Privacy Policy
Version: July 2026
1. Controller
Bracharz Consulting, owner: Mag. Rainer Bracharz MSc, Rametzbergsiedlung III/5, A-3150 Wilhelmsburg, Austria. T: +43 2746 21700, M: +43 680 3101081, E: rainer@bracharz.com. We process personal data exclusively on the basis of the statutory provisions (GDPR, Austrian DSG, TKG 2021).
2. No Cookies, No Tracking
This website does not set cookies, does not use any analytics or tracking services and does not embed content from third-party servers. Fonts, stylesheets and scripts are served locally from our own server. For this reason, no cookie banner is required.
3. Hosting and Server Log Files
This website is hosted by easyname GmbH, Vienna (Austria); a data processing agreement pursuant to Art 28 GDPR is in place. When you visit the website, the web server technically processes access data (in particular IP address, date and time, requested file, browser type). The legal basis is our legitimate interest in the secure and stable operation of the website (Art 6(1)(f) GDPR). Log data is deleted automatically after a short period.
4. Contact
If you contact us by email or phone, or book an appointment via the linked scheduling service (provider: Calendly LLC, USA; transfer based on EU Standard Contractual Clauses, processing only upon active booking), we process the data you provide in order to handle your enquiry or to initiate a contract (Art 6(1)(b) GDPR) or on the basis of our legitimate interest in responding (Art 6(1)(f) GDPR).
5. External Links (LinkedIn, Calendly)
Our website contains links to external services (LinkedIn, Calendly). Data is only transferred to the respective provider once you click such a link; their privacy policies then apply. No automatic data transfer takes place merely by visiting our website.
6. Categories of Personal Data
In the course of our business relationships we process in particular the following categories of personal data:
- Master data (name/company, contact person, position/function)
- Communication data (email address, phone number, postal address)
- Contract and processing data (offers, contracts, orders, project documentation)
- Billing and payment data (bank details, invoice data, VAT number)
- Support and correspondence data (enquiries, meeting notes, minutes)
7. Purposes and Legal Bases of Processing
We process this data to initiate, conclude and perform contractual relationships, to plan and deliver consulting and digital projects, for invoicing and compliance with tax and company law obligations, for communication in the course of the ongoing business relationship and, where legally permitted, for direct marketing of our own similar services (B2B). The legal bases are Art 6(1)(b) GDPR (contract performance and pre-contractual measures), Art 6(1)(c) GDPR (legal obligations) and Art 6(1)(f) GDPR (legitimate interests, e.g. efficient business administration, IT security, asserting or defending legal claims). Where processing is based on your consent (Art 6(1)(a) GDPR), you may withdraw it at any time with effect for the future.
8. Recipients and Processors
Where necessary, we use the following categories of recipients and processors: IT service providers (e.g. hosting, email, collaboration tools, cloud storage), accounting, tax advisory and auditing service providers, payment service providers and banks, AI-supported analysis and production tools (used only under data processing agreements or without transmission of client data unless agreed), and, where applicable, legal representatives and authorities. Data processing agreements pursuant to Art 28 GDPR are in place with our processors.
9. Transfers to Third Countries
Personal data may be transferred to countries outside the EU/EEA where certain IT or cloud providers are established or process data in a third country. In such cases, processing only takes place if an adequacy decision of the European Commission pursuant to Art 45 GDPR exists or appropriate safeguards pursuant to Art 46 GDPR are in place (e.g. EU Standard Contractual Clauses) and, where necessary, additional protective measures have been implemented.
10. Storage Period
We store personal data only for as long as necessary for the stated purposes or as required by statutory retention periods. Company and tax records are generally retained for 7 years from the end of the calendar year of the last entry; contract and claims data may be stored beyond that in line with statutory limitation periods. Thereafter the data is deleted or anonymised.
11. Automated Decision-Making / Profiling
No automated decision-making, including profiling, within the meaning of Art 22 GDPR takes place.
12. Data Security
We use technical and organisational security measures to protect stored personal data against manipulation, loss and unauthorised access. This website is transmitted in encrypted form (TLS/HTTPS).
13. Your Rights
Within the statutory framework you have the right to access, rectification, erasure, restriction of processing, data portability, withdrawal of consent and objection to processing based on Art 6(1)(e) or (f) GDPR. To exercise these rights, contact rainer@bracharz.com.
If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the supervisory authority: Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, T: +43 1 52 152-0, E: dsb@dsb.gv.at, www.dsb.gv.at.