1. Data Controller
2. Overview of Processing Activities
The following overview summarizes the types of personal data processed and the purposes of their processing, and identifies the relevant data subjects.
Types of Data Processed
- Master data (e.g., names, addresses)
- Contact data (e.g., email, telephone numbers)
- Content data (e.g., form submissions)
- Usage data (e.g., pages visited, access times)
- Meta/communication data (e.g., IP addresses)
Categories of Data Subjects
- Website users
- Communication partners
- Customers and prospects
3. Legal Basis
The following overview provides information on the legal basis under the GDPR on which I process personal data:
- Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing.
- Contract Performance (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract.
- Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of my legitimate interests.
4. Security Measures
I implement, in accordance with statutory requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Measures include in particular:
- Encryption of data transmission (SSL/TLS)
- Hosting with Infomaniak in Switzerland (EU equivalent)
- Regular security updates
- No data transfer to third countries
5. Hosting
This website is hosted with Infomaniak on servers in Switzerland. The hosting provider automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Time of the server request
- IP address (anonymized)
This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. I have a legitimate interest in the technically error-free presentation and optimization of my website.
6. Contact Requests
When contacting me (e.g., by email or telephone), the user's information is processed for handling the contact request and its processing in accordance with Art. 6(1)(b) GDPR.
The information may be stored in a Customer Relationship Management System (CRM System) or comparable request organization system. Requests are deleted once they are no longer required. The necessity is reviewed every two years; statutory archiving obligations remain unaffected.
7. Newsletter
On this website, you can subscribe to our newsletter. The following data is processed:
- Email address (required)
- First name (voluntary, for personalized communication)
- Interests (voluntary selection for thematic segmentation)
Registration Process (Double Opt-In)
Newsletter subscription uses the double opt-in procedure. After registration, you will receive an email asking you to confirm your subscription. Your data will only be added to the newsletter distribution list after you click the confirmation link.
Mailing Service Provider
The newsletter is sent via Infomaniak (Infomaniak Network SA, Rue Eugène-Marziano 25, 1227 Geneva, Switzerland). Infomaniak is a Swiss provider and processes your data on servers in Switzerland. Switzerland has been granted an adequacy decision by the European Commission under Art. 45 GDPR, ensuring an adequate level of data protection.
For more information about data protection at Infomaniak, visit: infomaniak.com/privacy-policy
Legal Basis
The processing of your data is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw this consent at any time by unsubscribing via the unsubscribe link in any newsletter email or by contacting us at mail@colourspace.com.
Storage Duration
Your data will be stored as long as you have subscribed to the newsletter. After unsubscribing, your data will be deleted from the distribution list, unless statutory retention obligations apply.
8. Cookies
This website uses no cookies for analytics or tracking purposes. No data is transmitted to third-party providers such as Google, Facebook, or others.
Should technically necessary cookies be used in the future (e.g., for forms or login areas), you will be informed of this.
9. No External Services
This website loads no external resources from third-party providers:
- No Google Fonts – fonts are hosted locally
- No Google Analytics or similar tracking tools
- No social media plugins
- No external CDNs
This means that no data is transmitted to servers outside Austria or the EU when visiting this website.
10. Your Rights
As a data subject, you have the following rights:
- Right of Access (Art. 15 GDPR) – You have the right to request confirmation of whether personal data concerning you is being processed.
- Right to Rectification (Art. 16 GDPR) – You have the right to request the rectification of inaccurate data.
- Right to Erasure (Art. 17 GDPR) – You have the right to request the deletion of your data.
- Right to Restrict Processing (Art. 18 GDPR) – You have the right to request restriction of processing.
- Right to Data Portability (Art. 20 GDPR) – You have the right to receive your data in a structured, commonly used format.
- Right to Object (Art. 21 GDPR) – You have the right to object to processing at any time.
- Right to Withdraw Consent (Art. 7(3) GDPR) – You have the right to withdraw given consent at any time.
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Telephone: +43 1 52 152-0
Email: mail@colourspace.com
Website: www.dsb.gv.at
12. Changes to This Privacy Policy
I reserve the right to update this Privacy Policy to ensure it always complies with current legal requirements or to implement changes to my services. This updated Privacy Policy will apply to your next visit.