Privacy Notice
This notice explains how Bánhalmi Norbert e.U. processes personal data when you visit this website, send an enquiry or request a proposal. It applies to the website, enquiry and quote-request processes described below and should be read together with the Cookie Policy and the applicable project agreement.
Controller
Bánhalmi Norbert e.U., Schwedenplatz 2 / Laurenzerberg 5, 1010 Vienna, Austria. Email: hello@norbertbanhalmi.com. Telephone: +43 677 616 55592.
Data and source
Data is collected directly from you through the contact or quote form. Required fields are name, email address, message and, for a quote, the selected service category. Optional fields may include telephone, company, location, timing, budget, VAT information and other project details. Technical infrastructure may process IP address, request time, browser headers and security signals for delivery and abuse prevention. The public forms do not request special-category data.
Purposes and legal bases
Enquiry and proposal data is processed to answer your request and take pre-contractual steps at your request under Article 6(1)(b) GDPR. Data required for an existing project or contract is processed for contractual performance under Article 6(1)(b). Statutory accounting and tax records are processed under Article 6(1)(c). Proportionate security and abuse-prevention processing may rely on legitimate interests under Article 6(1)(f), namely protecting the website, communication channels and business operations. Optional review widgets load only after consent under Article 6(1)(a) GDPR and applicable ePrivacy rules.
Required and optional information
If the required fields are not provided, the enquiry cannot be transmitted or answered. Optional information is used only when it helps define the requested service or prepare a more accurate proposal.
Recipients and service providers
Form traffic is transmitted through Cloudflare Workers and then to a language-specific Google Apps Script. Requests may be stored in a restricted Google Sheet and delivered to the controller by email. The public site is hosted through GitHub Pages. Trustindex Ltd and Elfsight may receive technical data only if you activate optional review content. Email and IT providers may process data to deliver and secure the service. Access is limited to authorised people and providers that require it for these purposes. The legacy domains banhalmi.at and banhalminorbert.hu may use Vercel solely to deliver permanent redirects to the appropriate language version; in doing so Vercel can process connection and security log data.
International transfers
Some providers operate globally and processing may occur outside the EEA. Where a transfer requires safeguards, the controller relies on the mechanism applicable to the active provider contract, such as an adequacy decision, the EU Standard Contractual Clauses or another lawful safeguard. Information about the currently applicable provider and transfer arrangement can be requested by email. No guarantee is claimed here beyond the contracts and settings actually active for the account.
External social-media links
The footer contains ordinary links to LinkedIn, Instagram, Facebook, Pinterest, TikTok and X. No social-media embed or tracking pixel is loaded merely because these links are displayed. When you follow a link, the selected platform processes data under its own privacy terms and may transfer data outside the EEA.
Retention
Enquiries and proposal requests that do not result in a contract are normally deleted or anonymised 12 months after the last substantive contact. Data that becomes part of a project or contract is retained for the duration of the relationship and then for the statutory periods applicable under Austrian commercial, tax and limitation law. Security and error logs are normally retained for no longer than 90 days unless needed to investigate an incident or establish legal claims. The cookie-choice record expires after 180 days. Spam caught by the honeypot is not intentionally stored in the project sheets.
Automated decisions
No solely automated decision-making or profiling that produces legal or similarly significant effects is used.
Your rights
Subject to the legal conditions, you may request access, rectification, erasure, restriction, data portability and objection. Where processing is based on consent, consent may be withdrawn for the future at any time. To exercise rights, contact hello@norbertbanhalmi.com. Identity may be verified where necessary to protect the data.
Complaint
You may lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, Austria, email dsb@dsb.gv.at, or with another competent supervisory authority.
Security and sensitive information
Transport encryption, access controls, shared-secret authentication, input validation, rate limiting and retention controls are used as appropriate. Please do not submit health data, intimate information, identity-document numbers or other special-category data through the public free-text fields.
Last updated
2026-07-07