Privacy Policy
This privacy policy explains which personal data we process on this website, for what purpose and on what legal basis. We process data in line with the General Data Protection Regulation (GDPR) and limit ourselves to what is necessary.
1. Controller
Florian Köllich, Bakk. techn.
KOELLICH. Software Development & Consulting
Fagslung 5
6071 Aldrans
Austria
Email: florian@koellich.com
Phone: +43 676 92 63 146
2. Which data we process, and why
Contact form
When you use our contact form, we process the data you provide (name, email address, subject and message) as well as your IP address in order to handle and answer your enquiry. The legal basis is your consent and the performance of pre-contractual measures (Art. 6(1)(a) and (b) GDPR). We keep this data for as long as it is needed to handle your enquiry and delete it afterwards, unless statutory retention obligations apply.
Spam protection (Cloudflare Turnstile)
To protect our contact form against abuse by automated programs we use, where enabled, the Turnstile service provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. Turnstile uses technical signals (including IP address, browser and device information, and interaction patterns) to determine whether input comes from a human. The following data is transferred to Cloudflare servers, including in the USA: your IP address, technical browser and device information (including user agent, browser properties, screen and language settings), interaction patterns within the Turnstile widget (such as mouse movements and timing), and the verification result in the form of a token. The contents of your form entries (name, e-mail address, message) are not transferred to Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework, and standard contractual clauses pursuant to Art. 46 GDPR are in place as an additional safeguard. In the standard configuration we use (without so-called pre-clearance), Turnstile does not set any cookies and does not build user profiles. The legal basis is our legitimate interest in protecting the website against abusive automated use (Art. 6(1)(f) GDPR). Cloudflare processes this data on our behalf under a data processing agreement pursuant to Art. 28 GDPR.
Server log data
When the website is accessed, technically necessary data (including IP address, date and time, the page requested and browser type) is processed in server logs in order to provide the website securely and reliably. The legal basis is our legitimate interest in secure operation (Art. 6(1)(f) GDPR).
Cookies and consent
By default this website sets only one technically necessary entry that stores your cookie choice. Analytics or marketing cookies are only set after your explicit consent. Details are in our Cookie Policy.
3. Recipients and processors
To provide the website and deliver contact enquiries, we use carefully selected service providers (hosting and email delivery). They process data only on our behalf and on the basis of data-processing agreements under Art. 28 GDPR. Any disclosure beyond this to third parties takes place only where we are legally required to do so.
4. Storage period
We store personal data only for as long as it is necessary for the purposes stated above or as required by statutory retention periods. After that, the data is deleted.
5. Security
We take appropriate technical and organisational measures to protect your data, including encrypted transmission (TLS/HTTPS).
6. External links
This privacy policy does not apply to third-party websites we link to. The respective providers are responsible for their content and data protection.
7. Your rights
Under the GDPR you have the following rights:
- access to the data processed about you (Art. 15 GDPR),
- rectification of inaccurate data (Art. 16 GDPR),
- erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR),
- data portability (Art. 20 GDPR),
- objection to processing (Art. 21 GDPR),
- withdrawal of a given consent with effect for the future (Art. 7(3) GDPR).
To exercise your rights, a message to florian@koellich.com is enough.
8. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde,dsb.gv.at).
9. Changes to this privacy policy
We update this privacy policy when our processing or the legal situation changes. The version published on this page at the time applies.
Last updated: 12 July 2026