Privacy Policy

Pursuant to GDPR (EU) 2016/679 · Austrian DSG 2018

Last updated: June 2026

1. Data Controller

• Name: Yauhen Buziuma
• Trading name: Omnigenius (Project: Hexcore)
• Address: Nachtvlinderplantsoen 16, 3544DZ Utrecht, Netherlands
• E-mail: yauhen.buziuma@hexcore.at
• Project contact: roman.papkou@hexcore.at

Supervisory authorities: Austrian Data Protection Authority (DSB), Barichgasse 40–42, 1030 Vienna · Autoriteit Persoonsgegevens (AP), Bezuidenhoutseweg 30, 2594 AV The Hague, NL.

2. Data Collection on Our Website

2.1 Server Log Files

When you visit our website, your browser automatically transmits:

• Browser type and version
• Operating system
• Referring URL
• Hostname of the accessing device
• Time of server request
• IP address (anonymised after 7 days)

Legal basis: Art. 6(1)(f) GDPR. Retention period: 30 days.

2.2 Hosting

We use an external hosting provider acting as a data processor. A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded. Where servers are located outside the EEA, EU Standard Contractual Clauses (Art. 46 GDPR) are in place.

2.3 Contact by E-mail

E-mail enquiries and related contact data are stored for processing purposes. Legal basis: Art. 6(1)(b) or (f) GDPR. Retention: 3 years after end of business relationship, unless statutory retention obligations apply (e.g. 7 years under § 132 BAO).

2.4 Contact Form

Data submitted via contact form is used to process your enquiry and is not shared without your consent. Legal basis: Art. 6(1)(b) or (f) GDPR.

3. Cookies and Tracking

3.1 General

Our website follows a Privacy-by-Design, cookie-less architecture. Technically necessary session cookies may still be used.

3.2 Cookie Categories

• Strictly necessary cookies (no consent required): essential for basic functionality. Legal basis: § 165(3) TKG 2021.
• Analytics cookies (consent required): currently not active; activated only after prior cookie banner consent.
• Marketing / tracking cookies: currently not in use.

3.3 Analytics Tools (planned)

Should we deploy privacy-compliant analytics (e.g. self-hosted Matomo or Plausible Analytics), this policy will be updated and your consent obtained beforehand.

4. Third-Party Services

Any third-party services embedded (e.g. maps, payment providers) will be disclosed in the cookie banner. External fonts are self-hosted to prevent data transfer to Google.

5. SSL/TLS Encryption

This website uses SSL/TLS encryption. You can identify an encrypted connection by the “https://” prefix and padlock icon in your browser.

6. Artificial Intelligence

AI systems may be used for content creation. AI-generated content is labelled pursuant to Art. 50 EU AI Act. Personal data is not fed into AI systems without your knowledge. Legal basis: Art. 6(1)(b) or (f) GDPR.

7. Your Rights (Arts. 15–21 GDPR)

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / ‘right to be forgotten’ (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent (Art. 7(3))

Requests: roman.papkou@hexcore.at. You also have the right to lodge a complaint with the competent supervisory authority (DSB Vienna or AP The Hague).

8. Retention Periods

Data is retained only as long as required for the processing purpose or by statutory retention obligations. Thereafter, data is deleted or anonymised.

9. Technical and Organisational Measures (TOMs, Art. 32 GDPR)

• TLS/SSL encryption of data transmission
• Access restrictions on personal data
• Regular security reviews
• Pseudonymisation and anonymisation where feasible

Last updated: June 2026 · This policy is updated when data processing changes.