Privacy Policy / Information pursuant to Articles 13 and 14 GDPR

Protecting your personal data is a matter of course for me. I process your data exclusively on the basis of the applicable legal provisions – in particular the General Data Protection Regulation (GDPR) and the Telecommunications Act 2021 (TKG 2021).

In this privacy policy, I inform you about the most important aspects of data processing in connection with my website and services.

1. Data Controller

Martin J. Bartmann
Stonefield International GmbH
Ing. Leopold-Fuhrmannstrasse 5
2512 Tribuswinkel
Tel.: +43 680 24 73773
E-Mail: office@ecstaticbusiness.com

2. What Data Do I Process?

Depending on the contact, assignment or use of the website, I process in particular the following categories of data:

a) Master Data & Contact Data
Name, email adress, telephone number, address.

b) Contract and Billing Data
Data required for contract fulfilment, appointment organisation, service delivery and invoicing.

c) (Optional / only if actually required in your process) Date of Birth Data
Place of birth, date of birth and, where applicable, time of birth – exclusively if these details are necessary for the fulfilment of the specifically agreed service.

d) Communication and Enquiry Data
Content of your enquiry (e.g. via email), correspondence and appointment arrangements.

e) Technical Data When Using the Website
IP address, date/time of access, pages accessed, referrer URL, browser and device information, operating system and, where applicable, language settings.

3. Purposes of Data Processing

Personal data is processed for the following purposes:

Contract fulfilment and implementation of pre-contractual measures (e.g. quotation, appointment scheduling, service provision)
Invoicing and fulfilment of legal obligations (e.g. tax law, retention obligations)
Communication with customers, clients and interested parties
Newsletter distribution (if subscribed)
Security and stability of the website (technical log files, error analysis, prevention of misuse)
Analysis/statistics to improve the website (Google Analytics 4 – only with consent)

4. Legal Basis of Processing

Depending on the case, processing is based on one or more of the following legal bases:

Art. 6(1)(b) GDPR – Contract / pre-contractual measures
Art. 6(1)(c) GDPR – Legal obligation
Art. 6(1)(f) GDPR – Legitimate interest (e.g. IT security, prevention of misuse, economic operation)
Art. 6(1)(a) GDPR – Consent (e.g. newsletter, website analysis)

For storing or accessing information on your device (cookies or similar technologies), §165(3) TKG 2021 also applies. Non-essential cookies or technologies are only set after prior consent.

5. Newsletter

If you subscribe to my newsletter, I process your email address and, where provided, your first and last name.

Purpose: Sending information about offers, events, courses and appointments.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Unsubscribing:
You can unsubscribe at any time via the unsubscribe link in each newsletter or by email to .

6. Cookies & Consent Management (CookieYes | GDPR Cookie Consent)

This website uses cookies and similar technologies to ensure the proper functioning of the website, analyse usage and improve the user experience.

a) Necessary cookies
These are required for the website to function technically (e.g. page navigation, security functions). These can be set without consent.

b) Non-essential cookies (e.g. analytics)
These are only set or accessed after you have given your consent.

For managing consent, I use CookieYes | GDPR Cookie Consent. This tool typically stores your selection (consent/withdrawal) in the form of a cookie on your device so that your decision can be taken into account on future visits.

Revocation: You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection.

7. Google Tag Manager

I use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The Google Tag Manager is used for the technical management of website tags (e.g. integration of analytics tools).

The Tag Manager itself is a management tool and does not necessarily create user profiles; however, it may establish a connection to Google servers when loading, during which technical data (e.g. IP address) may be processed.

Consent-based tools (e.g. Analytics) are only loaded after consent has been granted.

8. Google Analytics 4 (GA4)

If you have given your consent, this website uses Google Analytics 4, a web analytics service.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows us to analyse the use of our website and improve its functionality and content.

Legal bases:

Consent pursuant to Art. 6(1)(a) GDPR (processing)
Consent pursuant to Section 165(3) TKG 2021 (cookies/device access)

What data is processed?
Typically, online identifiers (e.g. cookie IDs), device/browser information, interaction data (e.g. page views, time spent, click paths), and technical data are processed. The IP address is required for communication with the servers.

Recipients / Data processing on behalf:
Processing is carried out by Google as a data processor on the basis of corresponding contractual terms.

Third-country transfer:
It cannot be ruled out that data may be transferred to the USA. Google may rely on appropriate safeguards (e.g. certifications/mechanisms) and additional contractual protective measures. Nevertheless, in the case of third-country transfers, there remains a residual risk that authorities in third countries may gain access to the data.

Retention period:
Data is stored only for as long as necessary for the stated purposes or in accordance with the retention periods set in Google Analytics.

Revocation:
You can withdraw your consent at any time via the cookie settings. Once consent is withdrawn, Google Analytics will no longer be loaded on this website.

I do not use Google Ads features and Google Signals for remarketing/cross-device advertising.

9. Google Search Console

I use Google Search Console to monitor the technical performance and visibility of my website in Google Search (e.g. indexing, crawling errors, search queries in aggregated form).

As a rule, no personal data of website visitors is collected directly on the website for this tool; Search Console is an administration and analysis tool for website operators. I mention its use for transparency reasons.

10. Server log files (website operation)

When visiting my website, server log files are processed to ensure operation and for security purposes (e.g. IP address, time of access, pages accessed, browser information).

Purpose: technical provision, stability, error analysis, defense against attacks
Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
Retention period: Log files are generally stored only for as long as necessary to achieve these purposes.

11. Who has access to your data?

As the controller, I generally have access to personal data. In addition, it may be necessary for data processors (e.g. IT/hosting/tool providers) to have access insofar as this is required to provide the website/services. These service providers are contractually obliged to comply with the GDPR.

12. Do I share your data with third parties?

Your data will not be shared without a legal basis. A transfer may occur in particular:

to data processors (e.g. technical service providers, website tools) if this is necessary for operation/service
to authorities/public bodies if I am legally obliged to do so

Data will not be shared for advertising purposes.

13. Where is your data stored?

Data is stored – insofar as required for my activities – on my work devices (PC/laptop) and/or with the technical service providers used, insofar as this is necessary for service provision, administration, and secure processing.

14. How do I protect your data?

I implement appropriate technical and organizational security measures to protect data against loss, misuse, or unauthorized access (e.g. access controls, secure passwords, encryption of data carriers, antivirus protection, regular updates).

SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol.

16. How long is data stored?

I generally store personal data only for as long as necessary:

as long as a customer/client/prospect relationship exists or for the purpose of processing inquiries
as long as statutory retention obligations apply (e.g. tax law obligations)
until you withdraw your consent (e.g. newsletter, analytics) or – where possible – request deletion

17. Your rights as a data subject

Under the GDPR, you generally have the following rights:

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing (Art. 21 GDPR)
Withdrawal of consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing carried out up to that point.

To exercise your rights, please contact me at: office@ecstaticbusiness.com

18. Right to Lodge a Complaint

If you believe that the processing of your data violates data protection law or that your rights have otherwise been infringed, you may lodge a complaint with the supervisory authority.

In Austria, this is the Austrian Data Protection Authority (DSB).

19. Obligation to Provide Data

The provision of personal data depends on the context:

Contract conclusion/service provision: Yes, data necessary for contract fulfilment and billing must be provided.
Website visits: No, generally not; however, technical data (e.g. IP address) is generated for technical reasons.
Newsletter: Only if you subscribe – then email address (and possibly name) are required.

20. Automated Decision-Making / Profiling

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

21. Status of This Privacy Policy

This privacy policy will be updated if necessary to reflect legal or technical changes.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.