Purposes of Processing, Data Categories, Legal Bases

2.1 Visiting the Website (Server Log Files)

Data: IP address, date/time, accessed URL, referrer, HTTP status, user agent, possible error logs.

Purpose: Operation and security of the website, detection of misuse/attacks, error analysis.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and stable operation).

Storage period: Usually short-term (e.g., up to 30 days); longer storage only for specific reasons (e.g., incident investigation).

2.2 Contact via Email

Data: Sender email, content/metadata of your message, name, phone number (if provided).

Purpose: Processing your request and communication.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual/contractual purposes) or Art. 6 (1) (f) GDPR (interest in efficient communication).

Storage period: Until your request has been fully processed; beyond that according to legal retention obligations.

2.3 Spam and Abuse Protection (Cloudflare Turnstile)

Data: technical connection data (e.g. IP address, referrer, browser type, operating system, language, time spent on the page), possibly interaction patterns within the form.

Purpose: To protect our online forms from automated spam and abuse ("bots"). Cloudflare Turnstile analyzes whether the form entry is made by a natural person.

Provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in secure and abuse-free website operation).

Note on third-country transfers: Cloudflare may process data in the USA. EU Standard Contractual Clauses ensure an adequate level of data protection.

Further information: https://www.cloudflare.com/privacypolicy/

2.4 Contact via WhatsApp (External Link)

What happens: If you click the link https://wa.me/436766295163, WhatsApp opens. Messages sent to us there are subject to the terms of WhatsApp (WhatsApp Ireland Ltd.).

Jointly processed data: WhatsApp processes communication and metadata (e.g., phone number, timestamps).

Legal basis: Art. 6 (1) (b) GDPR (communication for contract processing) or Art. 6 (1) (f) GDPR (legitimate interest in user-friendly contact options).

Note on data transfers to third countries: WhatsApp may process data outside the EU/EEA. Details on recipients, storage periods, and EU Standard Contractual Clauses can be found in WhatsApp’s privacy policy.

Tip: Do not share sensitive data (e.g., ID information) via WhatsApp.

2.5 Order Processing / File Upload & Editing (File Service)

Data: Original files you provide, order/vehicle details, requested adjustments, communication/invoice data.

Purpose: Review and technical processing according to your specifications; delivery of the edited file; customer communication; invoicing.

Legal basis: Art. 6 (1) (b) GDPR (contract/service performance).

Storage period: For contract performance and in accordance with Austrian tax/commercial retention obligations (usually 7 years); beyond that only as necessary (e.g., for corrections).

2.6 Payment (PayPal / Bank Transfer)

Payment methods: PayPal or bank transfer (prepayment), as stated in the Terms & Conditions.

PayPal: When using PayPal, payment data is processed directly by PayPal (PayPal Europe). We receive transaction-related information (e.g., payment receipt, transaction ID).

Legal basis: Art. 6 (1) (b) GDPR. See PayPal’s Privacy Policy for details.

Bank Transfer: Processing via your financial institution. We process only the data necessary for payment allocation and accounting.

Legal basis: Art. 6 (1) (b) and (c) GDPR.

2.7 Cookies

Usage: We only use technically necessary cookies (e.g., for navigation/session). No analytics, tracking, or third-party plugins.

Legal basis: §165 (3) TKG in conjunction with Art. 6 (1) (f) GDPR (necessary cookies).

Note: For strictly necessary cookies, no consent banner is required. (If optional cookies/tools are introduced in the future, a consent banner will be implemented.)

2.8 Web Analytics (Koko Analytics)

Data: Anonymous visit data (e.g., page views, referring URLs, approximate region, browser type).

Purpose: Statistical analysis of website visits to improve our content and performance.

Tool: We use Koko Analytics, a privacy-friendly analytics plugin for WordPress.
Koko Analytics does not set cookies and does not collect personal data.
All analytics data are stored only on our own server and are not shared with third parties.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in analysing website use in an anonymised way).

Storage period: Aggregated analytics data are automatically deleted after a reasonable period (default 6 months).