Privacy Policy / Datenschutzerklärung

1. Controller

The controller responsible for data processing on this site is:
Oliver Rotter (Aquarius Design)
Bernoullistraße 4/12/6, 1220 Wien, Österreich
E-Mail: contact@oliver-rotter.com

2. Categories of data, purposes, and legal bases

a) Server log data

When you visit the site, our hosting provider automatically processes technical access data (IP address, date and time of the request, the URL requested, referrer, and browser / user-agent string). This is necessary to deliver the site, ensure stability, and protect against misuse. Legal basis: legitimate interest in a secure, functioning website (Art. 6(1)(f) GDPR). This data is not combined with other data to identify you.

b) Cookies

This website sets no tracking, advertising, profiling, or analytics cookies. For that reason, no cookie-consent banner is required. Any cookie that may be set is strictly necessary for the basic operation of the site. Where you actively use an embedded third-party feature (for example the Cal.com booking widget), that provider may set its own cookies when you interact with it; such cookies are governed by the provider's own privacy policy.

c) Contact form

If you use the contact form, we process the name, email address, the type of project you select, and any message you write, in order to read and reply to your enquiry. The form requires you to actively confirm consent to be contacted, and we record the time and basis of that consent. Legal basis: your consent (Art. 6(1)(a) GDPR) and the taking of steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR). You may withdraw your consent at any time with effect for the future by emailing the address above.

d) Quiz / funnel

If you complete a quiz or funnel, we process the answers you submit and, if you provide it, your email address, in order to generate a tailored result and follow up. Where AI is used to score or summarise your answers, this is described in section 3(e). Legal basis: your consent and pre-contractual steps at your request (Art. 6(1)(a) and (b) GDPR).

e) Bookings

If you book a call through the embedded Cal.com scheduler, the data you enter (such as name, email, and selected time) is processed to arrange and hold that appointment. Legal basis: pre-contractual steps at your request (Art. 6(1)(b) GDPR).

f) Email

If you opt in to receive emails, we process your email address to send the messages you requested. Legal basis: your consent (Art. 6(1)(a) GDPR). Every email contains a one-click unsubscribe link; unsubscribing takes effect immediately and your address is suppressed from future sends.

3. Processors and third-party services

We use the following service providers, who process personal data on our behalf under a data-processing agreement (Art. 28 GDPR) or, where they are independent controllers, under their own terms:

• Cloudflare, Inc. — hosting, content delivery, and edge compute that serve this site. Processing may take place on EU infrastructure; international transfers are covered by the EU Standard Contractual Clauses.
• Supabase — database hosting for content, leads, and form submissions. Project region: European Union.
• Resend — delivery of transactional and opt-in marketing email.
• Cal.com — scheduling of discovery calls, used only if you choose to book a call.
• Anthropic and OpenAI — AI services used to generate website content and to score or summarise quiz answers where that feature is offered. These providers are located outside the EEA; international transfers are covered by the EU Standard Contractual Clauses. We do not use your data to train third-party AI models.

4. International transfers

Where a provider processes data outside the European Economic Area (in particular US-based providers such as Cloudflare, Anthropic, and OpenAI), the transfer is safeguarded by the European Commission's Standard Contractual Clauses and, where applicable, the provider's certification under the EU-US Data Privacy Framework. You may request a copy of the relevant safeguards using the contact details above.

5. Retention

We keep personal data only as long as necessary for the purposes set out above:

• Server log data: deleted or anonymised within a short period by the hosting provider.
• Contact, quiz, and booking enquiries: kept for the duration of our correspondence and for a reasonable period afterwards to manage the relationship, then deleted on request or when no longer needed.
• Email subscriber data: kept until you unsubscribe or ask us to delete it; suppression records are retained as long as needed to honour your unsubscribe.
• Where retention is required by Austrian tax or commercial law, the relevant statutory periods apply.

6. Your rights

Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21). Where processing is based on consent, you may withdraw that consent at any time with effect for the future. To exercise any of these rights, contact us at contact@oliver-rotter.com.

7. Right to complain

You have the right to lodge a complaint with a supervisory authority. In Austria the competent authority is the Österreichische Datenschutzbehörde (dsb.gv.at). You may also complain to the supervisory authority of your EU member state of residence or workplace.

8. Changes to this policy

We may update this policy as our processing changes. The current version is always available on this page, with the date of the last update shown above.