DE EN

Privacy Policy

I develop and run this website myself. I deliberately make sure that as little data as possible is processed. That means: no external analytics tools, no tracking cookies, and no advertising tracking. On this page, I explain what happens in the background when you use my website or the client area.

Controller

Georg Andreas Kropik, Ferdinandstrasse 28/19, 1020 Vienna, Austria
Privacy contact: datenschutz@georgkropik.at

Hosting & technical setup

This website runs on my own server in Austria. When you simply visit the website, no data is transferred to external tracking or analytics services.

Website visits & security logs

To protect my client galleries and the login area against unauthorized access, suspicious requests may be logged and IP addresses may be temporarily blocked. This applies, for example, to repeated invalid page requests with 404 errors or failed login attempts. In that context, the following technical data may be stored: IP address, date and time, requested URL, browser type, and operating system.

This processing is based on my legitimate interest in keeping the website and client area secure. Such data is stored only as long as necessary for security purposes. Entries older than 30 days are automatically removed.

Contact requests

If you contact me via the form or by email, I process the details you provide, for example your name, email address, phone number, and message, in order to answer your request and handle follow-up questions. The legal basis is pre-contractual or contractual communication.

I do not delete contact requests after a fixed automatic period. If no collaboration follows, I delete them on request. If we work together or if later assignment to a project is useful, they may become part of my project archive. Legal retention duties remain unaffected.

Client area & galleries

If you use the protected client area, technically necessary login and session data as well as the assignment of your access to your galleries are processed. This is needed so that only authorized people can access protected photos, videos, and downloads. The legal basis is our collaboration or my legitimate interest in access protection.

In client galleries, I also record a few server-side events: whether a gallery was opened and whether full-gallery or single-image downloads were successfully delivered. These events are assigned only to the respective gallery and are stored without IP addresses, names, or email addresses. They are used for reliable delivery, error analysis, download traceability, and support.

I do not use external analytics providers, tracking cookies, advertising tracking, or user profiles for this. The legal basis is contract performance and my legitimate interest in reliable gallery operation and support. These gallery events are automatically deleted or reset 90 days after the last activity in the respective gallery.

Spam protection with ALTCHA

To prevent automated spam, I use ALTCHA, a privacy-friendly proof-of-work system. A small challenge is solved directly in your browser. I host this system myself as well, so no personal data is transferred to third parties.

Cookies, local storage & no tracking cookies

I do not use tracking or analytics cookies. Only technically required cookies are used, for example for login sessions, form protection, or short notices in the client area. In addition, local settings such as language or gallery view may be stored in your browser.

Recipients & external links

I do not share personal data for advertising or tracking purposes. Data is only shared if it is technically or legally necessary, for example for email delivery, tax advice, invoicing, or authorities. External links, for example to Instagram or Google, only transfer data to those providers if you actively click them.

Business and retention duties

If we work together, I may process contact, project, offer, invoice, payment, and gallery data to handle our collaboration. The legal basis is contract performance and, where applicable, legal duties such as tax retention obligations.

I generally keep project, invoice, payment, and gallery data long-term as a client and project archive. This helps me document our collaboration, fulfil legal duties, make galleries available again, and review legitimate claims. If you want me to delete specific data or galleries, please contact me. I delete or anonymize them where no legal retention duties, contractual reasons, or legitimate interests prevent this.

Your rights

You have the right to request information about your stored data, have it corrected or deleted, request restricted processing, object to processing, or receive your data in a common format. If processing is based on consent, you can withdraw that consent at any time with effect for the future.

If you believe your data is not handled carefully enough, you can file a complaint with the Austrian Data Protection Authority: Barichgasse 40-42, 1030 Vienna, Austria, dsb@dsb.gv.at. Ideally, we solve it directly first.