Privacy Policy.
1. Data Controller
The protection and security of your personal data is our highest priority. We process your data in full compliance with the European General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021).
The controller responsible for the processing of your data within the meaning of Art. 4(7) GDPR on the website https://roleplaytalesvienna.at/ is:
Christian Fasching
1120, Vienna, Austria
Email: office@roleplaytalesvienna.at
Phone: +43 677 61448335
Website: https://roleplaytalesvienna.at/
If you have any questions regarding data protection or wish to exercise your rights as a data subject, you may contact us at any time using the details provided above.
2. Categories of Processed Data, Purposes and Legal Bases
We collect and process personal data that is generated through the use of our website and through the use of our services (such as contact requests or bookings of game masters). Processing is always carried out on the basis of a valid legal ground pursuant to Art. 6(1) GDPR. The following overview details the primary processing activities:
| Processing Activity | Categories of Data | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Website provision (log files) | IP address, browser type/version, operating system, referrer URL, date and time of the server request. | Technically error-free delivery of the website, ensuring IT system security, defence against cyber attacks. | Art. 6(1)(f) (Legitimate interest in the security and functionality of IT systems). |
| Contact and booking requests | First name, last name, email address, phone number (optional), content of the request. | Responding to user enquiries, carrying out pre-contractual measures, preparing game master bookings. | Art. 6(1)(b) (Performance of a contract or pre-contractual measures). |
| Contract processing and invoicing | Billing address, payment data, booked services, booking history. | Fulfilment of the concluded contract for game master services, accounting and tax documentation. | Art. 6(1)(b) (Performance of a contract) and Art. 6(1)(c) (Legal obligation). |
IP addresses collected as part of server-side log files are either deleted or anonymised after the end of the session or after a short technical security retention period, so that no personal reference can be established.
3. Protection of Minors and Sensitive Data
Our services are generally aimed at persons over the age of 16. It is not our intention to systematically process personal data of persons under 16 years of age unless express consent of the legal guardian has been obtained. If you are a legal guardian and discover that we have collected data from a minor without your consent, please contact us immediately. We will delete this data without delay upon positive verification.
We do not collect or process special categories of personal data (so-called sensitive data such as religious affiliation, health data or political opinions) within the meaning of Art. 9 GDPR.
4. Use of Cookies and Storage Technologies
Our platform uses cookies and comparable storage technologies on your device when you access the website. We strictly differentiate according to the degree of technical necessity:
Strictly necessary cookies (functional cookies): These cookies are essential for the basic function and security of the website (e.g. storing your privacy settings or session IDs). These cookies are set on the basis of § 165(3) TKG 2021, as these technologies are strictly necessary to provide the information society service you have expressly requested. No prior consent is required for this category of cookies.
Currently, no technically unnecessary cookies (such as for marketing or detailed tracking purposes) are used on this website.
5. Storage Duration, Data Deletion and Archiving Obligations
Your personal data is stored by us only for as long as is strictly necessary to achieve the respective processing purposes. Once the purpose ceases to apply, the data is deleted or anonymised, unless statutory retention obligations apply:
- General enquiries without a contract: Data related to general contact enquiries that do not result in a service agreement are deleted after the final resolution of the enquiry and the expiry of a reasonable follow-up period (no later than 6 months).
- Contract-related data (bookings): If a binding booking and thus a paid contractual relationship is established, we are subject to the statutory retention periods of the Republic of Austria. Pursuant to § 132 of the Federal Fiscal Code (BAO) and § 212 of the Austrian Commercial Code (UGB), we are legally required to retain accounting records, invoices and contract-related business correspondence for a period of 7 years. This period begins at the end of the calendar year in which the booking took place or the invoice was issued. After expiry of these periods, the data is destroyed.
6. Data Sharing with Third Parties and Use of Processors
We do not sell your data to third parties. Data is only shared within the limits defined below, where this is necessary for the fulfilment of our contractual obligations (Art. 6(1)(b) GDPR) or due to legal requirements (Art. 6(1)(c) GDPR).
Where we use external service providers for the operation of the platform (for example IT hosting providers or email service providers), these act as processors bound by our instructions pursuant to Art. 28 GDPR. Formal data processing agreements have been concluded with these providers, which legally ensure that your data is processed exclusively in accordance with our documented instructions and in compliance with an adequate level of data security.
7. No Automated Decision-Making or Profiling
We do not make decisions based solely on automated processing – including profiling – that produce legal effects concerning you or similarly significantly affect you (Art. 22 GDPR). The assignment of game masters, the handling of specific enquiries, and scheduling are always carried out with the involvement of human decision-makers.
8. Data Security and Technical Safeguards
We employ appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures, including encryption of data transmission (SSL/TLS), are continuously improved in line with technological developments.
9. Your Rights as a Data Subject
Under the applicable data protection provisions of the GDPR, you have extensive rights regarding your processed personal data:
- Right of access (Art. 15 GDPR): You may request confirmation as to whether we process personal data concerning you and request access to that data.
- Right to rectification (Art. 16 GDPR): You may request the immediate rectification of inaccurate data or the completion of incomplete data.
- Right to erasure (Art. 17 GDPR): You may request the erasure of your data under the conditions of Art. 17 GDPR, provided no statutory retention periods (e.g. under BAO/UGB) or legitimate interests on our part apply.
- Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your data.
- Right to data portability (Art. 20 GDPR): You have the right to receive the data you have provided in a structured, commonly used and machine-readable format, or to request its transfer to another controller.
- Right to withdraw consent (Art. 7(3) GDPR): You may withdraw any consent given for data processing at any time with effect for the future.
- Right to object (Art. 21 GDPR): Where we process your data on the basis of our legitimate interests, you may object to this processing at any time for reasons arising from your particular situation.
To exercise your rights, please contact us informally at the email address stated in Section 1. Additional identity verification (e.g. by requesting proof of identity) is only carried out if we have reasonable doubts about the identity of the requesting person (Art. 12(6) GDPR).
10. Right to Lodge a Complaint with the Supervisory Authority
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Austria, the responsible authority is:
Austrian Data Protection Authority (DSB)
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/