ANDfutureproof Webpage

Privacy Policy

Responsible Entity

ANDfutureproof

Alex Pesjak

Stanz 177

A-6500 Stanz bei Landeck, Austria

Phone: +43 676 3241223

Email: alex.pesjak@andfutureproof.com

Website: www.andfutureproof.com

General Information on the Processing of Personal Data

ANDfutureproof collects, uses, and shares your personal data only when legally permitted or with your explicit consent. Personal data refers to any information that identifies you or can be traced back to you—such as your name, email address, or phone number.

If you contact me (via phone, email, social media, or this website), your data will be stored for up to 12 months to process your inquiry and for potential follow-ups. Your data will not be shared without your explicit permission.

This Privacy Policy does not apply to external websites linked from www.andfutureproof.com. Responsibility for external content lies solely with the respective operators.

Please note: internet data transmissions can have security gaps. Absolute protection from third-party access is not guaranteed.

Types of Data Processed

Identity data (e.g., name, company name, address)
Contact data (e.g., email, phone number)
Content data (e.g., messages, documents, images, recordings)
Usage data (e.g., website activity, interest in content, access times)
Meta/communication data (e.g., device info, browser type, IP addresses)

Categories of Data Subjects

Visitors and users of this website and online services (collectively referred to as “users”).

Purpose of Data Processing

Providing this website and its features
Responding to contact requests and communicating with users
Ensuring data security and technical infrastructure
Website analytics and marketing

Definitions (per GDPR)

Personal Data: Any information relating to an identifiable person
Processing: Any operation involving personal data (automated or manual)
Pseudonymization: Processing data so it can’t be attributed to a person without additional information
Profiling: Automated analysis of personal data to assess aspects like behavior or preferences
Controller: The person who decides why and how data is processed (that’s me, Alex Pesjak)
Processor: A third party that processes data on behalf of the controller

Legal Basis for Processing

In accordance with Article 13 of the GDPR:

Consent: Art. 6(1)(a) and Art. 7 GDPR
Contract performance/pre-contractual measures: Art. 6(1)(b) GDPR
Legal obligation: Art. 6(1)(c) GDPR
Legitimate interests: Art. 6(1)(f) GDPR
Vital interest (rare cases): Art. 6(1)(d) GDPR

Data Security Measures

Following Article 32 GDPR, I implement appropriate technical and organizational measures based on the latest technology and the nature and scope of processing. These include access controls, encryption, backup systems, and privacy-by-design (Art. 25 GDPR). Your data is treated with the utmost confidentiality.

Sharing Data with Third Parties

Data may be shared with third-party service providers (e.g., hosting services, email tools, CRM systems) only under the following conditions:

Your consent has been given
It’s legally required
It’s necessary for contract fulfillment
It serves legitimate business interests (e.g., running and improving my services)

Any processors I work with are contractually bound under Art. 28 GDPR.

Transfers to Non-EU Countries

If data is transferred outside the EU/EEA, it is only done where adequate safeguards (e.g., standard contractual clauses, adequacy decisions) exist as per Art. 44 ff. GDPR. These safeguards ensure your data is protected to EU standards.

Your Rights

You have the following rights under GDPR:

Withdraw consent at any time
Object to processing based on legitimate interests or direct marketing
Access your personal data
Correct or delete your data
Restrict processing
Data portability, if applicable
File a complaint with a data protection authority in the EU

Overview of EU supervisory authorities: https://edpb.europa.eu/about-edpb/board/members_en

COOKIES & RIGHT TO OBJECT TO DIRECT MARKETING

Cookies are small files stored on users’ devices. They serve various purposes—primarily to retain information about a user or their device during or after their visit to this online offering.

Session cookies (temporary): deleted when the browser is closed (e.g., shopping cart, login state).
Persistent cookies: remain stored beyond the session for convenience (e.g., saved login status, user preferences).
Third-party cookies: set by providers other than ANDfutureproof. First-party cookies are those set by us directly.

We use both session and persistent cookies and inform you about them as part of this privacy policy.

If you do not wish to store cookies, you can disable them in your browser settings. Please note: this may impact certain website features.

You may opt out of online marketing cookies at:

You can adjust your cookie preferences anytime here:

[Open Cookie Settings Box]

HOSTING & EMAIL

Our website is hosted IHC Karlheinz Eckhart e.U.

Adresse: Bruggfeldstraße 5, 6500 Landeck, Austria

We use their services for:

Infrastructure and platform management
Server and database operations
Email delivery
Security and maintenance services

We (and our hosting provider) process personal data such as IP addresses, usage data, and communication metadata based on our legitimate interest in providing a secure and efficient web service (Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR – Data Processing Agreement).

Email: info@ihc.at

SERVER LOG FILES & ACCESS DATA

In accordance with Art. 6(1)(f) GDPR, we (or our host) collect the following data for technical and security purposes:

Accessed URLs & files
Date and time
Data volume transferred
Browser and OS details
Referrer URL
IP address and provider

These logs are stored for up to 7 days, unless needed for resolving abuse or fraud.

IHC may also anonymize this data for statistical analysis to support continued improvement of the service.

DATA STORAGE DURATION

Unless specified otherwise, all personal data is deleted within 24 months.

Legal basis for this processing:

Contract fulfillment and error resolution under Art. 6(1)(b) GDPR

Our Data Processing Agreement with IHC was signed on 07.08.2025, and since 07.08.2025 has been a standard part of IHC terms.

SOCIAL MEDIA PRESENCES

We maintain accounts on platforms like LinkedIn, YouTube, Substack, Instagram to connect and share with our community. Note that:

Data may be processed outside the EU.
U.S.-based platforms certified under the EU-U.S. Privacy Shield commit to EU data standards.
User profiles may be created for advertising and analytics based on your behavior.
If you’re logged into these platforms, your interactions may be linked to your profile.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in communication).

If explicit consent is obtained, then: Art. 6(1)(a) GDPR & Art. 7 GDPR.

We recommend addressing all data rights requests directly to the platforms:

Online Presences on Social Media Platforms

I maintain online presences on various social networks and platforms to communicate with customers, prospects, and users active there, and to inform them about my services.

Please note that user data may be processed outside the European Union. This could pose risks to users, such as making it more difficult to enforce user rights. Regarding U.S. providers certified under the Privacy Shield (where still applicable), these providers commit to complying with EU data protection standards.

User data is typically processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and inferred interests. These profiles may be used to display ads—both on and off the platforms—that are presumed to match users’ interests. For these purposes, cookies are usually stored on users’ devices, capturing their usage patterns and preferences. Furthermore, such usage profiles may include data across different devices, especially when users are logged in as members of those platforms.

The processing of personal data is based on my legitimate interest in effective communication and information delivery in accordance with Art. 6(1)(f) GDPR. If users are asked by the platform providers for consent to data processing (e.g., via checkboxes or confirmation buttons), the legal basis is Art. 6(1)(a) and Art. 7 GDPR.

For detailed information on the specific processing activities and opt-out options, please refer to the privacy policies of the respective providers listed below.

If you wish to make data access or user rights requests, please contact the platform providers directly. They have direct access to the relevant data and can take appropriate action. Should you require assistance, feel free to contact me.

Platform Providers and Policies

Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Opt-Out: facebook.com/settings?tab=ads

Additional: youronlinechoices.com

Privacy Shield: Link

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA)

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Opt-Out: linkedin.com/psettings/guest-controls/retargeting-opt-out

Privacy Shield: Link

YouTube / Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Opt-Out: adssettings.google.com

Privacy Shield: Link

X (formerly Twitter) (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Opt-Out: twitter.com/personalization

Privacy Shield: Link

Substack (Substack Inc., 548 Market St, PMB 35410, San Francisco, CA 94104-5401, USA)

Integration of Third-Party Services and Content

As part of this online offering, I integrate content or service offerings from third-party providers (referred to collectively as “content”), based on my legitimate interests (i.e., interest in the analysis, optimization, and economic operation of this website as defined in Art. 6(1)(f) GDPR).

This includes the embedding of elements such as videos, fonts, or external tools. To display this content, the IP address of the user must be processed, as it is technically required for transmission to the user’s browser. I strive to only use content from providers who use the IP address solely for delivering the content.

Third-party providers may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags allow them to evaluate visitor traffic on my website. Pseudonymized data may also be stored in cookies on the user’s device, which may include browser and OS details, referrer websites, timestamps, usage behavior, and may be linked to data from other sources.

Newsletter via ActiveCampaign

For sending newsletters, I use ActiveCampaign, a service provided by ActiveCampaign, LLC.

You can subscribe to my newsletter directly on this website. To do so, I require your email address and your explicit consent, confirming that you have read and understood this privacy policy.

After subscribing, you will receive a confirmation email (double opt-in). Your email address will be used exclusively to send the newsletter and stored until you unsubscribe or withdraw your consent. You can unsubscribe at any time by clicking the “unsubscribe” link in the email or by sending me a request via email. Once unsubscribed, your email address will be deleted, and no further newsletters will be sent.

Embedded Services and Tools

YouTube

Videos from YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) may be embedded on the site.

Opt-Out: https://adssettings.google.com/authenticated

Google Fonts

I use locally hosted fonts provided by Google to enhance visual presentation.

Cloudflare

Service provider: Cloudflare Inc.

Purpose: Cloudflare’s bot management tools help protect this site from malicious automated traffic. The __cf_bm cookie is used to identify bots and ensure performance and security.

Collected Data Includes:

IP address
Device operating system
Referrer URL
Name of accessed website
Device type
Date and time of request
Requesting provider
System configuration details
File names and URLs accessed
Transferred data volume
Status codes
Server request timestamps

Purpose of Data Processing:

Security, bandwidth optimization, cloud infrastructure, advertising display, downloads, user query response, push notifications, license compliance, product search, call tracking, and remarketing.

Cookie Consent Manager (CCM19)

Service provider: Papoo Software & Media GmbH

Function: Stores user consent preferences for cookie usage.

Meta & Instagram Embeds

Functions and content from Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) may be embedded. This can include images, videos, and buttons that allow users to share content within Instagram.

If users are logged into Instagram, Instagram may associate page views with the user’s profile.

HOSTING VIA FRAMER

This website is hosted using Framer, a service provided by

Company Name: Framer B.V.

Company Address: Rozengracht 207B, 1016 LZ, Amsterdam

When you access the site, Framer processes technical data such as your IP address, browser type, device details, and usage logs to ensure secure and reliable website delivery.

Framer uses cookies and other recognition technologies that are strictly necessary for displaying the website, enabling core functionality, and securing access.

The legal basis for using Framer is Art. 6(1)(f) GDPR—our legitimate interest in offering a professional and reliable web experience. If additional tracking or marketing cookies are used, this only occurs based on your explicit consent under Art. 6(1)(a) GDPR and §25(1) TTDSG, which you can revoke at any time.

For more information, visit Framer’s privacy policy: https://www.framer.com/legal

In relation to all of these rights or if you have any questions about this Privacy Statement, please send an email to compliance@framer.com.

If you would like to disclose a security vulnerability, you can send your report to vulnerability-disclosure@framer.com. Please include a description of the security vulnerability, steps to reproduce, and the impact the vulnerability may have.

We have a Data Processing Agreement (DPA) in place with Framer to ensure that any personal data collected is handled exclusively in accordance with our instructions and the provisions of the GDPR.