Privacy Policy

1. Data controller

Responsible for data processing within the meaning of Art. 4 No. 7 GDPR:

Data controller

Webagentur Hochmeir e.U.

Represented by

Jonathan Hochmeir

Address

Moorweg 7
4845 Rutzenmoos
Austria

Email

hello@webhoch.com

VAT ID

ATU78855106

2. Plain-language summary

Short and honest: This site is a pure HTML page. It does not store anything about you on our servers, sets no tracking cookies, has no analytics, no ad network, and no login. We do not want to know anything about you.

What technically still happens: whether you chose the "Simple" or "In Detail" mode is held solely in the address bar (as ?mode=… in the URL) — nothing is stored persistently in your browser. So that the site also works offline, a service worker places the site files in a local browser cache. In addition, your browser loads fonts from Google Fonts, and the server delivering this site briefly records — like any web server — that a request came from your IP address.

A special feature of this site is the interactive demo "What does this page know about you?". It runs entirely in your browser and sends nothing — details in section 6.

3. Server log files

When you visit this site, the web server automatically collects information in so-called server log files, which your browser transmits. These include:

• IP address of the requesting device
• Date and time of access
• Name and URL of the file accessed
• HTTP status code and amount of data transferred
• Referrer URL (previously visited page, if transmitted by the browser)
• Browser used and the operating system (user-agent)

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in technically error-free presentation and security of the IT systems).
Retention period: log files are kept for a maximum of 14 days and then automatically deleted.
Hosting: IONOS SE (registered office: Montabaur, Germany); data-centre location per provider contract within the EEA.
The data is not combined with other data sources.

4. Local browser storage (service worker / PWA cache)

This site sets no cookies and uses no localStorage for your data. Your mode choice ("Simple" / "In Detail") is not stored, but only reflected in the address bar as the parameter ?mode=…; on a fresh visit the site always starts in the simple view.

So that the site loads faster and stays usable without an internet connection (Progressive Web App), a service worker places copies of the site files — HTML, CSS, JavaScript, images — in a local cache in your browser. This cache stores no personal data, only the publicly retrievable components of the website itself.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a fast presentation that is also available offline).
Deletion: you can remove this cache at any time via your browser settings (clear site data).

5. Google Fonts

The website embeds the fonts Fraunces and Newsreader via the content delivery network Google Fonts. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit the site, your browser establishes a connection to Google's servers (fonts.googleapis.com and fonts.gstatic.com) to load the fonts. In doing so, your IP address and user-agent are transmitted to Google. Google may process this data in the USA.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in consistent and appealing presentation of the website).
Third-country transfer: The transfer to the USA is covered by the EU-US Data Privacy Framework Adequacy Decision (10.07.2023), provided Google is certified under the framework.
More info: policies.google.com/privacy

Note: If you want to avoid this, you can block fonts in your browser (e.g. with uBlock Origin or privacy browsers like Brave / Firefox with advanced settings). The site remains functional, but falls back to system fonts.

6. Interactive demo "What does this page know about you?"

This site contains an interactive demonstration that, at the press of a button, shows which environment and device information your browser reveals to every website of its own accord — such as the user-agent (browser & operating system), language, screen and window size, time zone, colour scheme, touch capability, cookie status and Do-Not-Track setting.

This demo runs entirely in your browser (client-side) and transmits nothing: the displayed values are read out exclusively, locally, from the properties of your browser and shown only on your own screen. There is no network request, nothing is sent to us or to third parties, and nothing is stored. This is additionally secured technically: with connect-src 'self', the Content Security Policy of this page does not permit any outbound data connection anyway — so nothing leaves your device.

Legal basis: Since no personal data whatsoever is collected, transmitted or stored, this demo does not constitute any processing by us within the meaning of the GDPR; the display serves solely your own information and awareness.

7. No third-party trackers, no analytics, no ads

We deliberately do not use:

• Google Analytics, Matomo, or comparable statistics tools
• Facebook Pixel, Twitter/X tracker, LinkedIn Insight Tag
• Ad networks (AdSense, Taboola, Outbrain, etc.)
• Tracking cookies or browser fingerprinting
• Embeds from YouTube, Vimeo, Instagram, etc. (no iframes)

8. External links

In the detailed mode ("In Detail") and in the FAQ section, you will find links to external websites (e.g. the Austrian Data Protection Authority, ec.europa.eu, creativecommons.org). These links are only followed after you actively click on them. We have no influence over the data processing of the linked providers.

Additionally, the floating "Powered by webhoch.com" badge in the bottom-right links to our sister site webhoch.com. This link is also only followed after you actively click on it.

9. Your rights

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR) — what we have stored about you (in this case: nothing persistently)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR, "right to be forgotten")
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing based on legitimate interests (Art. 21 GDPR)
• Right to lodge a complaint with the supervisory authority (Art. 77 GDPR) — the competent authority is the Austrian Data Protection Authority (DSB), Barichgasse 40-42, 1030 Vienna, Austria.

To exercise your rights, an informal notification by email to hello@webhoch.com is sufficient.

10. Retention period

We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations:

• Server log files: max. 14 days, then automatic deletion
• Local browser cache (service worker): until you clear site data (under your sole control); contains no personal data
• At the hosting provider (IONOS): standard retention periods per their privacy policy

No persistent storage beyond this takes place on our side — we operate no database, no account system and no analytics.

11. Recipients / categories of recipients

Personal data is generally not passed on to third parties. The following categories of recipients may technically gain knowledge:

• Hosting provider (IONOS SE, Montabaur, DE; data centre within the EEA) — IP address, server logs, request metadata for site delivery
• Content delivery network for fonts (Google Ireland Limited) — IP address and user-agent when loading Google Fonts
• Let's Encrypt (Internet Security Research Group, USA) — automated issuance of the SSL certificate; no personal data

Where required, data processing agreements pursuant to Art. 28 GDPR are in place with processors.

12. Transfer to third countries

When loading Google Fonts, the IP address and user-agent are transmitted to Google servers that may be operated in the USA. The transfer is covered by the EU-US Data Privacy Framework Adequacy Decision of the European Commission of 10.07.2023, provided Google is certified under the framework (currently the case: dataprivacyframework.gov/list).

No other third-country transfers take place.

13. Technical and organisational measures (TOMs)

We take appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access. Specifically:

• TLS/SSL encryption of all data transmission (Let's Encrypt, automatically renewed)
• HSTS header (HTTP Strict Transport Security, 2 years, preload-eligible) enforces HTTPS
• Content Security Policy (CSP) restricts the permitted resource sources (among others connect-src 'self', so that no data can be sent outbound)
• No database, no account system, no server-side storage of personal data
• Server access exclusively for authorised personnel via encrypted connections
• Security updates applied regularly

14. No automated decision-making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place that produces legal effects concerning you or similarly significantly affects you.

15. Encryption (TLS/SSL)

This site is delivered exclusively via a TLS-encrypted connection (HTTPS) (certificate by Let's Encrypt, automatically renewed). You can recognise a secure connection by the lock icon in your browser's address bar.

16. Changes to this policy

We reserve the right to adapt this privacy policy if the legal situation, technical processes, the services used or our offerings change. The version published on this website at any given time applies.