Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

mHero21 e.U.
Dr. Christian Elbe
Klosterwiesgasse 44
8010 Graz
Austria
Email:

2. General Information

This privacy policy explains which personal data is processed when you use this website. It is based on the website’s actual technical implementation. At present, this mainly concerns the contact form. An embedded calendar is currently not active.

3. Hosting and Technical Delivery

When you access this website, technical connection data is processed in order to deliver the site. This may include your IP address, date and time of access, requested URL, referrer, browser type, and operating system.

This processing is necessary to provide the website, maintain stability and security, and detect misuse. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and reliable operation of the website.

4. Contact Form

If you contact us via the contact form, we process the data you enter in order to handle your request. This may include:

• name
• email address
• company, if voluntarily provided
• the content of your message

The processing is carried out for the purpose of responding to your inquiry and communicating with you. The legal basis is Art. 6(1)(b) GDPR where your request relates to the initiation of a contract, and otherwise Art. 6(1)(f) GDPR. Our legitimate interest is the efficient handling of contact inquiries.

5. Spam and Abuse Protection

To protect the contact form against misuse, we also process technical data. This includes in particular:

• your IP address for short-term request limiting
• a hidden form field (honeypot) to detect automated submissions

The IP address is used solely for abuse detection and rate limiting. In the current implementation, it is only stored temporarily in server memory and generally for no longer than one minute. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is protecting the website and contact form against spam and abusive use.

6. Email Delivery of Your Inquiry

Your contact request is sent to us by email on the server side. For technical delivery, we use Brevo (formerly Sendinblue) as an SMTP service provider. The data entered into the contact form is transmitted to Brevo only to the extent necessary to send the email.

The legal basis is Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR, depending on the content of your inquiry. According to the provider, Brevo acts as a processor. Further information is available in Brevo’s privacy policy: https://www.brevo.com/legal/privacypolicy/

7. Retention Period

We store your data only for as long as necessary to process your inquiry or for as long as legal retention obligations apply. Technical data used for abuse prevention is stored only temporarily to the extent required for rate limiting.

8. Recipients of Data

Your data is disclosed only to recipients who need it for the purposes stated above. This may include:

• responsible persons within hero21
• hosting and infrastructure providers
• Brevo as the technical email service provider for sending contact inquiries

9. Your Rights

Subject to the applicable legal requirements, you have the right to access, rectify, erase, restrict processing, receive a copy of your data, and object to the processing of your personal data.

Where processing is based on Art. 6(1)(f) GDPR, you have the right to object on grounds relating to your particular situation.

You also have the right to lodge a complaint with a competent data protection supervisory authority.

10. Contact for Privacy Questions

If you have questions about the processing of your personal data or wish to exercise your rights, please contact us at: