← Back to HORA

Privacy Policy

Last updated June 2026

The protection of your personal data is important to us. We process personal data only in accordance with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG 2021). This policy explains what data we process when you visit this website or contact us, on what legal basis, and what rights you have.

Controller (Verantwortlicher)

The controller responsible for processing your personal data is:

HORA e.V.
Stafflerstraße 19, 6020 Innsbruck, Austria
ZVR 1335812639
dpo@hora-ev.eu

Server log files

When you access this website, our hosting provider automatically collects and stores technical information that your browser transmits — in particular the browser type and version, the operating system, the referrer URL, the requested page, the date and time of the request, and the IP address — in server log files. This data is necessary to deliver the website and to ensure its security and stability. It is not combined with other data, and we draw no conclusions about your identity from it.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in the secure, stable and reliable operation of the website.

Cookies & third-party services

This website does not set non-essential cookies and does not use tracking, analytics or advertising that profile you. Only technically necessary cookies, if any, are used to deliver the site.

[If analytics, embedded media (e.g. YouTube, Google Maps) or other non-essential cookies are added later, this section must be updated and a prior-consent cookie banner is required under §165 TKG 2021 and Art. 6(1)(a) GDPR.]

Contact (email & contact form)

If you contact us through the contact form or by email, we process the data you provide — your name, email address and the content of your message — solely to handle your enquiry and any resulting correspondence.

Legal basis: Art. 6(1)(b) GDPR where your enquiry concerns working with us or entering into an arrangement, otherwise Art. 6(1)(f) GDPR — our legitimate interest in responding to enquiries.

Messages sent through the contact form are transmitted to us by email through our Microsoft Azure infrastructure (see “Hosting & processors” below) and are not stored in a database.

To protect the form against automated abuse, we use Cloudflare Turnstile, a spam-protection service provided by Cloudflare, Inc. When you submit the form, Turnstile processes technical data — including your IP address and browser signals — to distinguish human visitors from bots. Turnstile does not set advertising cookies and does not use your data to profile or track you across websites.

Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in preventing spam and securing the contact form.

Hosting & processors

This website is hosted on Microsoft Azure in the West Europe region, which is located within the EU/EEA. Microsoft acts as a processor on our behalf under a data processing agreement pursuant to Art. 28 GDPR, and the scope of processing is contractually limited to what is technically necessary. Hosting data is stored and processed within the EU/EEA; should Microsoft, as a US-based company, access data from a third country, such transfers are safeguarded by the EU Standard Contractual Clauses together with Microsoft's EU Data Boundary commitments.

Retention

We store personal data only for as long as is necessary for the purpose for which it was collected, and delete it thereafter — unless statutory retention obligations require us to keep it longer. Enquiries and related correspondence are deleted once they have been dealt with and no retention obligation applies.

Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectification of inaccurate data (Art. 16);
  • erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21).

To exercise any of these rights, contact our data-protection contact at dpo@hora-ev.eu. We may need to verify your identity depending on the nature and scope of your request.

Right to lodge a complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority. In Austria this is the Data Protection Authority (Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, dsb.gv.at.

Automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

Changes to this policy

We may update this privacy policy to reflect changes in our processing or in the legal framework. The version published on this website at the time of your visit applies.