Privacy Policy

1. Who we are / Data controller

The controller responsible for the processing of personal data on this website is:

[ Legal name ]
operating as Gradient Disco
[ Address, Vienna, Austria ]
E-mail: privacy@gradientdisco.com

This policy is compliant with the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

2. What data we collect and why

Contact form - email address

When you submit the contact form on this website, your email address is transmitted to and stored in Google Forms, operated on a Google Workspace business account held by Julian Erdödy. We use this data for two purposes:

• To respond to your enquiry - legal basis: Art. 6(1)(b) GDPR (steps taken at your request prior to a potential contract) and Art. 6(1)(f) GDPR (our legitimate interest in replying to inbound contact).
• To send you occasional product updates - only if you tick the opt-in checkbox on the form. Legal basis: Art. 6(1)(a) GDPR (your explicit consent). You can withdraw this consent at any time (see section 6).

We do not collect your name, phone number, or any other information beyond what you voluntarily provide in the form.

Server logs / hosting infrastructure

This website is hosted on Cloudflare Pages. When you visit the site, Cloudflare processes connection data (IP address, browser type, operating system, referring URL, date and time of access) as part of delivering the page and protecting it from abuse. This data is processed on Cloudflare's infrastructure and is not directly accessible to us in identifiable form - we only receive aggregate traffic statistics (page views, bandwidth). Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a secure and functional website).

Web fonts

This website loads fonts from Bunny.net (HostingKit GmbH, Austria), an EU-hosted font service that is designed to be GDPR-compliant and does not log visitor IP addresses.

3. What we do not collect

• We set no cookies of our own. Cloudflare may set a short-lived technical cookie (__cf_bm) if bot protection features are activated on our account - this cookie contains no personal information and expires within 30 minutes.
• We use no third-party analytics (no Google Analytics, no Meta Pixel, no heatmap or session-replay tools).
• We do not track your behaviour across other websites.
• We do not build user profiles or use your data for advertising.

4. Data processors and third-country transfers

We use the following processors to deliver this website and handle contact submissions:

We will never sell, rent, or otherwise share your personal data with third parties for their own commercial purposes. We may disclose data if required by law or a binding authority order.

5. Data retention

• Contact enquiries: we retain your email address and any correspondence for as long as necessary to handle your enquiry and any resulting business relationship, and for up to three years thereafter for documentation purposes, unless a longer statutory retention period applies.
• Product update opt-ins: we retain your email address for this purpose until you withdraw your consent.
• Cloudflare aggregate statistics: anonymised and not subject to personal data retention rules.

6. Your rights under GDPR

As a data subject you have the following rights, which you can exercise at any time by contacting us at privacy@gradientdisco.com:

• Right of access (Art. 15) - request a copy of the data we hold about you.
• Right to rectification (Art. 16) - request correction of inaccurate data.
• Right to erasure (Art. 17) - request deletion of your personal data.
• Right to restriction of processing (Art. 18) - request that we limit use of your data.
• Right to data portability (Art. 20) - request a machine-readable copy of your data.
• Right to object (Art. 21) - object to processing based on legitimate interest.
• Right to withdraw consent (Art. 7(3)) - if you opted in to product updates, you can withdraw consent at any time by emailing privacy@gradientdisco.com. Withdrawal does not affect the lawfulness of processing before withdrawal.

We will respond to requests within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Austrian Data Protection Authority:

Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna, Austria
www.dsb.gv.at

7. Security

All data is transmitted over encrypted connections (HTTPS/TLS). Access to contact form data in Google Workspace is restricted to authorised team members. While we take reasonable technical and organisational measures to protect your data, no transmission over the internet can be guaranteed to be completely secure.

8. Children's privacy

This website is directed at business professionals and organisations. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected such data, please contact us at privacy@gradientdisco.com and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page will always reflect the current version. Material changes will be communicated via the website. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

10. Contact

For any questions about this privacy policy or to exercise your rights:

privacy@gradientdisco.com
www.gradientdisco.com