Marcello Curto
Code & ArtBased in Bangkok
Page
674 Words

Privacy Policy

Last updated: February 25, 2026

1. Controller (Verantwortlicher)

Controller for data processing on this website:

Marcello Curto
Bossigasse 24/8
1130 Vienna
Austria

Email: contact-from-web@marcellocurto.com

Additional legal information is available in the Imprint.

2. Data Processing When Visiting This Website

When you access this website, technical connection data is processed automatically. This may include:

  • IP address
  • date and time of access
  • requested URL and path
  • referrer URL
  • browser and operating system information (user agent)
  • HTTP status codes and technical request metadata

Purpose: secure and reliable delivery of the website, system stability, abuse prevention, and troubleshooting.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
Legitimate interests: secure operation, defense against misuse, and technical administration of this website.

3. Email Communication

If you contact me by email, I process the data you provide (for example email address, name/signature, message content, and communication metadata).

Purpose: responding to your request and follow-up communication.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual communication) and Art. 6(1)(f) GDPR (efficient communication and record-keeping).

4. Service Providers and Recipients

I use external providers for infrastructure and communication. Where required, data processing agreements (Art. 28 GDPR) are in place.

ProviderFunctionTypical data categories
Vercel Inc.Website hosting and application deliveryIP address, request and log data
BunnyWay d.o.o. (bunny.net)DNS resolution and media/CDN deliveryIP address, DNS/request metadata
netcup GmbHDomain registration and domain operationdomain/account data, technical domain metadata
Migadu-Mail GmbHEmail infrastructure (send/receive email)email metadata and message content

Depending on context, providers may act as processors or as independent controllers under data protection law.

5. International Data Transfers

Some processing may involve transfers to countries outside the EEA (especially the USA). In such cases, transfers are based on lawful safeguards, in particular:

  • adequacy decisions (where available), and/or
  • EU Standard Contractual Clauses (SCCs).

Migadu is based in Switzerland, for which an EU adequacy decision exists.

6. Cookies and Similar Technologies

This website does not use analytics or marketing cookies and does not use third-party tracking pixels.

Technically necessary cookies or similar storage may still be used by infrastructure providers where required for secure and stable delivery.

7. Fonts

This website uses Google Fonts through Next.js (next/font) with local serving. Font files are served by this website; no direct request from your browser to Google Fonts is required to render the pages.

8. Storage Duration

Personal data is stored only for as long as necessary for the stated purposes or to comply with legal obligations.

  • technical log data: only for the period required for operations and security
  • communication data: until your request is completed, unless longer retention is required by law or for legal defense

9. Mandatory Provision of Data

You are not legally or contractually required to provide personal data to browse this website.

If you contact me by email, processing of your email data is required to handle your request.

10. Your Rights Under GDPR

You have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)
  • withdraw consent at any time for future processing (Art. 7(3) GDPR), where processing is based on consent

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Austria, this is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Austria
https://www.dsb.gv.at
Email: dsb@dsb.gv.at

12. Automated Decision-Making

No automated decision-making, including profiling under Art. 22 GDPR, takes place on this website.

13. External Links

This website contains links to external websites. Their operators are solely responsible for their own data processing.

14. Updates to This Policy

I may update this Privacy Policy if legal requirements, technical setup, or processing activities change.

674 Words