Effective Date: June 9, 2025

1. Introduction
We are committed to protecting your personal data and respecting your privacy. This privacy policy explains how we handle personal data collected through our website, forms, cookies, analytics tools, and external service integrations. We comply with the European General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Contact Information
If you have any concerns or questions about your data, you can contact us at:
Email: office@example.com
Phone: +43 660 0000000

3. What Data We Collect
Depending on how you interact with us, we may collect the following data:

Identity and contact data: name, email address, phone number
Technical data: IP address, browser type, operating system, device type
Usage data: pages viewed, session duration, clicks, and scroll behavior
Form data: messages submitted via contact forms
Consent data: cookie preferences and consent choices
4. How We Collect Data
Data is collected directly through user interactions (e.g. form submission) or automatically through technologies such as cookies, server logs, and third-party scripts.

5. Cookies and Consent Management (Borlabs Cookie)
We use Borlabs Cookie to manage user consent for cookie usage. This system allows users to opt in or out of specific cookie categories (e.g. marketing, analytics). Consent is recorded and stored for legal compliance and can be revoked at any time by changing settings on our site.

6. Website Builder: Elementor
Our website is built using Elementor, a visual web design tool. Elementor processes anonymous usage data to ensure compatibility and optimize performance. Elementor forms may store submissions locally or integrate with third-party services.

7. Google Fonts
We embed fonts from Google Fonts to enhance typography. When you access a page, your browser loads the fonts from Google’s servers, which may involve transmission of your IP address. These requests are made to servers operated by Google LLC.

8. Google reCAPTCHA
We use Google reCAPTCHA to prevent abuse of forms by automated bots. reCAPTCHA collects user interaction data, such as mouse movement and time spent, and transmits it to Google for analysis. The use of reCAPTCHA is subject to Google’s Privacy Policy and Terms of Use.

9. Google Analytics
We use Google Analytics to measure how users interact with our website. Google Analytics collects anonymized data such as device type, IP address (truncated in the EU), user behavior, and referrer URLs. This helps us improve our content and user experience. Data retention in Google Analytics is limited to 14 months.

10. Use of Forms
When you submit a form (e.g. contact, inquiry), we collect the information you provide, such as your name, email, phone number, and message. This data is used solely for the purpose of responding to your inquiry and is not shared externally without your consent.

11. Legal Basis for Processing
We rely on the following legal grounds for processing your data:

Consent (Art. 6(1)(a) GDPR) – when you accept cookies or fill out forms
Contractual necessity (Art. 6(1)(b) GDPR) – if we have a business relationship
Legal obligations (Art. 6(1)(c) GDPR) – for tax, legal, or security reasons
Legitimate interests (Art. 6(1)(f) GDPR) – analytics, optimization, fraud detection
12. Who We Share Data With
We only share your data with third parties when necessary. This includes:

Hosting providers
Analytics and marketing providers (e.g., Google)
Consent managers (Borlabs)
IT service providers bound by confidentiality
13. International Data Transfers
Some services we use (e.g., Google) transfer data outside the EU. We ensure that these transfers are protected by standard contractual clauses or participation in recognized frameworks like the EU-U.S. Data Privacy Framework.

14. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this policy or to comply with legal obligations (e.g., accounting rules). Form data is stored for a maximum of 2 years unless otherwise required.

15. Your Rights Under GDPR
Access: You can request a copy of your personal data.
Correction: You can ask us to correct inaccurate or incomplete data.
Deletion: You can ask us to delete your data, subject to legal obligations.
Objection: You can object to data processing under legitimate interest.
Restriction: You can restrict processing under certain conditions.
Portability: You can request your data in a machine-readable format.
Withdrawal of Consent: You can withdraw consent at any time with future effect.
Complaint: You have the right to file a complaint with a supervisory authority.
16. Data Security
We implement appropriate security measures, including encryption, server-side firewalls, access controls, and regular backups, to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

17. Changes to This Policy
We reserve the right to amend this privacy policy at any time. Any significant changes will be communicated via the website. We recommend that you review this page regularly.

For any further information or privacy-related requests, please contact us at office@example.com.