Privacy Policy

As of: March 19, 2025

Table of Contents

• Data Controller
• Overview of Data Processing
• Relevant Legal Bases
• Transfer of Personal Data
• General Information on Data Storage and Deletion
• Rights of Data Subjects
• Provision of Online Services and Web Hosting
• Contact and Inquiry Management
• Presence on Social Networks (Social Media)
• Plugins and Embedded Functions and Content
• Changes and Updates
• Definitions

Data Controller

Christina Albrecher
Witzelsbergergasse 5
1150 Vienna
Austria

Email address: kontakt@christina-albrecher.at
Phone: 0650 / 673 97 16

Imprint: https://sharky/imprint.html

Overview of Data Processing

The following overview summarizes the types of processed data and the purposes for which they are processed, as well as referring to the data subjects involved.

Types of Processed Data

• Personal data
• Contact data
• Content data
• Usage data
• Metadata, communication, and process data
• Log data

Categories of Data Subjects

• Communication partners
• Users

Purposes of Processing

• Communication
• Security measures
• Organizational and administrative processes
• Feedback
• Provision of our online services and user-friendliness
• Information technology infrastructure
• Public relations

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. In individual cases, we will inform you of any more specific legal bases that are applicable in the privacy policy.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override the protection of personal data.

National Data Protection Regulations in Austria: In addition to the GDPR provisions, national regulations apply in Austria, especially the Federal Act for the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific regulations regarding the right of access, rectification or deletion rights, processing of special categories of personal data, processing for other purposes, transmission, and automated decision-making in individual cases.

Note on the applicability of the GDPR and Swiss Data Protection Act (DSG): This privacy notice serves both as information under the Swiss Data Protection Act (DSG) and under the GDPR. Therefore, we kindly ask you to note that for clarity and broader geographical application, we use the terms of the GDPR. Specifically, the terms "processing" of "personal data", "legitimate interest", and "special categories of data" used in the GDPR are used instead of those in the Swiss DSG, such as "handling" of "personal data", "overriding interest", and "sensitive personal data". However, the legal meaning of these terms will continue to be determined according to the Swiss DSG in the context of its applicability.

Transfer of Personal Data

As part of our processing of personal data, it may happen that data is transferred or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of the data may include service providers engaged with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and conclude appropriate contracts or agreements with the recipients of your data to protect your data.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consents are withdrawn or no further legal basis for processing exists. This applies to cases where the original purpose of processing no longer exists or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose retention is necessary for legal prosecution or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information about the retention and deletion of data that applies specifically to certain processing operations.

In the case of multiple retention periods or deletion deadlines for a given data, the longest period will apply.

If a retention period does not explicitly begin on a specific date and lasts at least one year, it will automatically start at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, where data is stored, the triggering event is the effective date of termination or the other termination of the legal relationship.

Data that is no longer used for the originally intended purpose but is retained due to legal requirements or other reasons will only be processed for the purposes that justify its retention.

Additional Notes on Processing Operations, Procedures, and Services:

• Retention and Deletion of Data: The following general periods apply according to Austrian law for the retention and archiving of data:
  • 10 years - Retention period for books, records, annual financial statements, inventories, management reports, opening balances, booking documents, and invoices, as well as all necessary work instructions and other organizational documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
  • 6 years - Other business documents: Received commercial or business letters, copies of sent commercial or business letters, and other documents if relevant for tax purposes, such as time sheets, operating accounting sheets, calculation materials, price labels, and payroll documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
  • 3 years - Data that are necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process associated inquiries, are stored for the duration of the regular legal statute of limitations of three years (§§ 1478, 1480 ABGB).

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly from Articles 15 to 21 of the GDPR:

• Right to Object: You have the right to object to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw any consents you have given at any time.
• Right to Access: You have the right to request confirmation as to whether your data is being processed, and to obtain information about this data as well as additional information and a copy of the data in accordance with legal requirements.
• Right to Rectification: You have the right to request the completion or rectification of inaccurate personal data concerning you in accordance with legal requirements.
• Right to Erasure and Restriction of Processing: You have the right to request the immediate erasure of your personal data, or alternatively, the restriction of its processing, in accordance with legal requirements.
• Right to Data Portability: You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller, in accordance with legal requirements.
• Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the location of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

Provision of the Online Offer and Web Hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and features of our online services to the user's browser or device.

• Processed Data Types: Usage data (e.g., page views and duration, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta-, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons); Log data (e.g., log files regarding logins or data retrieval or access times); Content data (e.g., text or image messages and contributions, along with related information such as authorship details or creation times).
• Affected Persons: Users (e.g., website visitors, users of online services).
• Purpose of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
• Storage and Deletion: Deletion in accordance with the details in the section "General Information on Data Storage and Deletion."
• Legal Grounds: Legitimate interests (Article 6(1)(f) GDPR).

Further Notes on Processing Processes, Procedures, and Services:

• Provision of Online Offer on Rented Storage Space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also known as "web hosting provider"). Legal Grounds: Legitimate interests (Article 6(1)(f) GDPR).
• Collection of Access Data and Log Files: Access to our online offer is logged in the form of "server log files." Server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transmitted data volumes, success/failure messages, browser type and version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. These server log files may be used for security purposes (e.g., to prevent server overloads, especially in the case of malicious attacks such as DDoS attacks), and also to ensure the stability of the servers and their performance; Legal Grounds: Legitimate interests (Article 6(1)(f) GDPR). Data Deletion: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes will be exempt from deletion until the respective incident is resolved.
• Email Sending and Hosting: The web hosting services we use also include sending, receiving, and storing emails. For these purposes, the email addresses of recipients and senders, along with other information related to email transmission (e.g., involved providers) and the contents of the respective emails, are processed. The aforementioned data may also be processed for spam detection. Please note that emails are generally not encrypted when sent over the internet. Emails are typically encrypted during transmission, but (unless end-to-end encryption is used) are not encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission of emails between the sender and the recipient on our server; Legal Grounds: Legitimate interests (Article 6(1)(f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via mail, email, phone, or social media) and in the context of existing user and business relationships, the information provided by the contacting individuals is processed to the extent necessary to respond to the inquiries and any requested actions.

• Processed Data Types: Master data (e.g., full name, address, contact details, customer number, etc.); Contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., text or image messages and contributions, along with related information such as authorship details or creation times).
• Affected Persons: Communication partners.
• Purpose of Processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online forms). Provision of our online services and user-friendliness.
• Storage and Deletion: Deletion in accordance with the details in the section "General Information on Data Storage and Deletion."
• Legal Grounds: Legitimate interests (Article 6(1)(f) GDPR).

Social Media Presences

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about ourselves.

We would like to point out that user data may be processed outside the European Union. This may present risks for users, as it may make it more difficult to enforce user rights.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles may be created based on user behavior and resulting interests. These profiles may then be used to place advertisements both within and outside the networks, which presumably match the users' interests. Therefore, cookies are typically stored on users' devices, which store user behavior and interests. Moreover, data may be stored in user profiles regardless of the devices used (especially if users are members of the respective platforms and logged in there).

For a detailed presentation of the respective processing forms and opt-out options, we refer to the privacy policies and notices of the operators of the respective networks.

Even in the case of requests for information and the exercise of data subject rights, we would like to point out that these are most effectively addressed to the providers. Only they have access to the user data and can directly take the corresponding measures and provide information. Should you require assistance, you may contact us.

• Processed data types: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts, as well as related information such as authorship or creation time); usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
• Data subjects: Users (e.g., website visitors, online service users).
• Purposes of processing: Communication; feedback (e.g., collecting feedback via online forms); public relations.
• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion."
• Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

• LinkedIn: Social network – We, together with LinkedIn Ireland Unlimited Company, are responsible for the collection (but not further processing) of data from visitors that is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content that users view or interact with, as well as actions taken by them. Additionally, details about the devices used are collected, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as data from user profiles, such as job function, country, industry, hierarchical level, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/pp.
  We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/addendum), which specifically regulates the security measures LinkedIn must follow and in which LinkedIn has agreed to fulfill the data subject rights (i.e., users can, for example, send requests for information or deletion directly to LinkedIn). The data subject rights (especially the right to access, deletion, objection, and the right to file a complaint with the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection and transmission of data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the responsibility of LinkedIn Ireland Unlimited Company, particularly regarding the transfer of data to the parent company, LinkedIn Corporation, in the USA.
  Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/pp; Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa), Data Privacy Framework (DPF) Standard Contractual Clauses (https://legal.linkedin.com/dpa). Opt-out: https://www.linkedin.com/retargeting-opt-out.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online services that are sourced from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (collectively referred to as "content").

The integration always requires that the third-party providers of these contents process the users' IP address, as they would not be able to send the content to the users' browsers without an IP address. Therefore, the IP address is required for the display of these contents or functions. We strive to use only such content for which the respective providers apply the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through these pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users' devices and may contain technical information about the browser and operating system, referring websites, visit times, and further details about the use of our online services, but may also be linked to information from other sources.

Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is the granted permission. Otherwise, user data is processed based on our legitimate interests (i.e., the interest in efficient, cost-effective, and user-friendly services). In this context, we would like to point out the information about the use of cookies in this privacy policy.

• Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time data, identification numbers, involved persons).
• Data subjects: Users (e.g., website visitors, online service users).
• Purposes of processing: Provision of our online services and user-friendliness.
• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Storage and Deletion." Storage of cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may be stored on the users' devices for a period of up to two years).
• Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, processes, and services:

• Google Fonts (hosted on our own server): Provision of font files for a user-friendly display of our online services; Service provider: The Google Fonts are hosted on our server, and no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
• Music & Sounds (hosted on our own server) Provision of music & sound files for more pleasure during gaming; Service provider: The music and sounds are hosted on our server, and no data is transmitted; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Special thanks to the artists:
  • Fun Little Happy Song by Seth_Makes_Sounds, https://freesound.org/s/722428/, License: Creative Commons 0
  • Despair Metal Trailer by LiteSaturation, https://freesound.org/s/785743/, License: Attribution NonCommercial 4.0
  • The Last Piano by cybercutie, https://pixabay.com/sound-effects/the-last-piano-112677/, License: Use Content for free
  • SNORE-02_44100 by stevielematt, https://freesound.org/s/760035/, License: Creative Commons 0
  • Success Fanfare Trumpets.mp3 by FunWithSound, https://freesound.org/s/456966/, License: Creative Commons 0
  • Slap_003.wav by jamesabels, https://freesound.org/s/166971/, License: Creative Commons 0
  • CollectCoin by bradwesson (Freesound), https://pixabay.com/sound-effects/collectcoin-6075/, License: Use Content for free
  • Collect Points by Liecio, https://pixabay.com/sound-effects/collect-points-190037/, License: Use Content for free
  • TrúngTayBạchTuột0 by SieuAmThanh, https://freesound.org/s/552023/, License: Creative Commons 0
  • Pain Sound in Mask by Hoggington, https://freesound.org/s/536603/, License: Creative Commons 0
  • wah wah sad trombone by kirbydx (Freesound), https://pixabay.com/sound-effects/wah-wah-sad-trombone-6347/, License: Use Content for free

Changes and Updates

We kindly ask you to regularly check the content of our privacy policy. We will update the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you if the changes require any action on your part (e.g., consent) or any other individual notification.

If we provide addresses and contact information for companies and organizations in this privacy policy, please note that these addresses may change over time. We kindly ask you to verify this information before making contact.

Definitions

This section provides an overview of the terminology used in this privacy policy. As far as the terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

• Master Data: Master data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data may include, among other things, personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Master data forms the foundation for any formal interaction between individuals and services, institutions, or systems, as it enables unique assignment and communication.
• Content Data: Content data includes information generated in the course of creating, editing, and publishing content of all kinds. This category of data can include texts, images, videos, audio files, and other multimedia content that is published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, authorship details, and publication dates.
• Contact Data: Contact data are essential pieces of information that enable communication with individuals or organizations. These include, among other things, phone numbers, postal addresses, and email addresses, as well as communication methods such as social media handles and instant messaging identifiers.
• Meta-, Communication, and Procedural Data: Meta-, communication, and procedural data are categories that include information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. This may include file sizes, creation dates, document authors, and revision histories. Communication data captures the exchange of information between users via various channels, such as email communication, call logs, social network messages, and chat histories, including the involved persons, timestamps, and transmission paths. Procedural data describes the processes and workflows within systems or organizations, including workflow documentation, transaction logs, and audit logs used for tracking and verifying operations.
• Usage Data: Usage data refers to information that tracks how users interact with digital products, services, or platforms. This data includes a broad range of information that shows how users utilize applications, which features they prefer, how long they stay on specific pages, and which paths they navigate within an application. Usage data may also include the frequency of use, activity timestamps, IP addresses, device information, and location data. These data are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences, and potential issues within digital offerings.
• Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); a natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
• Log Data: Log data are information about events or activities that are recorded in a system or network. These data typically include information such as timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data are often used for analyzing system issues, monitoring security, or generating performance reports.
• Controller: The "controller" is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.
• Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes almost any handling of data, including collecting, evaluating, storing, transmitting, or deleting it.

Created with the free Privacy Generator by Dr. Thomas Schwenke