Legal

Privacy Policy

Information on the processing of personal data pursuant to Art. 13 and 14 GDPR and the Austrian Data Protection Act (DSG).

Last updated: 2026-07-02

This is a courtesy English translation. The legally binding version is the German original.

1. Controller

The controller for data processing on this website is:

DJ Web Systems
Owner: Daniel Jakic
Grabenfeldstraße 41, 8600 Bruck an der Mur
Styria, Austria
Email: kontakt@dj-websystems.com

2. Your rights as a data subject

Under the GDPR you generally have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise these rights, an informal email to the address above is sufficient. You also have the right to lodge a complaint with the Austrian Data Protection Authority: dsb.gv.at.

3. Server log files (hosting with Hetzner)

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The servers are located exclusively in the European Union (Falkenstein and Nuremberg). A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner.

On every page request, technically necessary information is processed on the web server and stored in log files:

  • IP address of the requesting device
  • Date and time of access
  • Requested URL and HTTP status code
  • Amount of data transferred
  • Referrer URL and user agent (browser, operating system)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the operation, security and stability of the website).
Transfer to third countries: does not take place at the hosting level — the entire web server operation takes place within the EU.
Retention period: log files are deleted automatically after a maximum of 30 days, unless security-relevant events require longer retention.

4. Contact forms (analysis and consultation request)

This website offers two forms: the analysis form (“Free website analysis”) and the contact form. When you submit a form, the data you enter is transmitted encrypted (HTTPS / TLS 1.3) to our worker running on Cloudflare. The worker validates the input (including a DNS lookup of the email domain provided) and triggers two automated emails via Resend: a request email to us and a confirmation email to the address you provided.

Data processed: name, email address, optionally organisation, the URL of the website to be analysed and/or your message.

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures) and (f) GDPR (legitimate interest in modern, traceable request processing).
Spam protection: a hidden honeypot field and an IP-based rate limit (Cloudflare KV, max. 12 attempts/minute, stored for max. 2 minutes). No third-party CAPTCHA, no user tracking.
Retention period: until the request has been finally processed; if an order results, statutory tax retention periods apply (§ 132 BAO – 7 years).
Email hosting: the inbox runs via Google Workspace (Google Ireland Ltd.); the automated emails are sent via Resend Inc. — both documented in Section 9 (processors) including the legal basis for the third-country transfer.

5. AI chat assistant (bottom right)

Our website features a chat assistant (“AI chat”). Before first use, we inform you about the data processing; the chat only becomes active after you actively click “Understood, start chat”. Your consent is stored locally in your browser (LocalStorage entry djws-chat-consent) — no transmission to our servers.

Data processed: the content of your chat messages, IP address (for rate limiting, stored for max. 2 minutes in Cloudflare KV), optional details (name, email, website URL) if you use the chat form for a booking or analysis request.

Processing chain: browser → Cloudflare Worker (EU edge) → OpenAI Ireland Ltd. (model gpt-4o-mini; sub-processing partly in the USA). For a request via the chat, additionally: Resend Inc. for sending the email to our inbox.

Retention period: messages are kept only in browser memory during the conversation and discarded when the page is closed. No permanent conversation history is stored on our site or the services used.
Legal basis: Art. 6(1)(a) GDPR (consent via the consent confirmation) and (f) (legitimate interest in a modern way of making first contact).
Model training: according to the DPA, OpenAI does not use API input to train its models.
Withdrawal: possible at any time by clearing the browser storage or sending an informal email to kontakt@dj-websystems.com.

6. Appointment booking (Google Calendar Appointment Schedules)

Via the booking page or the booking button in the chat, you can book an intro-call slot in our Google Calendar. The booking interface is embedded via click-to-load — i.e. the connection to Google is only established and content (including your IP address) transmitted after you explicitly click “Load calendar here”. Without this click, no data is transferred to Google. Alternatively, you can open the booking in a new tab.

Your details (name, email, optional comment) are processed under our existing Workspace contract with Google Ireland Ltd.

Legal basis: Art. 6(1)(b) GDPR (performance of pre-contractual measures) and (f).
Retention period: appointment data remains in our calendar until it is no longer needed for the business relationship; statutory tax retention periods remain unaffected.

7. Audience measurement with Umami (cookieless)

To analyse how this website is used, we employ the open-source software Umami. Umami is self-hosted by us — on the same Hetzner server in the EU that also serves this website. No data is transferred to third parties and no third-country transfer takes place.

Umami works without cookies and without cross-device tracking. Your IP address is not stored; it is used only to determine your approximate location (country) and for a short-lived, hashed distinction of visits — identifying you as a person is not possible. Only aggregated metrics are collected: pages viewed, referrer, country, browser and device type.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly audience measurement). Since no cookies are set and no personal profiles are created, no consent — and therefore no cookie banner — is required.

We deliberately do without tracking cookies, third-party web analytics tools (e.g. Google Analytics) and advertising pixels. Beyond that, the website only uses technically necessary storage entries (e.g. the LocalStorage key described above for chat consent).

8. No embedded third-party content

We do not load fonts, maps, videos or scripts from third parties that would transmit your IP address to external servers without consent. The fonts used are self-hosted (no call to fonts.googleapis.com or similar).

9. Processors

To provide the website, we use the following processors or service providers:

ProviderPurposeLocationLegal basis for third-country transfer
Hetzner Online GmbHWeb hostingGermany (EU)DPA under Art. 28 GDPR, no third-country transfer
Cloudflare Inc.Edge compute for the AI chat, rate limiting (KV)USA / EU edgeDPF + SCC (Art. 46 GDPR)
OpenAI Ireland Ltd.AI chat answers (model gpt-4o-mini), sub-processing by OpenAI Global LLC (USA)Ireland (EU) / USAEU contract with OpenAI Ireland; US sub-processing via DPF + SCC; no model training per the DPA
Resend Inc.Transactional email sending for chat requestsUSADPF + SCC (Art. 46 GDPR)
Google Ireland Ltd.Business email (Workspace), appointment booking (Appointment Schedules)Ireland (EU) / USADPF + SCC (Art. 46 GDPR)

10. Data security

We use end-to-end TLS encryption (HTTPS) for all data transfers on this website. Access to our internal systems is secured with strong passwords and two-factor authentication.

11. Changes to this privacy policy

We reserve the right to adapt this privacy policy if the legal situation, our services or the data processing change. The current version is always available at this address.

See also our Imprint.