Privacy Policy

Indigo Bits e.U.(“we”, “us”) is the controller within the meaning of the General Data Protection Regulation (GDPR) for personal data processed via this website (indigobits.com). This Privacy Policy explains what personal data we process when you visit our website, how we process it, with whom we share it, and what rights you have under Regulation (EU) 2016/679 (GDPR) and applicable Austrian data protection law. This is an informational company website; it does not offer user accounts.

Contact form. Our contact form opens your own email application with the name, email address, and message you enter, pre-addressed to support@indigobits.com. The data is transmitted through your own email provider; the website itself does not store it on our servers. Once we receive your message, we process this data solely to handle and respond to your enquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

Server log data. When you access the website, our hosting provider automatically processes technical data (in particular your IP address, the date and time of the request, and request metadata) on a transient basis in order to deliver the site and ensure its security and stability. Legal basis: Art. 6(1)(f) GDPR.

Usage analytics. We use Vercel Analytics, a privacy-friendly, aggregated analytics service that does not use tracking cookies and does not create cross-site profiles or persistent visitor identifiers. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding aggregate website usage).

We do not use tracking or advertising cookies. We set a single functional cookie (“NEXT_LOCALE”) to remember the language you selected; it contains no personal data and is strictly necessary to deliver the website in your chosen language.

We share data with the following processor, with whom a data processing agreement pursuant to Art. 28 GDPR is in place:

• Vercel Inc.(USA, Standard Contractual Clauses) — website hosting, edge network, and aggregated usage analytics — transient IP addresses and request metadata.

Data transfers to processors in the USA take place on the basis of the European Commission's Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

We retain enquiry data for as long as necessary to handle your request and thereafter in accordance with any applicable statutory retention obligations (e.g. accounting records: 7 years). Server log data is processed only transiently, and aggregated analytics data contains no personal identifiers.

Under applicable law you are entitled, among other things, to:

• verify whether and which personal data we process about you and obtain copies thereof;
• request the rectification or completion of your personal data;
• request the erasure of your data;
• request that we restrict the processing of your personal data;
• object to the processing of your personal data;
• request data portability; and
• know the identity of third parties to whom your personal data is transferred.

Where we process your data on the basis of your consent, you have the right to withdraw that consent at any time by email or post. This does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal. You also have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or work.

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42, 1030 Vienna
dsb.gv.at

We implement appropriate technical and organisational measures to protect your personal data, including enforced HTTPS / TLS 1.2+ for all connections, access restricted to the application layer, and the principle of least privilege for internal service accounts. No transmission over the internet is entirely secure; we cannot guarantee absolute security, but we take our obligations under Art. 32 GDPR seriously and will notify you and the competent supervisory authority of any personal data breach in accordance with Art. 33–34 GDPR.

We may update this Privacy Policy from time to time. In the event of material changes we will adjust the “Last updated” date above. Continued use of the website after changes take effect is deemed acceptance of the updated policy.

For data protection enquiries or to exercise your rights:
Indigo Bits e.U.
Villefortgasse 11, 8010 Graz, Austria
Email: support@indigobits.com