Information in accordance with Articles 13 and 14 GDPR - Privacy Policy

I am committed to protecting personal data. The use of my website and my business activities generally involve the processing of personal data. To make these data processing activities transparent, I want to inform you in my privacy policy about how I process personal data and what rights you have in this context. If you have any further questions, you will find my contact details below.

1. Who I am and how you can contact me if you have questions

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:
David Wippel
Glücksallee 8
3012 Wolfsgraben
Email: david@davidwippel.com

2. My data processing - for what purposes and on what legal bases I process personal data

2.1 General

I process personal data in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR, Regulation [EU] 2016/679) and the Austrian Data Protection Act (DSG). Processing takes place only on the basis of a legal ground (in particular pursuant to Article 6(1)(a) – (f) GDPR), which is specified below for each data processing. All employees entrusted with the processing are obliged to maintain the confidentiality of your data (data secrecy). I do not carry out automated decision-making.

As a rule, I collect personal data directly from the data subject. In individual cases, I collect and store personal data (in particular name, contact information) based on correspondence with my customers and business partners or from publicly accessible sources (e.g. telephone book, websites, commercial register) on the basis of Article 6(1)(f) GDPR (and in this case not directly from the data subject) if this is necessary for the provision of my services or for contacting and administration, which is also my legitimate interest.

2.2 Operation of my website

Whenever you access my website (davidwippel.com), your computer (device) or browser automatically transmits certain information to enable the visit or operation of the website:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (page/content to be retrieved)
  • Access status/HTTP(S) status code
  • URL of the previously visited website
  • Browser and browser version
  • Operating system and its interface

This data is stored in the log files of my system. This data is not stored together with other personal data of the user.

Legal basis and purpose of data processing

The legal basis for the processing of the data and their temporary storage in log files is Article 6(1)(f) GDPR. The temporary storage of the aforementioned data by the system is necessary to enable the delivery of the website to the user's device. The storage in log files is done to ensure the functionality of the website. In addition, the data serve us to optimize the website and to ensure the security of my information technology systems, in particular to ensure the integrity, confidentiality, and availability of the data processed via my website. In these purposes also lies my legitimate interest in data processing according to Article 6(1)(f) GDPR.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of storage of the data in log files, this is the case after at most seven days, unless further processing is required to clarify a (suspected) attack. Personal data collected during the operation of the website will only be disclosed by me in the event of a (suspected) data security incident or a criminal offense (e.g., an attack) for the purpose of terminating the attack, investigating, prosecuting, and asserting claims against third parties (in particular experts and competent state authorities).

2.3 Social Media

I use social media to present my work through common communication channels. Each social medium has its own policies on how your personal data is processed when you access its pages. For example, if you access a LinkedIn link, you will be explicitly asked to agree to the acceptance of LinkedIn cookies. If you have concerns or questions about the use of your personal data, you should carefully read the privacy policies of the social media providers before using these services:

  • https://www.linkedin.com/legal/privacy-policy
  • https://help.instagram.com/519522125107875

2.4 Provision of services and customer support and information in this context (distribution and offer of my services and management of these services)

I process personal data for the purpose of providing my services, customer support and information, including internal documentation and administration. The legal bases for the processing of the data are the performance of a contract or the implementation of pre-contractual measures (Article 6(1)(b) GDPR), provided that the data subject (natural person) is directly a party to the contract; the fulfillment of legal obligations (Article 6(1)(c) GDPR) and my legitimate interests (Article 6(1)(f) GDPR), in particular interests in asserting or defending my own legal claims as well as internal administration within the company.

For a contract to be concluded, the provision of certain personal data is required by law or contractually, to which the respective data subject is obliged; otherwise, no contract can be concluded (and thus no service can be provided).

2.5 Contact and online appointment scheduling

When contacting me (e.g., via online appointment scheduling or email), the information provided by the requester (name, contact details, other information) will be processed for documentation, handling, and response to the request. I offer an online appointment scheduling option on my website. The data required to answer a request is marked as mandatory fields. The provision of further data is voluntary.

The basis for the processing of this data is my legitimate interest in the proper documentation, handling, and response to the request (Article 6(1)(f) GDPR); in the case of contact in an existing customer relationship or the initiation of a business relationship, I rely on the performance of a contract or the implementation of pre-contractual measures (Article 6(1)(b) GDPR).

If you contact me to fulfill your work or civil law obligations as an employee (service provider) for your employer or other client, I also have a legitimate interest in the proper documentation, handling, and response to the request (Article 6(1)(f) GDPR), which also includes your data as an external contact person; in the case of contact in an existing customer relationship or the initiation of a business relationship, I rely on the performance of a contract or the implementation of pre-contractual measures (Article 6(1)(b) GDPR).

For the functionality of booking a free initial consultation, I link to the SavvyCal service of Unstack, LLC, 5123 W 98th St #1025, Minneapolis, MN 55437 USA. This service has its own policies on how your personal data is processed when you access its pages. If you use the functionality of booking a free initial consultation, your personal data will be processed by SavvyCal (Unstack, LLC) according to SavvyCal's privacy policy, which you can access at the following link: https://savvycal.com/privacy If you do not want to use the functionality of booking a free initial consultation via SavvyCal, please contact me for an appointment by phone or email at the contact details also provided on my page for booking a free initial consultation.

For sending our newsletter, we use the service of ConvertKit, Inc., 750 West Bannock Street #761, Boise, Idaho 83701-0761 USA. This service has its own policies regarding the processing of your personal data when you subscribe to the newsletter. If you subscribe to our newsletter, your personal data will be processed by ConvertKit according to their privacy policy, which you can access at the following link: https://convertkit.com/privacy.

For contact purposes, we use the form provided by Tally.so, operated by Tally B.V., August Van Lokerenstraat 71, 9050 Gentbrugge, Belgium. This service has its own policies for processing your personal data. When you use our contact form, your personal data will be processed by Tally.so in accordance with their privacy policy, which you can access at the following link: https://tally.so/help/privacy-policy

3. How long do I store personal data?

Unless otherwise specified in the respective processing, I generally store personal data for as long as it is necessary to ensure the fulfillment of the stated purposes or as long as I am legally obliged to do so.

This means for business letters, contracts, bookings, etc. according to § 212(1) UGB and § 132(1) BAO: Until the end of the business relationship or until the expiration of the applicable limitation and statutory retention periods (in particular at least 7 years to prove compliance with tax, levy, and corporate law retention obligations); in addition, until the end of any legal disputes in which the data is required as evidence. For services where claims for damages or other titles are asserted, for the necessary duration (between 3 and 30 years). For inquiries (contact): Personal data that you voluntarily provide to us will be stored by me for the purpose of providing the associated processing and record-keeping (up to 3 years after completion or termination), unless a longer retention period is required for the fulfillment of a legal obligation or for the assertion or defense of legal claims.

4. Rights of the data subject

Provided that the respective statutory requirements are met, you can exercise the following data subject rights:

  • Right of access: You can request confirmation as to whether personal data about you is being processed and request information about this data and the information according to Article 15 GDPR.
  • Right to rectification: If I process incorrect or incomplete data about you (Article 16 GDPR).
  • Right to erasure: Of your personal data if the conditions of Article 17 GDPR are met.
  • Right to restriction: Of the processing of your data (Article 18 GDPR).
  • Right to data portability: Of the data you have provided to me, if the processing is based on consent (Article 6(1)(a) or on a contract (Article 6(1)(b) and the processing is carried out using automated procedures (Article 20 GDPR).

In the case of processing based on legitimate interests (according to Article 6(1)(f) GDPR), you have the right to object to the processing of your personal data according to Article 21 GDPR, provided that there are reasons for this arising from your particular situation. In the case of processing for direct marketing purposes, this right exists without restrictions.

You can revoke consents given for the processing of personal data at any time, please contact me (see my contact details). The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.

4.1 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority responsible for you (in Austria: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at) if you believe that the processing of personal data concerning you violates the GDPR or your data subject rights have been violated. I ask you to contact me first in cases where you were not completely satisfied with me so that I can have an opportunity to correct any errors immediately.