Privacy Policy

This Privacy Policy explains what types of personal data are collected, how they are used, and to what extent they are processed. The policy applies to all data processing activities related to this website and associated online presence, such as social media profiles.

1. Data Protection Measures

A risk-centric strategy is employed to ensure the confidentiality, integrity, and availability of your Personal Data. Both organizational and technical security measures are in place, detailed on the Technical and organisational measures for data security and data protection page which can be found under https://niftynomads.club/legal/technical-organisational-measures.

2. Data Collection, Processing, and Usage

2.1 Website Visitors

This website is accessible to all internet users, and when you visit this website (https://niftynomads.club/), specific data is collected. Additionally, data that you, as a visitor, provide during your interactions with this website is processed.

2.1.1 Automatically Collected Website Data

Log Files and Usage Information

Processed Data: When you visit this website, data related to your access of the servers hosting the website on the Internet (referred to as server log files) is gathered. This access data includes:

  • Amount of data transmitted
  • Confirmation message for successful retrieval
  • Browser type, version, and language version
  • Operating system
  • Referrer URL (the page you visited before)
  • The content you requested, including the website's name
  • File details, date, and time of access or request
  • GMT time zone differential
  • Access status/HTTP status code
  • IP address (in abbreviated form, so that no clear assignment is possible.)
  • The requesting service provider
  • Access status/HTTP status code
  • Performance metrics like latencies and caching

Purpose: These log files are collected and processed to ensure the functionality, stability, and security of the website. This data is vital for troubleshooting and tailoring the website's content and information accordingly. The data may also be used to create aggregated user statistics.

Legal Basis: The legitimate interest in monitoring and enhancing the website and services serves as the legal basis for processing this data.

Third-Party Service Providers: Cloudflare and Digital Ocean (see section 4.1) are used for hosting this website.

2.1.2 Data Shared Directly by Website Visitors

Contact Form

Processed Data: When you reach out through the contact form, the following data is collected: name, email address, and the content of your message. This information and any subsequent communication are stored to properly address your inquiry.

Purpose: The collected information is used solely to respond to your inquiry and maintain a record of our communication.

Legal Basis: The processing of your data is based on legitimate interests (Art. 6(1)(f) GDPR) to respond to your inquiry and maintain necessary communication.

Third Party Service Providers: For handling contact form submissions this website uses Digital Ocean and Protonmail as an email service provider for email communication (see section 4.1).

3. Data Retention Periods

3.1 Automatically Collected Data

Log Files and Usage Information are retained for up to 30 days.

3.2 Communication Data

Communication data is stored until the relevant inquiry is addressed.

3.3 Contact Form

Data submitted through the contact form is stored until the inquiry has been addressed.

3.4 Legal Claims

Data required for legal purposes, including defense against potential claims or pursuit of claims, will be stored as long as legally necessary.

4. Data Sharing Practices

Personal data is never sold, leased, or traded for monetary gains.

This website uses certain service providers to maintain its operations. These providers assist with website hosting, email services, and technical maintenance. All service providers are carefully selected and bound by data protection agreements.

4.1 Service Providers and Data Processing

Personal data may be shared with service providers who assist in website operations, technical maintenance, and communication functions.

Each service provider undergoes thorough vetting to ensure responsible data handling. This includes assessment of data sharing scope, security practices, external certifications, and privacy compliance.

Some service providers operate outside the European Economic Area (EEA). Data transfers outside the EEA follow appropriate legal safeguards. All service providers, regardless of location, must maintain strict data security standards in compliance with applicable regulations.

Digital Ocean

Address: DigitalOcean, LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, United States

Activity: Cloud Infrastructure

Website: https://www.digitalocean.com/

Privacy: https://www.digitalocean.com/legal/privacy-policy

DPA: https://www.digitalocean.com/legal/data-processing-agreement

Cloudflare

Address: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107 USA

Activity: Cloud Infrastructure

Website: https://www.cloudflare.com/

Privacy: https://www.cloudflare.com/en-gb/privacypolicy/

DPA: https://www.cloudflare.com/en-gb/cloudflare-customer-dpa/

Protonmail

Address: Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland

Activity: Management of email addresses and email communication

Website: https://proton.me/

Privacy: https://proton.me/legal/privacy

DPA: https://proton.me/legal/dpa

4.2 Data Sharing with Third Parties

Personal data may be shared with the following categories of third parties:

4.2.1 Disclosures with Your Permission

Your personal information may be shared with unaffiliated third parties not otherwise described in this Privacy Policy only with your explicit consent.

4.2.2 Legal Obligations and Rights

Personal data may be disclosed to comply with legal obligations, including sharing with attorneys, anti-money laundering bodies, tax consultants, auditors, banks, insurers, courts, and other parties involved in legal proceedings. Data may also be disclosed to protect legal rights, counter claims, or investigate potential illegal activities, suspected fraud, threats to individuals or property, or contract violations.

5. What are your data protection rights?

Under the provisions of the GDPR, you, as a data subject, have the following data protection rights:

  1. Right to be Informed: Data subjects have the right to know how their data will be used. This privacy policy provides clear and transparent information about data processing activities.
  1. Right of Access: Data subjects can ask data controllers to provide a copy of the personal data they hold about them. This is often referred to as a Subject Access Request (SAR).
  1. Right to Rectification: If personal data is inaccurate or incomplete, data subjects can ask for it to be corrected or completed.
  1. Right to Erasure (or 'Right to be Forgotten'): In certain circumstances, data subjects can ask for their personal data to be deleted. For instance, if the data is no longer necessary for the purpose it was collected or if the data subject withdraws their consent (provided there's no other legitimate reason to keep it).
  1. Right to Restrict Processing: Data subjects can request that processing of their personal data be restricted, which means the data can still be held but not used.
  1. Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly-used and machine-readable format, and to transmit this data to another data controller without hindrance.
  1. Right to Object: Data subjects can object to their personal data being processed for direct marketing purposes, including profiling. They can also object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, and for research or statistical purposes.
  1. Right to Withdraw Consent: If processing is based on consent, data subjects can withdraw this consent at any time.
  1. Right to Lodge a Complaint: Data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or place of the alleged infringement, if they believe that processing of their personal data infringes the GDPR.

6. Changes to Privacy Policy

This privacy policy may be updated periodically. Changes will be posted on this page, and significant changes will be announced with a prominent notice. Previous versions of this Privacy Policy will be archived for reference. Your consent will be requested for any changes that require it under data protection laws.

7. Privacy Policies of Other Websites

This website contains links to other websites. This privacy policy applies only to this website. When following links to other websites, please refer to their respective privacy policies.

8. Contact Information

For questions about this privacy policy, stored personal data, or to exercise data protection rights, please contact (per email or in writing):

Gregor Redinger

Leoprechting 11

4775 Taufkirchen an der Pram, Austria

E-Mail: [email protected]

9. Contacting the Appropriate Authorities

If you feel your concern has not been adequately addressed, you may contact the appropriate data protection authority:

Austrian Data Protection Authority

Barichgasse 40-42

1030 Vienna, Austria

Email: [email protected]