Skip to content
Bernhard Götzendorfer

Privacy Policy

Per GDPR

Introduction

The protection of your personal data is important to me. This privacy policy informs you under Art. 13 GDPR which data I process when you visit this website, for what purpose, and on which legal basis.

Data Controller

Name
Bernhard Götzendorfer
Address
Rittingergasse 15/11
1210 Wien
Österreich
Email
office@gotzendorfer.at

Data Collection on This Website

Contact Form

When you submit the contact form, the data you provide (name, email, company, message, package interest, language) along with a SHA-256 hash of your IP address and your user agent is stored in a Supabase database (USA, Standard Contractual Clauses). A copy of your message is sent to you as a confirmation email via Resend (USA). Additionally, the submission is forwarded via webhook to n8n (Germany) to initiate internal processing. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

Web Vitals Monitoring

The hosting platform Vercel (USA) collects aggregated, anonymous performance metrics (Core Web Vitals) to monitor site quality. No personal profiles are created and no cookies are set. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational quality).

Error Monitoring

To detect and resolve errors on this website, error stack traces, the requested URL, the user agent, and technical runtime information are transmitted to Sentry (Functional Software Inc., EU region / Frankfurt). Personal data such as IP addresses, email addresses, or form content is not transmitted (Sentry option `sendDefaultPii` disabled, additional scrubber for event metadata active). Additionally, performance data is sampled at 10 % to monitor site performance. Error events are retained by Sentry for 90 days by default. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in site stability and quality).

Appointment Booking (Cal.com)

On the /contact page, a Cal.com booking widget (USA) is embedded. The widget loads only after active interaction (click). Only then is connection data (IP, user agent) transmitted to Cal.com. Booking data (name, email, appointment) is processed directly at Cal.com. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures).

Web Fonts

Fonts are self-hosted via Next.js font optimization. When a page loads, no connections are made to external font servers (e.g. Google Fonts). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent presentation).

Hosting (Vercel)

This website is hosted by Vercel Inc. (USA). On page requests, Vercel records standard server logs (IP address, timestamp, URL requested, user agent, status code) to ensure operation. Legal basis: Art. 6(1)(b) GDPR (contract performance, hosting).

Cookies

This website does not set marketing or analytics cookies. Technically necessary cookies (e.g. Supabase auth session cookies for authenticated routes) are only set when you actively use the corresponding features. Because no non-essential cookies are set, no cookie-consent prompt is required.

Your Rights

As a data subject, you have the following rights regarding your personal data:

  • Art. 15

    Right of Access

    You have the right to confirmation whether personal data concerning you is being processed, and access to that data.

  • Art. 16

    Right to Rectification

    You have the right to demand the correction of inaccurate data or the completion of incomplete data.

  • Art. 17

    Right to Erasure

    You may request the deletion of your personal data, provided no legal retention obligation applies.

  • Art. 18

    Right to Restriction of Processing

    Under the conditions of Art. 18 GDPR, you may request a restriction on the processing of your data.

  • Art. 20

    Right to Data Portability

    You have the right to receive the data concerning you in a structured, commonly used, machine-readable format or to have it transmitted to another controller.

  • Art. 21

    Right to Object

    For reasons arising from your particular situation, you have the right to object at any time to the processing of your data.

Contact for Data Protection Requests

For questions about data protection or to exercise your rights, please contact:

office@gotzendorfer.at

Retention Periods

Contact Form Entries
6 months after processing is complete
Error Logs (Sentry)
90 days
Email Delivery Logs (Resend)
30 days

Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Name
Österreichische Datenschutzbehörde
Address
Barichgasse 40-42, 1030 Wien
Website
www.dsb.gv.at

International Data Transfer

Some service providers (Supabase, Resend, Cal.com, Vercel) process data in the USA. The transfer is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and the EU Commission adequacy decision (Data Privacy Framework, where applicable). Sentry and n8n process data within the EU.

Last updated: