— LEGAL
Privacy Policy
This policy explains how SJ Design & Development GmbH (“I”) processes personal data on asksj.com, in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
Controller
SJ Design & Development GmbH, Felbigergasse 3/2/21, 1140 Vienna, Austria. Email: sj@asksj.com
Hosting
This website is hosted on Cloudflare’s global network (Cloudflare, Inc.). When you visit, Cloudflare processes technical connection data (e.g. IP address, browser type, time of request) to deliver the site securely. Legal basis: legitimate interest in secure, performant delivery (Art 6(1)(f) GDPR).
Contact form
When you use the contact form, I process the name, email address, and any company, website, and message details you provide, in order to respond to your enquiry. The message is delivered to me by email via Resend (Resend, Inc.). Legal basis: pre-contractual steps and legitimate interest in responding (Art 6(1)(b) and (f) GDPR). Enquiries are retained only as long as needed to handle your request and any resulting engagement.
Analytics
I keep a minimal, privacy-preserving record of page visits and link clicks to understand how the site is used: the page visited, the referring site, the country derived from your IP address (the IP address itself is not stored), and your browser and operating system. No cookies or browser storage are used for this, no cross-site tracking, no advertising, no fingerprinting. A short, random identifier groups events within a single page view and is discarded immediately afterwards. This data is stored in my own backend (Xano). Legal basis: legitimate interest in operating and improving the site (Art 6(1)(f) GDPR).
Local storage
The site stores a small preference in your browser’s local storage — your language choice (EN/DE). It stays on your device and is not transmitted to me.
Recipients & international transfers
Service providers acting as processors on my behalf: Cloudflare (hosting/CDN), Resend (transactional email), Xano (backend and data storage), and Slack (operational notifications). Where these providers process data outside the EU/EEA (e.g. in the United States), transfers are safeguarded by the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework.
Retention
Enquiry data from the contact form is kept only as long as needed to handle your request; if no engagement results, I delete it within 12 months. Where an enquiry leads to a project, the related commercial records are retained for 7 years to meet Austrian record-keeping obligations (BAO §132). Analytics records are retained in aggregate for up to 14 months.
Automated decision-making
No automated decision-making or profiling within the meaning of Art 22 GDPR takes place. The analytics described above are not used to evaluate or make decisions about you as an individual.
Data protection officer
Given the nature and scale of this processing, no data protection officer is required under Art 37 GDPR, and none has been appointed. For any data-protection matter, contact me directly at sj@asksj.com.
Your rights
You have the right of access, rectification, erasure, restriction of processing, data portability, and to object to processing. To exercise these rights, contact sj@asksj.com. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, dsb.gv.at).