Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

For questions about data protection, contact us at office@delphidata.com.

2. Overview

We process personal data only when necessary, and only for the purposes described in this policy. We do not use tracking cookies, advertising pixels, or social media plugins on this website. All fonts and scripts are self-hosted — no external resources are loaded from third-party CDNs.

3. Contact and Demo Request Forms

When you submit a form on our website (contact form, demo request, or download form), we collect the information you provide: typically your name, email address, company name, job title, and message.

We use this data to respond to your inquiry, schedule a demo, or deliver a requested document. If your inquiry relates to a potential business relationship, we may follow up in connection with your request.

Form submissions are processed through Resend (Resend Inc., USA), a transactional email service that delivers form data to our team. Resend acts as a data processor on our behalf under Art. 28 GDPR. Resend is SOC 2 Type II compliant, GDPR compliant, and certified under the EU-U.S. Data Privacy Framework (DPF). Their DPA includes EU Standard Contractual Clauses (SCCs).

We retain form data for as long as necessary to handle your request and any resulting business relationship. If no relationship is established, we delete your data no later than 12 months after last contact, unless legal retention obligations apply.

We do not share form data with third parties for marketing purposes.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures). For download forms: Art. 6(1)(a) GDPR (consent).

4. Email Communication

If you contact us by email, we process your email address and message content to handle your inquiry.

We retain email correspondence for the duration of the business relationship and as required by Austrian commercial and tax law (typically 7 years under § 132 BAO and § 212 UGB).

Legal basis: Art. 6(1)(b) GDPR (contractual/pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interest in business communication).

5. Website Hosting and Analytics

Our website is hosted by Vercel (Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA). Vercel operates a global content delivery network running on infrastructure provided by Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

When you visit our website, Vercel’s servers automatically process data required to deliver the page, including your IP address, the requested URL, date and time, browser type, and operating system.

We use Vercel Web Analytics to understand how our website is used in aggregate. Vercel Web Analytics is designed to be privacy-friendly: it does not use cookies, does not collect personal identifiers, does not track users across websites, and provides only aggregated, non-identifiable data. Data points collected include page URL, referrer, timestamp, country-level geolocation (derived from IP address, which is not stored), device type, browser type, and operating system. No individual visitor profiles are created.

We do not use Vercel Speed Insights, Google Analytics, or any other analytics or tracking service.

Vercel acts as a data processor under Art. 28 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, reliable website operation and understanding aggregate usage patterns).

6. Data Transfers Outside the EU

Both Vercel (website hosting) and Resend (form email delivery) are US-based companies. When you visit this website or submit a form, your data may be processed in the United States.

Both providers are certified under the EU-U.S. Data Privacy Framework (DPF), which the European Commission has recognized as providing adequate protection for personal data transfers from the EU to certified US organizations (Adequacy Decision of 10 July 2023). Both providers’ DPAs additionally incorporate EU Standard Contractual Clauses (SCCs) as a supplementary transfer mechanism.

No other data transfers to countries outside the EU/EEA take place.

7. Cookies

This website uses only technically necessary cookies required for the site to function (such as session cookies for form submissions). These are deleted when you close your browser.

Vercel Web Analytics does not use cookies. We do not use advertising cookies or third-party tracking cookies. Since we only use strictly necessary cookies, no consent banner is required under § 165(3) of the Austrian Telecommunications Act (TKG 2021), implementing Art. 5(3) of the ePrivacy Directive.

8. Social Media

Our website contains a link to our LinkedIn company page. This is a standard hyperlink — no LinkedIn scripts, plugins, or tracking pixels are embedded. No data is transmitted to LinkedIn until you actively choose to visit the linked page.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at office@delphidata.com. We will respond within one month (Art. 12(3) GDPR).

10. Supervisory Authority

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority.

11. Changes

We may update this privacy policy to reflect changes in our data processing or legal requirements. The current version is always available at delphidata.com/privacy.