Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about how Secure Strategies collects, processes, and protects your data.

1. Controller
Secure Strategies Bergthaler e.U.
Markus Bergthaler
Mitterwurzerweg 10a, 8047 Graz, Austria
Email: info@securestrategies.at
Phone: +43 677 61651821

2. Collection and Processing of Data
a) Contact Form
When you use our contact form, we collect your name, email address, and message. This data is used solely to process your inquiry. Processing is based on your consent (Art. 6(1)(a) GDPR), which you grant by submitting the form and activating the consent option. Your data will be deleted after your inquiry has been fully processed, unless statutory retention obligations apply (generally no later than 3 years).

b) Lead Magnet / Newsletter Resources
When you request free resources (e.g., scorecards, whitepapers) through our website, we collect your first name and email address. This data is used to deliver the requested resource and for subsequent email communication (maximum 3 emails over 7 days). Processing is based on your explicit consent (Art. 6(1)(a) GDPR). For email delivery, we use the service Brevo (Sendinblue), Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Brevo processes your data exclusively on our behalf and on the basis of a data processing agreement pursuant to Art. 28 GDPR. All data is stored on servers within the EU. You may withdraw your consent at any time by using the unsubscribe link in any email or by contacting us at info@securestrategies.at. Upon withdrawal, your data will be deleted promptly.

3. Server Log Data
Our hosting provider, Easyname GmbH, Fernkorngasse 10/3/13, 1100 Vienna, Austria, automatically collects server log data to ensure the operation of the website and to generate anonymized visitor statistics. This includes anonymized IP addresses, access times, accessed pages, and browser information. This data is not linked to personal information and is deleted after no more than 30 days, unless security incidents occur. The processing is based on our legitimate interest (Art. 6(1)(f) GDPR) to ensure website functionality and security.

4. Cookies and Web Analytics
a) Technically Necessary Cookies
Our website uses a technically necessary session cookie (PHPSESSID), which is required for the basic functionality of the website — specifically to store your language preference (German/English). This cookie is automatically deleted when you close your browser. As it is a technically necessary cookie within the meaning of § 165(3) TKG 2021 (Austrian Telecommunications Act), no separate consent is required.

b) Google Analytics
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies and similar technologies to analyze your use of the website. The information generated is generally transferred to and stored on a Google server. IP anonymization is enabled, so your IP address is truncated by Google within the EU/EEA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Data transfer to the USA is based on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR). Google will use this information on our behalf to evaluate website usage and compile reports on website activity. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in the statistical analysis of user behavior to optimize our website. Our Google Analytics Measurement ID is G-0W97200JS2. You can prevent data collection by Google Analytics by installing the browser add-on for disabling Google Analytics: https://tools.google.com/dlpage/gaoptout. For more information, see the Google Privacy Policy.

5. External Resources (Google Fonts, Font Awesome)
This website loads fonts from Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) and icons from Font Awesome (Fonticons, Inc., 307 S. Main St, Suite 202, Bentonville, AR 72712, USA) via Content Delivery Networks (CDN). When loading these resources, your IP address is transmitted to the respective providers. This is technically necessary for your browser to load the fonts and icons. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in a consistent and appealing presentation of our website. Data transmission is encrypted (HTTPS). For more information, see the Google Privacy Policy and the Font Awesome Privacy Policy.

6. Cloudflare Turnstile (Spam Protection)
To protect our contact form from automated abuse (spam), we use Cloudflare Turnstile provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When you use the contact form, certain technical data is processed, including your IP address, browser information, and interaction data required for abuse detection. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in protecting our website from spam and abusive requests. As Cloudflare, Inc. is based in the USA, data may be transferred to the USA. For more information, see the Cloudflare Privacy Policy.

7. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)

Contact us at info@securestrategies.at to exercise these rights.

8. Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR):

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

9. Data Security
We implement technical and organizational measures to protect your data. Data transmissions are encrypted (SSL/TLS). Our hosting provider Easyname stores all data on servers within the European Union.

10. Changes to this Privacy Policy
We reserve the right to update this privacy policy to comply with legal requirements. The current version is always available on this page.

Last updated: March 2026