Alter  Ego

Festival

presented by

Kronehit

Privacy Policy

Data Controller

AEF GmbH

Schmidinger-Straße 6, 4631 Krenglbach, Austria

Email: office@alter-ego-events.com

Managing Director: Florian Störinger

Supervisory Authority

Austrian Data Protection Authority (Datenschutzbehörde)

Barichgasse 40-42, 1030 Wien

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

Scope

This privacy policy applies to all data processing activities carried out through this website, our online shop, and any related digital services operated by AEF GmbH.

Legal Bases for Processing

We process personal data on the following legal grounds:

  • Consent (Art. 6(1)(a) GDPR) — where you have given explicit agreement
  • Contract performance (Art. 6(1)(b) GDPR) — to fulfill contractual obligations or pre-contractual requests
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws
  • Legitimate interest (Art. 6(1)(f) GDPR) — for business operations, security, and service improvement

Your Rights

Under GDPR Articles 13–22 and 77, you have the right to:

  • Access — request information about your stored personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ('right to be forgotten')
  • Restriction — limit processing without deleting data
  • Data portability — receive your data in a structured, machine-readable format
  • Objection — oppose processing based on legitimate interest, direct marketing, or profiling
  • Lodge a complaint — file a complaint with the Austrian Data Protection Authority

To exercise any of these rights, contact us at office@alter-ego-events.com.

Data Retention

Personal data is retained only as long as necessary for the purpose it was collected. Legal retention periods may require extended storage — for example, 10 years for invoices under Austrian tax law and 6 years for general business records.

Hosting

This website is hosted by Vercel Inc.

When you visit this website, Vercel may process technical data required to deliver the website, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Date and time of access
  • Requested resources

These server logs are necessary to ensure the security, stability, and proper operation of the website. The processing is based on Art. 6(1)(f) GDPR (legitimate interest) in providing a reliable online service.

Data may be processed on servers located outside the European Union, including the United States. Vercel participates in the EU-US Data Privacy Framework, ensuring an adequate level of data protection.

Website Analytics

This website uses Plausible Analytics, a privacy-focused analytics service. Plausible Analytics collects aggregated and anonymized usage information to help understand how visitors interact with the website. The collected information may include:

  • Visited pages
  • Referrer URL
  • Device type
  • Browser and operating system
  • Country-level location
  • Timestamp of page visits

According to the provider, the analytics service:

  • Does not use tracking cookies
  • Does not track users across websites
  • Does not collect personally identifiable information

The processing is based on Art. 6(1)(f) GDPR (legitimate interest) to analyze and improve the website.

Cookies

This website uses only essential cookies required for the proper functioning of the website (e.g., session management, consent preferences). These cookies do not require consent under Art. 6(1)(f) GDPR as they are strictly necessary. No marketing, tracking, or analytics cookies are used.

Consent Management

This website uses a consent management tool to record and manage your cookie and data processing preferences. Your consent choices are stored locally and may be retained for up to 2 years. The processing is based on Art. 6(1)(c) GDPR (legal obligation to document consent) and Art. 6(1)(f) GDPR (legitimate interest in GDPR compliance).

Payment Processing

When you make a purchase, payment is processed through Stripe. The following data may be shared with the payment provider:

  • Name and billing address
  • Bank or credit card details
  • Transaction amount and reference

We only receive confirmation of successful or failed transactions — your full payment details are stored exclusively by the payment provider. The processing is based on Art. 6(1)(b) GDPR (contract performance). Data is retained in accordance with Austrian accounting and tax law (up to 10 years for invoices).

Security

This website uses TLS encryption (HTTPS) to protect data in transit. We implement appropriate technical and organizational measures in accordance with Art. 25 GDPR to safeguard your personal data against unauthorized access, loss, or misuse.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The current version is always available on this page.