Oculus Icon

Privacy Policy

This Privacy Policy explains how Oculus Festum Studio processes personal data in accordance with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and applicable rules of the Telecommunications Act 2021 (TKG 2021). It applies to all processing via our website and related services (including the user account).

Last updated: 08/09/2025

1. Controller

Oculus Festum Entertainment David Scheidl e.U.

Altstadt 9 - Tür 3, 4020 Linz, Österreich

Email: oculus-festum@gmail.com

FN 657054 (Firmenbuchgericht: Landesgericht Linz)

Register Court: Linz

2. What Data We Process & Why

We process only the data necessary to provide our services or that you have consented to:

  • Account & profile data (e.g., email, display name, password hash, roles/permissions).
    Legal basis: Contract performance/steps prior to contract (Art. 6(1)(b) GDPR).
    Retention: For the duration of account use; then deletion or blocking as required by law.
  • Communications (support requests, emails, form inputs).
    Legal basis: Contract/request (Art. 6(1)(b)) or legitimate interests (Art. 6(1)(f)) in efficient communication.
    Retention: Up to 12 months after last interaction unless longer statutory retention applies.
  • Usage/log data (IP address*, browser, access timestamps) for security and troubleshooting.
    Legal basis: Legitimate interests (Art. 6(1)(f)) in stability/security.
    Retention: Server logs typically 7–30 days.
    * When using Google Analytics 4, IP addresses are not stored; see “Cookies & Analytics”.
  • Newsletter/marketing (if subscribed): email address and interactions.
    Legal basis: Consent (Art. 6(1)(a) GDPR) and, where applicable, § 174 TKG 2021.
    Retention: Until withdrawal/unsubscribe.
  • Preferences (language, theme) via cookies/local storage.
    Legal basis: Consent depending on category (see “Cookies”).
    Retention: Up to 1 year (browser storage) or as specified in the cookie table.

3. Cookies & Consent

We use cookies for essential functionality, preferences, and — with your consent — for analytics and marketing. Non-essential cookies are only set after your active opt-in. You can change your choices at any time.

  • Analytics/marketing cookies are set only after opt-in.
  • Withdrawal is possible at any time; rejecting is as easy as accepting.
  • See the table below for providers, purposes, and durations.

You can (changes take effect immediately).

Functional (Required)

Necessary for the website to function properly.

Name: session_id

Provider: Oculus Festum

Purpose: Maintains session state

Duration: Session

Name: auth

Provider: Oculus Festum

Purpose: Authenticates logged-in users securely

Duration: 7 days

Preferences

Remember user settings like language or region.

Name: locale

Provider: Oculus Festum

Purpose: Stores language preference

Duration: 1 year

Analytics

Used to collect anonymized usage data to improve website performance and user experience.

Name: _ga

Provider: Google

Purpose: Used by Google Analytics to collect and report information about website usage. The cookie assigns a unique identifier to each user, helping to distinguish users across sessions for site performance analysis. The IP address is anonymized to comply with privacy regulations.

Duration: 2 years

Name: _ga_JVKMCE28ZV

Provider: Google

Purpose: Used by Google Analytics to track user behavior on the site, similar to the '_ga' cookie but with a different tracking ID, often used for cross-domain tracking. This cookie helps measure user interactions on multiple related sites. The IP address is anonymized to comply with privacy regulations.

Duration: 2 years

Name: _gid

Provider: Google

Purpose: Used by Google Analytics to track user behavior on the website, typically for a single session. This helps in understanding user interactions with different pages. The IP address is anonymized to comply with privacy regulations.

Duration: 24 hours

Marketing

Used to deliver personalized ads.

No cookies currently set in this category.

5. Recipients & International Transfers

Where necessary, we use service providers (processors) for hosting, email, support, and web analytics. For transfers to countries outside the EEA, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses). For certain U.S. providers, the EU–U.S. Data Privacy Framework (DPF) may also apply.

6. Security & Retention

We protect data using organizational and technical measures (e.g., access controls, encryption in transit & at rest, role concepts). Data is stored only as long as necessary for the stated purposes or statutory obligations.

4. Your Rights

Under the GDPR, you have the right to:

  • Access, rectification, and deletion (“right to be forgotten”).
  • Restriction of processing and objection.
  • Data portability.
  • Withdraw consent with effect for the future.

You also have the right to lodge a complaint with the supervisory authority:
Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Email: dsb@dsb.gv.at