Skip to content

Privacy Policy

Information according to General Data Protection Regulation (GDPR) and EU AI Act

Note: The legally binding version is available in German. This English version is provided for your convenience.

1. Data Controller

Blck Alpaca OG

Maria-Lassnig-Straße 33/1/29
1100 Vienna, Austria

Email: [email protected]
Phone: +43 676 451 43 83

2. Data Collection on This Website

Server Log Files

Each time you access our website, information is automatically stored in server log files that your browser automatically transmits to us. This includes: IP address, browser type and version, operating system, referrer URL, hostname of the accessing computer, and time of server request. This data is collected based on Art. 6(1)(f) GDPR.

Contact Form

When you contact us via our contact form, your details from the form including the contact data you provided will be stored for the purpose of processing your inquiry and for follow-up questions. We do not share this data without your consent. Legal basis is Art. 6(1)(b) GDPR.

Cookies

Our website uses cookies. These are small text files stored on your device. We distinguish between technically necessary cookies and optional analytics cookies. You can adjust your cookie settings at any time via our cookie settings.

Web Analytics

We use privacy-friendly analytics tools (self-hosted) to understand and improve the use of our website. No personal data is transferred to third parties.

Web Analytics with Umami

We use Umami, a privacy-friendly, self-hosted analytics solution. Umami collects only anonymized usage data without cookies and without personal information.

Data collected:

  • Anonymized page views
  • Device category (Desktop/Mobile/Tablet)
  • Browser and operating system
  • Approximate location (Country/Region)
  • Referral source
  • UTM parameters for marketing campaigns
  • Scroll depth on pages

Data NOT collected:

  • IP addresses (not stored)
  • Cookies or local storage
  • Personal identification markers
  • Cross-site tracking

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR for statistical analysis to optimize our website.

Storage location: Own servers in Germany (Hetzner Online GmbH)

Retention period: Aggregated, anonymized data is stored indefinitely for statistical purposes. No individual user profiles are created.

Right to object: Since no personal data is collected, identification and therefore objection is technically not possible. However, you can enable "Do Not Track" in your browser, which is respected by Umami.

3. Newsletter

Data Processed & Purpose

When you subscribe to our newsletter, we process your email address along with the timestamp of your registration and confirmation. Processing occurs solely for sending newsletters containing information about our services, products, and offers.

Double Opt-In Procedure

Newsletter registration uses a double opt-in procedure. After signing up, you will receive an email with a confirmation link. Your registration becomes effective only upon clicking this link. This step ensures that no third party can misuse your email address.

Legal Basis

Processing of your data for newsletter delivery is based on your explicit consent pursuant to Art. 6(1)(a) GDPR. We store the time and content of your consent (double opt-in record) to fulfill our documentation obligations.

Service Provider / Data Processor

We use SendGrid (Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA) for newsletter delivery. Data transfers are governed by EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and the EU-US Data Privacy Framework. The Data Processing Addendum (DPA) is available at twilio.com/legal/data-protection-addendum and forms part of our service agreement.

Email Tracking (Opens & Clicks)

Our newsletters may contain tracking pixels and tracked links that allow us to detect whether and when an email was opened and which links were clicked. We use this information to optimize our newsletters. Processing is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG. You can prevent tracking by disabling image loading in your email client.

Retention Period

Your email address is stored for as long as your newsletter subscription is active. After unsubscribing, we remove your email address from the active distribution list. The consent record (double opt-in log) is retained for 3 years after unsubscription to fulfill our statutory documentation obligations.

Withdrawal & Unsubscription

You may withdraw your consent to receive newsletters at any time with effect for the future. To unsubscribe, click the unsubscribe link at the bottom of any newsletter or send an email to [email protected]. The lawfulness of processing carried out prior to withdrawal remains unaffected.

4. Your Rights under GDPR

Right of Access (Art. 15 GDPR)

You have the right to request information about your personal data stored with us.

Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate data or completion of incomplete data.

Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your data, provided there are no legal retention obligations or legitimate interests.

Right to Restriction (Art. 18 GDPR)

You have the right to request restriction of processing of your data.

Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used and machine-readable format.

Right to Object (Art. 21 GDPR)

You have the right to object at any time to the processing of your data for reasons arising from your particular situation.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
[email protected]

5. Data Security

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest level of encryption supported by your browser during your website visit. All data you submit to us is transmitted encrypted.

6. AI and Automation

As an AI marketing agency, we use automated systems for data analysis and campaign optimization. This processing always complies with GDPR and the EU AI Act. We guarantee:

  • No automated individual decisions with legal effect without human review
  • Transparency about the use of AI systems
  • Your right to human intervention in automated decisions
  • Regular review of AI systems for fairness and non-discrimination

7. Retention Period

We only store your personal data for as long as necessary for the purposes for which it was collected or as required by legal retention periods. After the respective period expires, the data is routinely deleted.

8. Disclosure to Third Parties

Your data will only be disclosed to third parties if this is necessary for contract fulfillment, you have expressly consented, or we are legally obligated to do so. Our processors are contractually obligated to comply with GDPR.

9. International Data Transfer

If we transfer data to countries outside the EEA, we ensure through appropriate safeguards (standard contractual clauses, adequacy decision) that your data is adequately protected.

To exercise your rights please contact: [email protected]

Last updated: January 2026