Skip to content
Artichoke
Artichoke
Get in touch

Legal

Privacy Policy

Table of Contents

Last updated: March 2026

1. Introduction

The protection of your personal data is of particular concern to us. We process your data exclusively on the basis of statutory regulations (GDPR, Austrian DSG, TKG 2021). In this privacy policy we inform you about the most important aspects of data processing in connection with our website.

Controller:
Artichoke Global Care GmbH
Göstling 51, 3345 Göstling an der Ybbs, Austria
Email: office@artichoke.eu
Phone: +43 664 1585049

Data Protection Controller:
Mag. Boris Fahrnberger
Göstling 51, 3345 Göstling an der Ybbs, Austria
Email: office@artichoke.eu

2. Your Rights

You have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) — You may request confirmation as to whether personal data concerning you is being processed and request access to this data.
  • Right to rectification (Art. 16 GDPR) — You have the right to request the correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — You have the right to request the deletion of your personal data.
  • Right to restriction of processing (Art. 18 GDPR) — You have the right to request the restriction of the processing of your personal data.
  • Right to data portability (Art. 20 GDPR) — You have the right to receive your personal data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR) — You have the right to object to the processing of your personal data at any time.
  • Right to withdraw consent (Art. 7 para. 3 GDPR) — You have the right to withdraw consent given at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR) — You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Austria is the Österreichische Datenschutzbehörde (Austrian Data Protection Authority), Barichgasse 40–42, 1030 Vienna, dsb@dsb.gv.at.

To exercise these rights, please contact us at office@artichoke.eu.

3. Website Hosting

3.1 Vercel

Our website is hosted on the Vercel platform (Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA).

When you visit our website, Vercel's servers automatically process technical data required for delivering the website to you. This includes:

  • IP address (anonymised)
  • Date and time of access
  • Requested URL / page
  • HTTP status code
  • Amount of data transferred
  • Referrer URL
  • Browser type and version
  • Operating system

This data processing is necessary for the operation of the website and is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing a secure, efficient and stable website.

Vercel operates a global Edge Network with servers worldwide, including in the EU and the USA. When data is transferred to the USA, Vercel relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) to ensure adequate data protection.

For more information, see the Vercel Privacy Policy.

3.2 Neon Postgres (Database)

We use Neon Postgres (Neon Inc., 535 Mission St, 14th floor, San Francisco, CA 94105, USA) as our database service, integrated via Vercel, to store website content managed through our Content Management System (Payload CMS). The database stores editorial content such as page texts, service descriptions and blog posts. No personal data of visitors is stored in this database unless you submit a contact form (see Section 5).

Neon is GDPR-compliant and offers EU data hosting regions. For data transfers to the USA, Neon relies on Standard Contractual Clauses (SCCs). A Data Processing Addendum (DPA) is in place as part of the Neon Terms of Service.

Data processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in operating and maintaining our website.

For more information, see the Neon Privacy Policy.

3.3 Vercel Blob Storage (Media)

We use Vercel Blob Storage for storing media assets (images, documents) used on our website. These are editorial assets and do not contain personal data from visitors.

Data processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in operating and maintaining our website.

4. Web Analytics

Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyse the use of our website, but only after your explicit consent.

No analytics data is collected without your consent. When you visit our website, you will see a consent banner at the bottom of the screen. Only if you actively click "Accept" will Google Analytics be loaded.

If you grant consent:

  • A cookie named analytics_consent with the value granted is stored for 1 year
  • The Google Analytics script (gtag.js) is loaded dynamically
  • Google Analytics collects data including: pages visited, session duration, approximate geographic location (based on anonymised IP), device and browser information, referral source
  • IP anonymization is enabled

If you decline or do not interact with the consent banner:

  • No Google Analytics scripts are loaded
  • No tracking cookies are set
  • A cookie named analytics_consent with the value denied is stored for 1 year to remember your choice

Revoking consent: You can revoke your consent at any time by clicking "Cookie Settings" in the footer. This will delete all Google Analytics cookies and stop tracking immediately.

The legal basis for data processing is your consent (Art. 6(1)(a) GDPR).

Google may transfer data to the USA. Google relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

For more information, see the Google Privacy Policy.

5. Contact Form

5.1 HubSpot CRM

When you submit our contact form, your data is transmitted to HubSpot (HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA) for customer relationship management.

The following data is collected:

  • Email address (required)
  • First name (optional)
  • Last name (optional)
  • Company (optional)
  • Message (required)
  • Page URL from which the form was submitted (automatic)
  • Language/locale setting (automatic)

We use HubSpot to process your enquiry and to manage our contact relationships. Your data is stored in HubSpot as a contact record (upsert: if a contact with the same email already exists, it is updated; otherwise, a new contact is created).

The legal basis is the performance of pre-contractual measures (Art. 6(1)(b) GDPR) and our legitimate interest (Art. 6(1)(f) GDPR) in efficient enquiry management.

HubSpot may transfer data to the USA. HubSpot relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

For more information, see the HubSpot Privacy Policy.

5.2 Resend (Fallback Email Service)

In the event that HubSpot is temporarily unavailable, we use Resend (Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA) as a fallback service to ensure your enquiry is still delivered to us via email.

In this fallback scenario, the data you submitted in the contact form is sent to us via email through Resend. This data is also stored in our internal Content Management System (Payload CMS) for backup purposes.

The legal basis is the performance of pre-contractual measures (Art. 6(1)(b) GDPR) and our legitimate interest (Art. 6(1)(f) GDPR) in not losing any contact enquiries.

For more information, see the Resend Privacy Policy.

5.3 Spam Protection (Honeypot)

Our contact form uses a honeypot technique for spam protection. This is a hidden form field that is invisible to human users but may be filled in by automated bots. If this field contains data, the submission is silently rejected.

This method does not collect any additional personal data and does not involve any external services (unlike CAPTCHAs). The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in protecting our website from spam.

6. Embedded Content (YouTube Videos)

Our website embeds videos from the platform YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

We use YouTube's privacy-enhanced mode (domain: youtube-nocookie.com). In this mode, YouTube does not set cookies on your device and does not collect personal data merely by loading the page that contains the embedded video.

Data is only transmitted to YouTube when you actively click on the video to play it. By clicking, you consent to YouTube receiving information that you have accessed the corresponding page of our website. Additionally, the following data may be transmitted:

  • Your IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • The URL of the page containing the video
  • Previously set YouTube cookies (if you are logged in to a Google account)

If you are logged in to your Google account, YouTube can associate this data with your profile. You can prevent this by logging out of your Google account before playing videos.

The legal basis for data processing is your consent (Art. 6(1)(a) GDPR), which you provide by actively clicking on the video to play it.

Google may transfer data to the USA. Google relies on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).

For more information, see the Google Privacy Policy and YouTube Terms of Service.

7. Fonts

We use the Google Fonts Lexend Deca, Roboto and Roboto Slab on this website. These fonts are self-hosted using the next/font package and are served directly from our own infrastructure on Vercel.

No connection to Google's servers is established when loading fonts. No data is transmitted to Google, and no cookies are set by the font loading process. The fonts are treated the same as any other static asset on our website.

8. Cookies

Our website uses the following cookies:

Cookie NamePurposeDurationType
analytics_consentStores your cookie/analytics consent choice (granted or denied)1 yearEssential

Essential cookies are necessary for the core functionality of the website and cannot be switched off. The analytics_consent cookie is used to remember whether you have accepted or declined analytics tracking.

Analytics cookies (set by Google Analytics 4) are only placed after your explicit consent. These include cookies such as _ga and _ga_* with a duration of up to 2 years. You can view and manage these through the "Cookie Settings" link in the footer.

9. Data Retention

We store personal data only for as long as is necessary for the respective purpose:

  • Server log data (Vercel): Automatically deleted according to Vercel's retention policies (typically 30 days)
  • Contact form data (HubSpot): Stored for as long as necessary for the business relationship and enquiry management; deleted upon request
  • Fallback contact data (Payload CMS): Stored until transferred to HubSpot or no longer needed; deleted upon request
  • Analytics data (Google Analytics): Retained according to Google's standard retention settings (14 months by default)
  • Consent cookie: 1 year

10. Data Transfer to Third Countries

Some of our service providers are based in the USA. We ensure that appropriate safeguards are in place for any transfer of personal data to countries outside the EEA:

ProviderPurposeSafeguard
Vercel Inc.Hosting, CDN, StorageEU-U.S. Data Privacy Framework, SCCs
Neon Inc.Database (Postgres)SCCs
Google Ireland Ltd. / Google LLCWeb Analytics (GA4), YouTube VideosEU-U.S. Data Privacy Framework, SCCs
HubSpot Inc.Contact Form CRMEU-U.S. Data Privacy Framework, SCCs
Resend Inc.Fallback EmailSCCs

11. Data Security

We use appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These include HTTPS encryption for all data transmissions, access controls and regular security reviews.

12. Changes to this Privacy Policy

We reserve the right to update this privacy policy from time to time to reflect changes in our data processing practices or legal requirements. The current version is always available on our website with the date of the last update shown at the top.