Privacy Policy – Your Data at HOLTA

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Responsible Party

The responsible party for data processing on this website is:

HOLTA - Andreas Walker
Reitern 11
9781 Oberdrauburg
Austria

Email: holta@mailbox.org

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2. Data Collection on This Website

Contact Form

When you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website — for this purpose, the server log files must be collected.

3. Hosting

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

When you visit our website, data is automatically transmitted to Vercel. This may include the following data:

  • IP address
  • Date and time of access
  • Amount of data transferred
  • Browser and operating system

Data processing is based on Art. 6(1)(f) GDPR to provide and ensure the functionality of our website.

A data processing agreement has been concluded between us and Vercel to ensure compliance with data protection regulations.

4. Email Delivery

For sending emails via the contact form, we use the service Resend (Resend, Inc., 2261 Market Street #4822, San Francisco, CA 94114, USA).

When sending an email via our contact form, the following data is transmitted to Resend:

  • Name
  • Email address
  • Message

Data processing is based on Art. 6(1)(b) GDPR to fulfill our contractual obligations or to carry out pre-contractual measures.

Resend processes data in the USA. To ensure an adequate level of data protection, we have concluded Standard Contractual Clauses with Resend, which have been approved by the European Commission.

For more information, please refer to Resend's privacy policy: https://resend.com/legal/privacy-policy

5. Payment Processing with Stripe

For payment processing, we use the payment service provider Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Harbour, Dublin 2, Ireland).

Processed Data

During payment processing, the following data is transmitted to Stripe:

  • Name
  • Email address
  • Billing address
  • Payment information (credit card data, bank details)
  • Transaction data (amount, currency, time)
  • Order data (product, quantity)

Purpose of Data Processing

Data processing is carried out for:

  • Processing payments
  • Fraud prevention and risk assessment
  • Fulfilling legal obligations (e.g., retention requirements)
  • Processing refunds and chargebacks
  • Customer support

Legal Basis

Processing is based on Art. 6(1)(b) GDPR to fulfill the purchase contract and on Art. 6(1)(c) GDPR to fulfill legal obligations (e.g., retention requirements under commercial and tax law).

Data Sharing

Stripe processes data as a processor on our behalf. Stripe may share data with the following recipients:

  • Credit institutions and payment service providers
  • Fraud prevention services
  • Regulatory authorities (when legally required)
  • Stripe subsidiaries (particularly Stripe, Inc. in the USA)

International Data Transfer

Stripe partially processes data in the USA. To ensure an adequate level of data protection, Stripe has implemented Standard Contractual Clauses approved by the European Commission.

Retention Period

Stripe stores data in accordance with statutory retention periods and payment service provider requirements. Transaction data is typically stored for at least 7 years.

Your Rights

You have the right to request information from Stripe about the data stored about you. For more information, please refer to Stripe's privacy policy: https://stripe.com/privacy

Important: Your complete credit card data is not stored on our servers. Payment data is transmitted directly to Stripe and processed securely there.

6. Cookies

This website uses technically necessary cookies that are required for the operation of the website.

Stripe Cookies

When using the payment function, Stripe sets cookies that are required for the secure processing of the payment. These cookies are technically necessary and cannot be disabled.

For more information about Stripe cookies, please visit: https://stripe.com/privacy#cookies

7. Your Rights

You have the following rights:

Right of Access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed by us, and if so, to receive information about this data and additional details.

Right to Rectification (Art. 16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you.

Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of personal data concerning you. Please note, however, that we may not be able to immediately delete certain data due to statutory retention obligations (e.g., for invoices).

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of personal data concerning you.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR, for reasons arising from your particular situation.

Withdrawal of Consent

If the processing is based on consent, you have the right to withdraw your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The competent supervisory authority in Austria is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at

8. Data Security

We use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser during your website visit. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.

During payment processing via Stripe, your payment data is protected by modern encryption technologies. Stripe is PCI-DSS Level 1 certified, the highest security standard for payment service providers.

9. Changes to This Privacy Policy

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will apply to your next visit.

Last updated: January 16, 2025