Legal

Privacy Policy

Privacy policy and handling boundaries for FHRA public surfaces.

Scope

This policy applies to FHRA public web surfaces and explains what personal data is processed, for which purposes, under which legal bases, and with which safeguards.

Last updated: 2026-07-06

Controller

Entity
Future Human Resonance Architecture (FHRA), FlexConnect GmbH (in Gruendung)

Address
Schubertplatz 18, 3950 Gmuend, Austria

Email: admin@fhra.io

Processing Activities

FHRA processes limited categories of personal data for specific institutional purposes:

Website delivery and technical security

Data categories: IP address, request timestamp, requested resource, user agent, HTTP referrer, technical error data

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Retention: Short operational retention, generally up to 30 days unless security investigation requires longer

Security monitoring and abuse prevention

Data categories: Network metadata, rate-limit signals, suspicious activity traces

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Retention: Retained only as long as necessary to investigate and mitigate incidents

Inbound contact handling

Data categories: Email address, message content, correspondence metadata

Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps) or Art. 6(1)(f) GDPR

Retention: Retained for the duration required to process the request and satisfy legal obligations

Server Log Files

When accessing this website, the hosting provider automatically collects and stores infrastructure data regarding server access, including IP address, request timestamp, and browser type.

Legal basis: processing is performed exclusively to maintain technical security and stable server operations under Art. 6(1)(f) GDPR (legitimate interest).

No personal profiling and no data sharing for unrelated purposes takes place through this processing.

Recipients and Processors

FHRA may engage strictly necessary service providers under data-processing agreements, limited to the scope required for operation and security.

  • Hosting and infrastructure operators
  • Network and delivery security providers
  • Professional advisors where legally required

International Transfers

Where processing involves access from outside the EEA, FHRA applies GDPR-compliant transfer safeguards.

Transfer mechanism: Adequacy decision and/or Standard Contractual Clauses where applicable.

Safeguards: Contractual, technical, and organizational protections proportionate to transfer risk.

Retention Periods

FHRA retains personal data only for as long as necessary for the stated purpose and legal obligations.

  • Operational logs: short-term operational windows unless incident handling requires extension
  • Contact records: retained for request handling and legally required recordkeeping
  • Security records: retained for incident analysis and accountability where necessary

Your Rights

Under the GDPR, you fundamentally have the following rights regarding personal data processed by FHRA:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent
  • Right to object

How to Exercise Your Rights

Rights requests can be submitted via the contact channel below. FHRA may request proportionate verification before disclosing or modifying personal data.

Contact channel: admin@fhra.io

Response timeline: FHRA aims to respond within one month, subject to GDPR extensions where applicable.

Verification is used solely to protect data subjects and prevent unauthorized disclosure.

Supervisory Authority Complaint Right

You may lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or alleged infringement.

Competent authority in Austria: Austrian Data Protection Authority (Datenschutzbehoerde)

Website: https://www.dsb.gv.at

Security Measures

FHRA applies appropriate technical and organizational safeguards proportionate to processing risk.

  • Access controls and least-privilege principles
  • Transport and platform security controls
  • Operational monitoring for abuse and incident detection
  • Controlled disclosure boundaries for sensitive materials

Cookies and Similar Technologies

FHRA public pages are designed to minimize non-essential tracking. Where technically required mechanisms are used, they are limited to security, stability, and core service operation.

Automated Decision-Making

FHRA public web surfaces do not perform automated decision-making that produces legal or similarly significant effects on visitors.

Liability Notice

FHRA provides public website content on an as-available basis. To the extent permitted by law, FHRA disclaims liability for damages arising from use of or inability to use public website surfaces, except in cases of intent or gross negligence where mandatory law applies.

Policy Updates

FHRA may update this policy to reflect legal, technical, or operational changes. The "Last updated" date indicates the current published version.