Privacy Policy

Protecting your personal data is important to us. This privacy policy explains what data we collect when you use our website and contact form, how we process it, and what rights you have under the General Data Protection Regulation (GDPR).

Data Controller

NodeZero GmbH Alte Dorfstraße 129a 8141 Premstätten Austria Managing Director: Marcel Schnideritsch Register Court: Landesgericht für ZRS Graz Register Number: FN 674567 k Email: we@nodezero.at

Data We Collect

Contact Form

When you submit our contact form, we collect the following personal data: your name, email address, company name (optional), service interest, and your message.

Purpose of Processing

We process your personal data to respond to your inquiry and provide information about our cybersecurity training services. We do not use your data for any other purpose.

Legal Basis

The legal basis for processing your contact form data is Art. 6(1)(b) GDPR — processing is necessary for the performance of pre-contractual measures taken at your request.

Data Retention

We retain contact form submissions for 12 months after last contact, unless a longer retention period is required by applicable law (e.g. tax or commercial law obligations).

Data Processors

This website is hosted on Cloudflare Pages (Cloudflare Inc., USA). Cloudflare processes visitor IP addresses and connection metadata to deliver web pages via its global content delivery network. Data transfers to the USA are covered by EU Standard Contractual Clauses and Cloudflare's Data Processing Addendum. We also use Scaleway Transactional Email (Scaleway SAS, France, EU-based) to deliver contact form submissions via email. Scaleway processes your data exclusively within the European Union in accordance with a data processing agreement.

Your Rights

Under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at we@nodezero.at.

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent at any time (Art. 7(3) GDPR)

Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for Austria is:

Austrian Data Protection Authority (Oesterreichische Datenschutzbehoerde) Barichgasse 40-42 1030 Wien dsb@dsb.gv.at https://www.dsb.gv.at

Technical Measures

We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption for all data in transit, Content Security Policy headers, and server-side input validation.

Cookies & Local Storage

This website does not use tracking cookies. We use localStorage to remember your preferences (such as theme selection and notification settings), which is essential for site functionality and does not require consent under GDPR. Our web analytics solution does not use cookies (see the Web Analytics section below).

Web Analytics

We use Umami, a privacy-focused, open-source web analytics tool, to understand how visitors interact with our website. Umami is self-hosted on our own infrastructure (umami.node0.at) within the European Union. It does not use cookies, does not collect personally identifiable information, and respects your browser's Do Not Track signal. Analytics data is only collected on our production domain (nodezero.at). The legal basis for this processing is our legitimate interest in improving our website (Art. 6(1)(f) GDPR).

Spam Protection (Cloudflare Turnstile)

Our contact form uses Cloudflare Turnstile, a privacy-friendly spam protection service provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). Turnstile analyzes your browser behavior to verify that you are human, without using traditional CAPTCHAs or tracking cookies. Technical data such as IP address, browser type, and interaction data may be transmitted to Cloudflare. Processing is based on our legitimate interest in protecting against spam and abuse (Art. 6(1)(f) GDPR). For more information, see Cloudflare's Privacy Policy (https://www.cloudflare.com/privacypolicy/) and the supplemental terms for Turnstile (https://www.cloudflare.com/supplemental-terms/#702702turnstile).

Fonts

This website uses self-hosted fonts (Orbitron, Roboto, JetBrains Mono). No data is transmitted to third-party servers when loading fonts.