maxPerformance

Legal

Privacy Policy

The basis for this policy is the EU General Data Protection Regulation (GDPR) as well as the Austrian Data Protection Act (DSG).

1. Controller

The controller within the meaning of Art. 4 No. 7 GDPR is:

Company
maxPerformance Agency, Veit-Ander Aichbichler
Address
Berggasse 5, 1090 Wien, Austria
Contact
office@maxperformance.agency
Data Protection Officer
maxPerformance Agency, Veit-Ander Aichbichler

2. Hosting & Server Logs (Vercel)

The website is provided via the Vercel Inc. platform (340 S Lemon Ave #4133, Walnut, CA 91789, USA). When the website is accessed, the server automatically records connection data in the so-called server logs.

Data actually processed

  • IP address of the requesting device
  • Date and time of the request
  • Requested URL, HTTP status code, data volume
  • Referrer URL, user agent (browser, operating system)

Hosting region

The server region for operating this website is set to Frankfurt (EU). Vercel Inc. has its corporate headquarters in the USA; however, requests are processed on servers in the European Union. A transfer to the USA does not take place within the scope of website operation.

Legal basis

Art. 6 (1) (f) GDPR (legitimate interest in stable, secure operation of the website).

Storage period

2 weeks.

Data processing agreement

A data processing agreement (DPA) is concluded with Vercel as part of the agreement.

3. Database (Supabase)

For the storage of structured data we use Supabase (Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992).

Hosting region

The database cluster is hosted in Frankfurt (eu-central-1), EU.

Data processing agreement

A data processing agreement (AVV) within the meaning of Art. 28 GDPR has been concluded with Supabase.

4. Email Delivery (Resend)

Form messages from this website are delivered via Resend (Resend Inc., 2261 Market Street #4017, San Francisco, CA 94114, USA).

Data actually transmitted

Content of the respective form message (see Section 5), sender / recipient address, time of delivery, delivery status.

Hosting region

Email delivery takes place via servers in Ireland (EU). Resend Inc. has its corporate headquarters in the USA; however, the processing of email delivery itself takes place on servers in the European Union. A transfer to the USA does not take place within the scope of email delivery.

Legal basis

Art. 6 (1) (b) GDPR (pre-contractual measure at the request of the data subject) and Art. 6 (1) (f) GDPR (legitimate interest in reliable communication with prospective clients).

Data processing agreement

A data processing agreement (DPA) within the meaning of Art. 28 GDPR has been concluded with Resend.

5. Contact and Analysis Form

The website provides two forms: a general contact form at /kontakt and a specific analysis enquiry form at /analyse. Both submit over HTTPS to our endpoint /api/contact and are then forwarded to us by email (see Section 4).

Fields processed · /kontakt

  • Name (required)
  • Email address (required)
  • Phone number (optional)
  • Language (selection, optional)
  • Message (required)

Fields processed · /analyse

  • Name (required)
  • Email address (required)
  • Phone number (optional)
  • Country (optional)
  • Language (selection, optional)
  • Industry (optional, may be preselected via URL parameter)
  • Message (required)

Each submission additionally carries a technical field source indicating from which form the enquiry originates (kontakt or analyse). A hidden honeypot field also serves as spam protection and silently discards bot submissions.

Purpose & legal basis

The purpose is to handle your enquiry and, where applicable, initiate an engagement. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measure) and, additionally, Art. 6 (1) (f) GDPR (legitimate interest in communication with prospective clients).

Storage period

Email correspondence from the forms is retained for 36 months, unless longer statutory retention periods under the Austrian Commercial Code (UGB) or Federal Fiscal Code (BAO) apply.

6. Tracking & Analytics Tools

On this website, tracking runs only after your consent. You grant or deny consent category by category through the consent banner (“Statistics”, “Marketing”). The tools are embedded via the Google Tag Manager and only fire after you have consented in the respective category. You can change or withdraw your consent at any time via the “Cookie settings” button in the footer of the website.

Google Analytics 4

Provider
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (EU representation); Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Purpose
Reach and usage analysis (e.g. page views, dwell time, anonymised device and origin data).
Consent signal
analytics_storage
Legal basis
Art. 6 (1) (a) GDPR (consent) and § 25 (1) TDDDG.
Third-country transfer (USA)
Based on the EU-US Data Privacy Framework (adequacy decision of 10 July 2023) and/or Standard Contractual Clauses pursuant to Art. 46 (2) GDPR.

Google Ads

Provider
Google Ireland Limited (EU representation); Google LLC, USA — address as above.
Purpose
Conversion measurement and remarketing for our campaigns.
Consent signals
ad_storage, ad_user_data, ad_personalization
Legal basis
Art. 6 (1) (a) GDPR (consent) and § 25 (1) TDDDG.
Third-country transfer (USA)
Based on the EU-US Data Privacy Framework and/or Standard Contractual Clauses pursuant to Art. 46 (2) GDPR.

Google Tag Manager

Provider
Google Ireland Limited (EU representation); Google LLC, USA — address as above.
Purpose
Management tool for delivering the tags listed above. The Tag Manager itself does not set analytics cookies.
Behaviour with respect to consent
Tags only fire after your consent through the consent banner. Prior to your consent, the default signals are “denied” (Google Consent Mode v2).

7. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent given, with effect for the future (Art. 7 (3) GDPR)

Please direct any requests to the contact address listed under section 1.

8. Right to Lodge a Complaint with the Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority (dsb.gv.at) if you believe that the processing of your personal data violates the GDPR.

9. Updates & Changes

This privacy policy is updated occasionally when processing activities, the legal situation or the services used change. The current version is available at this URL.

Last updated: [Date of last update]