Privacy Policy
This privacy policy informs you in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Austrian Data Protection Act (DSG) and the Telecommunications Act 2021 (TKG 2021) about the personal data we collect, how we use, store and share it, and what rights you have.
Data Controller
Iwaju Solutions e.U.Jubril Ajao
Josef-Huber-Gasse 7/20
8020 Graz, Austria
Email: jubril.ajao@iwajusolutions.com
Overview of Processing Activities
- Types of data processed: Contact data (e.g. email address, name), meta/communication data (e.g. IP addresses, device information), usage data (e.g. accessed URLs, access times, data volume transferred).
- Categories of data subjects: Communication partners, visitors and users of the online offering.
- Purposes of processing: Provision and secure operation of the online offering, handling contact requests and communication, presenting the company and its services.
Legal Bases
We process personal data on the following legal bases under the GDPR. Please note that in addition to GDPR provisions, national Austrian data protection law (in particular the DSG) may also apply.
Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract or to take pre-contractual steps at the request of the data subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless overridden by the interests or rights of the data subject.
Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk for the data we process. This includes in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access, and maintaining procedures to uphold data subject rights, delete data, and respond to data breaches. We apply the principles of Privacy by Design and Privacy by Default.
Transmission of Personal Data
We only transmit personal data to external parties where this is necessary for the performance of a contract, required by law, or justified by our legitimate interests. This includes external CDN providers for JavaScript libraries (see Third-Party Scripts section). We do not share data for marketing purposes or with data brokers.
Website Provision and Web Hosting
This website is operated on a Virtual Private Server (VPS) over which we have full control. Each time the website is accessed, our server automatically processes so-called server log files. These may contain: IP address of the requesting device, date and time of access, name and URL of the accessed file, referrer URL (previously visited page), browser type and version, operating system, data volume transferred, and access status.
This data is processed solely to ensure stable and secure operation of the website (e.g. detecting and defending against DDoS attacks) and is not combined with other data sources.
Data types: usage data, meta/communication data (in particular IP addresses) | Data subjects: website visitors | Legal basis: Art. 6(1)(f) GDPR | Retention: typically no longer than 30 days.
Contact
When you contact us by email, the data you provide (at a minimum: name and email address, and any message content) is stored for the purpose of handling your enquiry and any follow-up correspondence.
We do not share this data with third parties without your consent. Providing your personal data is voluntary; however, it is not possible to contact us without providing personal data.
Data types: identity data (name), contact data (email address), content data (message text) | Data subjects: communication partners | Purpose: handling enquiries and communication | Legal basis: Art. 6(1)(b) and (f) GDPR | Retention: upon completion of the enquiry; up to 7 years where business-relevant (Austrian Commercial Code).
Local Browser Storage (localStorage)
This website uses local browser storage (localStorage) exclusively to save your display preference (light/dark mode). This storage is technically necessary only and does not contain personal data. The stored data remains solely on your device and is not transmitted to us or any third party.
This processing is classified as strictly technically necessary under § 96(3) TKG 2021 and therefore does not require consent.
Embedded JavaScript Libraries (Third-Party Providers)
This website loads the following JavaScript libraries from external Content Delivery Networks (CDNs):
Alpine.js (v3) and Alpine Collapse Plugin – Provider: jsDelivr, operated by Prospect One d.o.o., Croatia. jsDelivr is GDPR-compliant (Standard Contractual Clauses in place). Privacy policy: jsdelivr.com/terms/privacy-policy-jsdelivr-net
HTMX (v1.9.10) – Provider: unpkg.com, operated by Cloudflare, Inc., USA. Cloudflare acts as a data processor under the GDPR. Privacy policy: cloudflare.com/privacypolicy
Each time these libraries are loaded, your IP address is transmitted to the respective CDN provider. We have no influence over further processing by these providers.
Data types: meta/communication data (in particular IP address) | Legal basis: Art. 6(1)(f) GDPR (legitimate interest in current, secure JavaScript).
Deletion of Data
We delete personal data as soon as the purpose for which it was collected no longer applies and no statutory retention obligations prevent deletion. Server log files are retained for a short period and are typically not kept for longer than 30 days. Email enquiries are deleted upon completion of the process, unless a statutory retention obligation applies (generally 7 years under the Austrian Commercial Code).
Changes and Updates to this Privacy Policy
We reserve the right to update this privacy policy to reflect changes in legal requirements or our services. The current version is always available at /privacy. We recommend checking this page periodically.
Rights of Data Subjects
Under the GDPR (in particular Arts. 15–21), you have the following rights:
Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether and what personal data we process.
Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate or completion of incomplete data.
Right to erasure (Art. 17 GDPR): You have the right to request erasure of your data subject to statutory conditions.
Right to restriction (Art. 18 GDPR): You have the right to request restriction of processing under certain circumstances.
Right to data portability (Art. 20 GDPR): You have the right to receive your data in a commonly used, machine-readable format.
Right to object (Art. 21 GDPR): You have the right to object at any time to processing based on Art. 6(1)(f) GDPR.
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.
To exercise your rights, please contact: jubril.ajao@iwajusolutions.com
Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. The competent supervisory authority in Austria is the Data Protection Authority (Datenschutzbehörde / DSB), Barichgasse 40–42, 1030 Vienna. Email: dsb@dsb.gv.at | Website: www.dsb.gv.at