latest version is always available on this page.

14. Contact Us

For any questions about this privacy policy or to exercise your rights, contact us at:

Email: Click to reveal email adamcoates175 [at@] gmail [dot.] com
Contact form submissions are forwarded as an email to this address via our secure server.
Response Time: We aim to respond within 48 hours