Mario Deubler/Privacy
PRIVACY · ART. 13 GDPR

Privacy Policy.

Information on the processing of personal data on this website, according to Art. 13 of the General Data Protection Regulation (GDPR). What I collect, why, and what you can do about it.

01 — ControllerWho is responsible.

The controller responsible for the processing of personal data on this website within the meaning of Art. 4(7) GDPR is:

Name
Mario Deubler
Address
Schödlbergergasse 16/53
1220 Vienna, Austria
Email
hello@mariodeubler.com

I am a sole operator and do not have a designated Data Protection Officer. You can reach me directly at the address above for any privacy-related question.

02 — HostingWhere this site runs.

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit the site, your browser automatically transmits technical data to Vercel — including IP address, browser type, referring URL, and timestamp — which is processed in server logs for the purpose of delivering the site, ensuring stability, and preventing abuse.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a stable, secure website). Retention: server logs are typically held by the hosting provider for a short period (days to weeks) for security and diagnostics. A Data Processing Agreement under Art. 28 GDPR is in place with Vercel.

03 — AnalyticsHow traffic is measured.

I use Vercel Analytics, a privacy-preserving analytics tool provided by Vercel Inc., to understand which pages are visited and how the site performs. Vercel Analytics is cookieless: it does not set cookies and does not use cross-site identifiers. For each visit, Vercel derives a short-lived, anonymous daily identifier from a hash of the IP address and user agent. This identifier is discarded after 24 hours and cannot be linked back to an individual. No personal profile is created.

Because the analytics script is loaded into your browser and reads request-level data to compute that identifier, I treat this as access to information on your terminal equipment within the meaning of § 165(3) TKG 2021 / Art. 5(3) ePrivacy Directive, even though no cookie is set. Vercel Analytics is therefore loaded only after you give your consent via the banner shown on your first visit.

Legal basis: Art. 6(1)(a) GDPR (your consent) in combination with § 165(3) TKG 2021. You can withdraw your consent at any time by clearing the md_consent_v1 entry from your browser's local storage for this domain; the banner will then appear again on your next visit, and you can choose Decline.

04 — Contact formWhat happens when you write to me.

When you submit one of the forms on this site (for example the diagnose intake or the contact form), the data you enter is transmitted via TLS to my server, formatted as an email, and sent to hello@mariodeubler.com. Submissions are not stored in a database on this website — they exist only as email in my inbox.

The fields you may provide include: name, email address, company, role, project stage, engagement mode, timing, the symptom you are facing, and your message. Only the message field is technically required; everything else is optional and only processed if you supply it.

Email is delivered through Proton Mail (Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland), which acts as a processor for the outbound SMTP delivery and for hosting my inbox. Switzerland is recognised by the European Commission as providing an adequate level of data protection (adequacy decision under Art. 45 GDPR).

Legal basis: Art. 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). Retention: messages are kept in my inbox for as long as needed to handle your request and for a reasonable follow-up period, typically up to 24 months, unless a contractual or legal obligation requires longer retention.

The forms include an invisible anti-spam field (a "honeypot"). If it is filled in, the submission is silently discarded and not delivered. This field is not visible to ordinary users and is not processed beyond that single check.

05 — Email correspondenceIf you email me directly.

If you contact me by email (for example by clicking hello@mariodeubler.com), the email content, your email address, and any attachments are processed for the purpose of communicating with you. Legal basis: Art. 6(1)(b) and (f) GDPR. Retention: same as contact-form submissions above.

06 — Cookies and local storageWhat this site stores on your device.

This website does not set any cookies. The only entry written to your browser's local storage is md_consent_v1, which records your choice from the analytics consent banner (the value is either accept or decline). This entry is strictly necessary to remember your decision and is therefore exempt from consent under § 165(3) Z 2 TKG 2021 / Art. 5(3) sentence 2 ePrivacy Directive.

If you accept the banner, Vercel Analytics is loaded and may read request-level data as described in section 03. No other tools that read from or write to your device are used on this site. If that changes in the future, the consent banner and this policy will be updated accordingly.

07 — International transfersData leaving the EU.

Vercel Inc. is based in the United States. Transfers of personal data to Vercel are safeguarded by the EU–U.S. Data Privacy Framework (Vercel is self-certified) and, where applicable, by Standard Contractual Clauses under Art. 46(2)(c) GDPR. Transfers to Proton AG in Switzerland are covered by the European Commission's adequacy decision for Switzerland. No other transfers to third countries take place.

08 — Your rightsWhat you can ask me to do.

Under the GDPR you have the following rights regarding your personal data:

Access
Art. 15 — confirmation whether I process your data, and a copy of it.
Rectification
Art. 16 — correction of inaccurate or incomplete data.
Erasure
Art. 17 — deletion of your data where the legal conditions are met.
Restriction
Art. 18 — restriction of processing in specific cases.
Portability
Art. 20 — receipt of your data in a structured, machine-readable format.
Objection
Art. 21 — objection to processing based on legitimate interests.

To exercise any of these rights, please write to hello@mariodeubler.com. I will respond within one month as required by Art. 12(3) GDPR. I may ask you for additional information to confirm your identity before acting on a request.

09 — Right to complainIf you are unhappy with how I handle your data.

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). The competent authority for Austria is:

Authority
Österreichische Datenschutzbehörde
Address
Barichgasse 40–42
1030 Vienna, Austria
Web
dsb.gv.at

10 — ChangesHow this policy may evolve.

If I add new tools, change processors, or otherwise alter how data is processed on this site, I will update this page and revise the "Last updated" date below. Material changes will be reflected before the new processing begins.

Last updated · 2026-05-13 Vienna · Austria