Privacy Policy
1. Controller
The controller responsible for processing personal data on this website is:
Open-Flute Consulting e.U.Wiener Straße 61 / RH1
3004 Riederberg
Austria
E-mail: kt@open-flute.com
Phone: +43 677 619 25 767
2. General notes
Personal data is processed only to the extent necessary for the secure and technically correct operation of the website, the handling of contact requests and the data-minimising evaluation of website use. Processing is carried out on the basis of the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and applicable telecommunications law.
3. Hosting, DNS and server log files
This website is provided through Netlify. The DNS zone of the main domain open-flute.com is also managed through Netlify. The provider is Netlify, Inc., 101 2nd Street, San Francisco, CA 94105, USA. When the website is accessed, the technical infrastructure may process technically required data, including IP address, date and time of access, requested page or file, data volume transferred, HTTP status code, referrer URL, browser type, operating system and host name of the accessing device.
The processing serves to provide the website, ensure stability and security and detect or prevent technical attacks. The legal basis is Art. 6(1)(f) GDPR. The legitimate interest lies in the secure and reliable operation of the website.
Where Netlify processes personal data on our behalf, the applicable data processing agreement and relevant safeguards for international transfers must be observed. The specific retention period of server log files must be checked against the final Netlify account settings.
4. Domain registration and e-mail services
Domain registration and business e-mail infrastructure are handled through GoDaddy and its technical service infrastructure. For receiving and sending e-mails, the e-mail provider may process sender and recipient addresses, subject, message content, communication times and technical transmission data.
The legal basis depends on the content of the communication and is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR. The legitimate interest lies in efficient and traceable handling of business communication.
5. Contact by e-mail and phone
If you contact us by e-mail or phone, the data you provide is processed to handle your request and possible follow-up questions. Depending on the content of the request, processing is based on Art. 6(1)(b) GDPR for pre-contractual measures or contract performance, or on Art. 6(1)(f) GDPR for efficient handling of other business enquiries.
The data is stored only as long as necessary for handling the enquiry and complying with legal retention obligations.
6. Contact via WhatsApp
The website contains a link for contact via WhatsApp. A connection to WhatsApp is established only when you click this link. Technical data may then be transmitted to WhatsApp. Further communication via WhatsApp is also subject to the privacy terms of the relevant WhatsApp provider.
Using WhatsApp is voluntary. You may contact us by e-mail or phone instead. Data transmitted through WhatsApp is processed to handle your request. Depending on the content of the request, the legal basis is Art. 6(1)(b) or Art. 6(1)(f) GDPR.
7. Web analytics and technical metrics
If activated on this website, Plausible Analytics is used for statistical analysis of website use. Plausible Analytics is intended to be used without cookies, without Local Storage and without persistent personal identifiers. The evaluation may include aggregated metrics such as page views, daily visitors, countries, referrers, page language, average time on page, scroll depth and clicks on e-mail, phone and WhatsApp links.
If Core Web Vitals measurement is activated, LCP, INP and CLS may be measured in the browser and transmitted as technical events for aggregated evaluation. No additional cookies or persistent identifiers are intended for this measurement.
8. External links
The website may contain links to external websites and services. Merely opening this website normally does not transmit data to those external providers. After clicking an external link, you leave this website. From that point, the respective external provider is responsible for further data processing.
9. Cookies and similar technologies
According to the intended technical configuration, this website does not use non-essential cookies, Local Storage entries or comparable persistent tracking technologies. Therefore, no consent banner is currently planned. If the technical configuration changes or a service requiring consent is added later, this Privacy Policy will be updated and consent will be obtained where required.
10. Recipients and processors
Personal data is transferred to service providers only to the extent necessary for website operation, communication or analytics. This may in particular include Netlify for website hosting and DNS, GoDaddy for domain registration and business e-mail infrastructure, and Plausible Analytics if web analytics is activated. Where providers process personal data on our behalf, the required data processing agreements are concluded or the applicable DPA basis is documented.
11. Storage period
Personal data is stored only as long as necessary for the relevant purpose or as required by statutory retention obligations. For server log files, the retention period depends on the hosting provider and the selected configuration. Communication data is deleted after the enquiry is completed unless contractual or legal reasons require longer storage. Aggregated analytics data, if activated, is stored according to the retention settings selected in the analytics account.
12. Your rights
Subject to the legal requirements, you have the right of access, rectification, erasure, restriction of processing, data portability and objection. Where processing is based on consent, you may withdraw that consent at any time with effect for the future.
To exercise your rights, contact kt@open-flute.com. You also have the right to lodge a complaint with the Austrian Data Protection Authority.
13. Data security
Appropriate technical and organisational measures are used to protect personal data against loss, misuse and unauthorised access. The website is provided via an encrypted HTTPS connection.
14. Changes to this Privacy Policy
This Privacy Policy will be updated if the technical implementation of the website, the service providers used or legal requirements change.
Status: 08.07.2026
Controlling version: This English version is the main version of this Privacy Policy.