Privacy Policy

1. Data controller

Responsible for data processing within the meaning of Art. 4 No. 7 GDPR:

Data controller

Webagentur Hochmeir e.U.

Represented by

Jonathan Hochmeir

Address

Moorweg 7
4845 Rutzenmoos
Austria

Email

hello@webhoch.com

VAT ID

ATU78855106

2. Plain-language summary

Short and honest: This site is a pure HTML page. It does not store anything about you on our servers, sets no tracking cookies, has no analytics, no ad network, and no login. We do not want to know anything about you.

What technically still happens: whether you chose the "Simple" or "In Detail" mode is held exclusively in the address bar (as ?mode=… in the URL) — nothing is stored permanently in your browser. So that the site also works offline, a Service Worker places the page files in a local browser cache. In addition, the site loads its fonts from the same server (no Google, no third parties), and the server delivering this site briefly records — like any web server — that a request came from your IP address.

More details below.

3. Server log files

When you visit this site, the web server automatically collects information in so-called server log files, which your browser transmits. These include:

• IP address of the requesting device
• Date and time of access
• Name and URL of the file accessed
• HTTP status code and amount of data transferred
• Referrer URL (previously visited page, if transmitted by the browser)
• Browser used and the operating system (user-agent)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in technically error-free presentation and security of the IT systems).
Retention period: log files are kept for a maximum of 14 days and then automatically deleted.
Hosting: IONOS SE (registered office: Montabaur, Germany); data-centre location per provider contract within the EEA.
The data is not combined with other data sources.

4. Local browser storage (Service Worker / PWA cache)

This site sets no cookies and uses no localStorage for your data. Your mode choice ("Simple" / "In Detail") is not stored but only reflected in the address bar as the parameter ?mode=…; on a fresh visit the site always starts in the simple view.

So that the site loads faster and remains usable without an internet connection (Progressive Web App), a Service Worker places copies of the page files — HTML, CSS, JavaScript, images — in a local cache in your browser. No personal data is stored in this cache, only the publicly retrievable components of the website itself.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a fast presentation that is also available offline).
Deletion: you can remove this cache at any time via your browser settings (clear site data).

5. Fonts

The website uses the fonts Fraunces and Newsreader. These are self-hosted (first-party) and delivered directly from the same server that also serves this page.

Loading the fonts establishes no connection to Google or any other third party. No IP address and no user-agent are transmitted to Google or any content delivery network, and no third-country transfer takes place.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in consistent and appealing presentation of the website).

Note: Because the fonts are served first-party, there is nothing to block here — no data leaves your browser towards third parties.

6. No third-party trackers, no analytics, no ads

We deliberately do not use:

• Google Analytics, Matomo, or comparable statistics tools
• Facebook Pixel, Twitter/X tracker, LinkedIn Insight Tag
• Ad networks (AdSense, Taboola, Outbrain, etc.)
• Tracking cookies or browser fingerprinting
• Embeds from YouTube, Vimeo, Instagram, etc. (no iframes)

7. External links

In the detailed mode ("In Detail") and in the FAQ section, you will find links to external websites (e.g. of standards bodies, authorities or educational organisations). These links are only followed after you actively click on them. We have no influence over the data processing of the linked providers.

Additionally, the floating "Powered by webhoch.com" badge in the bottom-right links to our sister site webhoch.com. This link is also only followed after you actively click on it.

8. Your rights

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR) — what we have stored about you (in this case: nothing persistently)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR, "right to be forgotten")
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to lodge a complaint with the supervisory authority (Art. 77 GDPR) — competent authority is the Austrian Data Protection Authority (DSB), Barichgasse 40-42, 1030 Vienna, Austria.

To exercise your rights, an informal notification by email to hello@webhoch.com is sufficient.

9. Retention period

We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations:

• Server log files: max. 14 days, then automatic deletion
• Local browser cache (Service Worker): until you clear site data (under your sole control); contains no personal data
• At the hosting provider (IONOS): standard retention periods per their privacy policy

No persistent storage beyond this takes place on our side — we operate no database, no account system and no analytics.

10. Recipients / categories of recipients

Personal data is generally not passed on to third parties. The following categories of recipients may technically gain knowledge:

• Hosting provider (IONOS SE, Montabaur, DE; data centre within the EEA) — IP address, server logs, request metadata for site delivery
• Let's Encrypt (Internet Security Research Group, USA) — automated issuance of the SSL certificate; no personal data

Where required, data processing agreements pursuant to Art. 28 GDPR are in place with processors.

11. Transfer to third countries

For the presentation of the site (including the fonts), no personal data is transferred to third countries. The fonts are served first-party from the same server, so no IP address and no user-agent are sent to Google or any content delivery network.

No other third-country transfers take place.

12. Technical and organisational measures (TOMs)

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Specifically:

• TLS/SSL encryption of all data transmission (Let's Encrypt, automatically renewed)
• HSTS header (HTTP Strict Transport Security, 2 years, preload-eligible) enforces HTTPS
• Content Security Policy (CSP) restricts allowed resource sources
• No database, no account system, no server-side storage of personal data
• Server access exclusively for authorised personnel via encrypted connections
• Security updates applied regularly

13. No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

14. Encryption (TLS/SSL)

This site is delivered exclusively via a TLS-encrypted connection (HTTPS) (certificate by Let's Encrypt, automatically renewed). You can recognise a secure connection by the lock icon in your browser's address bar.

15. Changes to this policy

We reserve the right to adapt this privacy policy if the legal situation, technical processes, services used or our offerings change. The version published on this website at any given time applies.