Privacy Policy

Last updated: 1 January 2025 | Applies to: vignetteasf-pass.eu

1. Data Controller

ASF-Pass Vignette Guide, Favoritenstraße 44, 1040 Wien, Austria, email: [email protected] is the data controller for personal data processed through vignetteasf-pass.eu.

2. Data We Collect

We collect the following categories of personal data:

  • Contact form submissions: Name, email address, and message content when you use the contact form on /contacts.html.
  • Server logs: IP address, browser type, pages visited, and timestamps, automatically recorded by our web server for security and diagnostic purposes.
  • localStorage data: Cookie consent preference stored locally in your browser under the key cookieConsent_vignetteasf-pass.eu. This data never leaves your device.

We do not collect payment data, location data, or any special categories of personal data (sensitive data) as defined under GDPR Article 9.

3. Purpose and Legal Basis

  • Contact form data: Processed to respond to your enquiry. Legal basis: Article 6(1)(b) GDPR (performance of a contract / pre-contractual measures) and Article 6(1)(f) GDPR (legitimate interest in responding to enquiries).
  • Server logs: Processed for security monitoring and technical diagnostics. Legal basis: Article 6(1)(f) GDPR (legitimate interest).
  • localStorage: Stores your cookie consent choice. Legal basis: Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interest in respecting your preferences).

4. Cookies and localStorage

This website uses localStorage (not cookies) to store your cookie consent preference. The key used is cookieConsent_vignetteasf-pass.eu and the value is either "accepted" or "declined". This data is stored only in your browser and is never transmitted to our servers.

We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology.

The Bootstrap CSS and JavaScript framework is loaded from a CDN (cdn.jsdelivr.net). This CDN may log your IP address as part of its standard server logging. We have no control over this logging. Please refer to jsDelivr's privacy policy for details.

5. Contact Form Data

When you submit the contact form on /contacts.html, your name, email address, and message are compiled into an email and sent directly to [email protected] via your email client (mailto: protocol). We do not store your form data on our servers. The data is transmitted directly from your browser to your email client.

We retain email correspondence for up to 2 years for the purpose of responding to follow-up enquiries. After this period, correspondence is deleted.

6. Data Retention

  • Email correspondence: 2 years from last contact
  • Server logs: 90 days
  • localStorage data: Until you clear your browser data or withdraw consent

7. Third Parties

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data with:

  • Hosting provider: Our web hosting provider processes server logs. They act as a data processor under a data processing agreement.
  • Legal authorities: We may disclose data if required by law or court order.

We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of your personal data we hold.
  • Right to rectification (Article 16): Request correction of inaccurate data.
  • Right to erasure (Article 17): Request deletion of your data ("right to be forgotten").
  • Right to restriction (Article 18): Request restriction of processing in certain circumstances.
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interest.
  • Right to withdraw consent (Article 7(3)): Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Wien.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS. Server access is restricted to authorised personnel only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated "Last updated" date. Continued use of vignetteasf-pass.eu after changes constitutes acceptance of the updated policy. For significant changes, we will display a notice on the homepage.

For questions about this Privacy Policy, contact us at [email protected].