Let's connect

Privacy Policy

Last updated: February 2026

1. Data Controller

The responsible entity for the processing of personal data on this website is:

Gerd Bommer
Brückenkopfgasse 1, 6th Floor
8020 Graz, Austria
Email: hello@gerdbommer.com

2. General Information on Data Processing

The protection of your personal data is of particular importance to us. We process your data exclusively on the basis of applicable legal provisions (GDPR, Austrian Data Protection Act – DSG, and the Austrian Telecommunications Act 2021 – TKG 2021).

This Privacy Policy explains how we collect, process, store, and share personal data when you visit or interact with our website, use our services, subscribe to newsletters, or otherwise communicate with us.

We process personal data only to the extent necessary to provide a functional website and our content and services.

3. Collection and Storage of Personal Data When Visiting the Website

When you visit our website (https://gerdbommer.com), information is automatically collected by your browser and temporarily stored in server log files. The following information may be collected:

  • IP address of the requesting device
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • Browser used and operating system

Purposes:

  • Ensuring a smooth connection to the website
  • Ensuring convenient use of our website
  • Evaluation of system security and stability

Legal basis: Article 6(1)(f) GDPR (legitimate interest)

Retention period: Server logs are generally retained for 14 days and then automatically deleted.

4. Cookies and Consent Management

We use cookies and similar technologies to make our website function properly and to improve your user experience.

Cookie categories:

  • Necessary cookies: Required for basic website functions. These are set automatically and do not require consent.
  • Statistics cookies: Used for analytics and performance tracking (e.g., Google Analytics). Activated only after consent.
  • Marketing cookies / advertising pixels: Used for campaign measurement and advertising personalization. Activated only after consent.

You can consent to or withdraw consent for non-necessary cookies at any time via the cookie banner or browser settings. Withdrawing consent does not affect the legality of processing carried out before withdrawal.

5. Hosting

Our website is hosted by IONOS SE, Eigendorfer Straße 57, 56410 Montabaur, Germany. The hosting provider supplies the infrastructure and technical services necessary to operate our website.

We have concluded a Data Processing Agreement (Art. 28 GDPR) with the hosting provider.

Data transfers within the EU/EEA do not require additional safeguards.

6. Contacting Us

When you contact us via the contact form or by email, the data you provide (e.g., name, email address, message content) will be processed to handle your request and any follow-up questions.

Legal basis: Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures)

Retention period: Data is stored for as long as necessary to respond to your inquiry and for 6 months thereafter for quality and documentation purposes.

We do not share this data without your consent unless required by law.

7. Newsletter – ActiveCampaign

If you subscribe to our newsletter, we process your name and email address to send regular updates about services and offers.

We use ActiveCampaign, operated by ActiveCampaign LLC (USA), for email delivery.

Data transfers to the USA are based on an adequacy mechanism (EU–U.S. Data Privacy Framework) and/or Standard Contractual Clauses where applicable.

A Data Processing Agreement (Art. 28 GDPR) is in place.

You may unsubscribe at any time via the link provided in every email.

Retention period: Subscriber data is retained until you unsubscribe or until the data is deleted upon request.

8. Appointment Booking – Calendly / Meetergo

We use appointment scheduling tools for bookings.

Providers:

  • Calendly LLC (USA)
  • Meetergo GmbH (Germany)

When you schedule a meeting, personal data such as your name, email address, and phone number may be processed.

A Data Processing Agreement (Art. 28 GDPR) is in place.

Data transfers to the USA via Calendly are based on the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses as appropriate.

Retention period: Scheduling data is retained for the duration of the business relationship and for 12 months thereafter unless a legal obligation requires longer storage.

9. Analytics and Statistics

9.1 Google Analytics

This website uses Google Analytics, provided by Google Ireland Limited (Ireland), to analyze website usage. Google Analytics uses cookies to generate statistical reports.

IP anonymization is activated.

Legal basis: Article 6(1)(a) GDPR (consent via cookie banner)

You can withdraw consent via the cookie banner at any time.

Data transfers: Google may process data in the USA. Transfers are based on the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses.

More information: https://policies.google.com/privacy

9.2 Google Search Console

We use Google Search Console to monitor and improve technical performance. The tool provides aggregated performance data and is not used to identify individual visitors.

Legal basis: Article 6(1)(f) GDPR (legitimate interest)

10. Reviews – ProvenExpert

Our website may load content from ProvenExpert to display customer reviews. This may result in your IP address and browser data being transmitted to ProvenExpert’s servers.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in displaying reviews)

More information: https://www.provenexpert.com/en-gb/privacy-policy/

11. Payment Processing – WooCommerce / Stripe (Optional)

Our website may use WooCommerce and Stripe Payments Europe, Ltd. for order processing and payments. We have a Data Processing Agreement with Stripe.

Legal basis: Article 6(1)(b) GDPR (performance of a contract)

Data transfers to the USA are based on the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses.

12. Social Media and Advertising Pixels

We may use tracking pixels such as Meta Pixel, LinkedIn Insight Tag, and TikTok Pixel to measure advertising effectiveness.

These tools may process user data (e.g., visited pages, clicks) and associate it with user profiles on the respective platforms.

Legal basis: Article 6(1)(a) GDPR (consent via cookie banner)

You can withdraw consent at any time via the cookie banner.

13. Rights of Data Subjects

Under GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

You may exercise your rights at any time by contacting us at
hello@gerdbommer.com.

If you believe processing violates data protection law, you have the right to lodge a complaint with the Austrian Data Protection Authority:
https://www.dsb.gv.at

14. Data Security

We use appropriate technical and organisational measures to protect your data against manipulation, loss, destruction, or unauthorised access. Our security measures are continuously improved in line with technological developments.

15. Retention and Deletion

Unless otherwise specified in this policy or required by law:

  • Server logs: deleted after 14 days
  • Contact enquiries: retained for 6 months
  • Appointment data: retained for 12 months after service completion
  • Newsletter data: retained until unsubscribe or deletion request

Data is deleted when it is no longer necessary for the purpose it was collected.

16. Updates to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legal requirements or technology. The latest version is always available on our website.