Privacy Policy

We have prepared this Privacy Policy (version 15.05.2025) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data we process, how we process it, and what rights you have. All terms used are gender-neutral.

Scope

This Privacy Policy applies to all personal data processed by us and by any processors acting on our behalf. It covers:

  • All online presences (websites) we operate
  • Social media presences and email communication

Legal Bases

We process your data only if at least one of the following conditions applies:

  • Consent (Art. 6(1)(a) GDPR): You have given us your consent for a specific purpose.
  • Contract (Art. 6(1)(b) GDPR): Processing is necessary to fulfil a contract with you.
  • Legal obligation (Art. 6(1)(c) GDPR): We are subject to a legal obligation.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for our legitimate interests (e.g., operating the website securely and efficiently).

In addition to the EU regulation, applicable national law includes the Austrian Data Protection Act (DSG).

Controller

Ralph Scherzer
ralph@brandandstory.at

Retention Period

We only store personal data for as long as necessary to provide our services. Data is deleted as soon as the purpose for processing no longer exists, unless we are legally required to retain it longer (e.g., for accounting purposes).

Your Rights under GDPR

You have the following rights:

  • Art. 15 GDPR: Right of access — you may request information about whether and how we process your data.
  • Art. 16 GDPR: Right to rectification — you may request correction of inaccurate data.
  • Art. 17 GDPR: Right to erasure (“right to be forgotten”).
  • Art. 18 GDPR: Right to restriction of processing.
  • Art. 20 GDPR: Right to data portability.
  • Art. 21 GDPR: Right to object to processing.
  • Art. 77 GDPR: Right to lodge a complaint with a supervisory authority.

The competent supervisory authority for Austria is the Austrian Data Protection Authority (DSB).

Web Hosting

Summary

  • Affected parties: Website visitors
  • Purpose: Professional hosting and secure operation of the website
  • Data processed: IP address, time of visit, browser used, and other technical data
  • Retention: Approx. 2 weeks (depending on provider)
  • Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)

When you visit this website, our web server automatically stores technical data including the full URL of the page visited, browser and browser version, operating system, referrer URL, hostname and IP address of the accessing device, and the date and time of the visit. This data is stored in server log files and is typically deleted after 14 days. We do not share this data, except where required by law.

This website is hosted by World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria. World4You operates its own data centres in Austria. For more information, see World4You Privacy Policy.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interests).

Content Management System (WordPress)

This website uses WordPress, a content management system provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. WordPress may collect technical data (e.g., browser type, operating system, IP address) during your visit. Automattic is a participant in the EU-US Data Privacy Framework. Data transfers are further safeguarded by Standard Contractual Clauses (Art. 46(2) GDPR).

For more information, see Automattic’s Privacy Policy.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interests) and Art. 6(1)(a) GDPR (Consent) where applicable.

Glossary of Key Terms

Personal data (Art. 4(1) GDPR): Any information relating to an identified or identifiable natural person — e.g., name, email address, IP address, location data.

Processing (Art. 4(2) GDPR): Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Controller (Art. 4(7) GDPR): The natural or legal person who determines the purposes and means of processing personal data. In our case: Ralph Scherzer, Brand and Story.

Processor (Art. 4(8) GDPR): Any person or entity that processes personal data on behalf of the controller (e.g., hosting providers).

Consent (Art. 4(11) GDPR): Any freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

All texts are protected by copyright.

Contact:
Ralph Scherzer
Phone: +43 (0)650 7362378
Email: ralph@brandandstory.at

Partners