Zum Inhalt springen

Legal

privacy policy.

As of: May 2026

We appreciate your visit to our website and your interest in our services. The protection of your personal data is important to us. Below we inform you in accordance with Art. 13 and 14 GDPR about the processing of your data.

Note: This English version is provided for convenience. The legally binding text is the German original at /datenschutz — in case of discrepancy, the German version prevails.

1. Data Controller

threesixty.at GmbH
Sankt-Georgen-Gasse 7
8020 Graz, Austria
Managing Director: Ing. DI Philipp Hubmer
FN 659416 f, Regional Court for Civil Matters Graz (Landesgericht für ZRS Graz)

E-mail: [email protected]
Phone: +43 (0) 699 170 744 17

2. Principles

We only process personal data to the extent necessary to provide this website, to handle inquiries or contracts, or to comply with a legal obligation. We do not use tracking pixels or advertising networks (e.g. Meta Pixel, Google Ads, LinkedIn Insight Tag). We use an anonymized, cookieless reach measurement (Cloudflare Web Analytics) exclusively for statistical evaluation — see Section 8.

3. Server Logs and Hosting (Cloudflare)

This website is delivered via Cloudflare Pages by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. When you visit the website, technically necessary data is processed, in particular IP address, date and time of the request, requested URL, amount of data transferred, user agent, and referrer URL. This data is required for delivering the content, maintaining IT security (protection against attacks), and optimising performance.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in a stable, secure operation of the website). A data processing agreement with Cloudflare is in place, including EU Standard Contractual Clauses. For details see the Cloudflare Privacy Policy.

4. Contact Form and E-Mail Delivery (Resend)

When you use our contact form or send us an e-mail directly, we process the data you provide (name, e-mail address, optional phone number, subject, message) in order to respond to your inquiry. Delivery of the form message is handled by the service Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA).

Legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (handling inquiries). A data processing agreement with Resend is in place, including EU Standard Contractual Clauses. Inquiries are retained for as long as necessary to respond to and process them, but no longer than required by statutory retention periods (generally 7 years under § 132 BAO for contract-related inquiries).

5. Bot Protection (Cloudflare Turnstile)

To protect our contact form against automated misuse, we use Cloudflare Turnstile. Turnstile checks in the background whether the input originates from a human, without setting cookies and without building a tracking profile. Technical characteristics of your browser are evaluated (e.g. browser properties, mouse or touch input behaviour, IP address).

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in protection against spam and automated attacks). For details see the Cloudflare Privacy Policy.

6. Embedded Map (OpenStreetMap)

Our contact page embeds a map by the OpenStreetMap Foundation (St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom). When the page is loaded, your IP address is transmitted to OpenStreetMap so that the map can be displayed.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in presenting our location in a low-barrier way). For details see the OSM Privacy Policy.

7. Embedded Videos (YouTube)

On individual project and demonstration pages, videos by YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA, parent company Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) may be embedded. We use a two-step embed ("click-to-load"): initially only a local preview image is loaded, and a connection to YouTube is established only after you actively start the video by clicking. Only then is data (in particular IP address, browser information, and possibly cookies set by YouTube/Google) transmitted to YouTube.

Legal basis is Art. 6(1)(a) GDPR (consent through active click) or Art. 6(1)(f) GDPR (presentation of our references). For more information see the Google Privacy Policy.

8. Reach Measurement (Cloudflare Web Analytics)

For the statistical evaluation of website usage (e.g. page views, approximate region of origin, browser and device category) we use Cloudflare Web Analytics by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. The evaluation is fully cookieless: no cookies are set, no cross-device identifiers are formed, and no IP addresses are stored long-term. Data is evaluated exclusively in aggregated, anonymized form; no personal reference or profile is created.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in a privacy-friendly reach measurement to improve our offering). Since no cookies or comparable technologies for accessing the end device are used, consent under § 165(3) TKG (Austrian Telecommunications Act) is not required. For details see Cloudflare Web Analytics.

9. Cookies and Similar Technologies

This website does not set any tracking, analytics, or advertising cookies. No third-party cookies (e.g. Google Analytics, Meta Pixel, LinkedIn Insight Tag) are used. In individual cases, a third party (e.g. YouTube after you actively start a video) may set cookies — see the respective sections above.

10. Data Transfers to Third Countries

Some of the service providers mentioned above (Cloudflare, Resend, YouTube) process data in the USA. For these transfers, data processing agreements with EU Standard Contractual Clauses pursuant to Art. 46 GDPR are in place. Cloudflare, Resend, and Google are also certified under the EU-US Data Privacy Framework.

11. Your Rights

You have the following rights at any time with regard to your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw a previously given consent (Art. 7(3) GDPR)

To exercise these rights, an informal e-mail to [email protected] is sufficient.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Austria is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at.

13. Data Security

We take technical and organisational measures to protect your data against loss, manipulation, and unauthorised access. Transmission of this website is end-to-end TLS-encrypted (HTTPS).

14. Updates and Changes

This privacy policy is currently valid and dates from May 2026. Due to the further development of our website or changing legal requirements, it may be necessary to amend this privacy policy. The current version is always available on this page.