Data protection

This page has been automatically translated. Errors may occur.

Privacy Policy

As of: March 6, 2026

Overview of contents

Responsible person
Overview of processing
Relevant legal bases
Security measures
Rights of data subjects
Provision of the online offering and web hosting
Web Analytics
Contact and inquiry management
Embedded YouTube Videos
OERadio Wavelog

Responsible person

Michael Linder
Nötsch 219
9611 Nötsch im Gailtal
Email address: [email protected]
Imprint: Imprint

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

Contact details.
Content data.
Usage data.
Meta, communication and procedural data.

Categories of data subjects

Communication partner.
Users.

Purposes of processing

Contact inquiries and communication.
Safety measures.
Manage and respond to inquiries.
Feedback.
Provision of our online offering and user-friendliness.
Information technology infrastructure.

Applicable legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you about these in the data protection declaration.

Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures that are carried out at the data subject’s request.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – the processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data protection information – Wavelog on oeradio.at
This data protection information applies in addition to the general data protection declaration of oeradio.at and refers exclusively to the online logbook Wavelog, accessible at:
🔗 https://wavelog.oeradio.at
Purpose of processing
Wavelog is a web-based logbook for radio amateurs.
The service is used exclusively to record, manage and evaluate amateur radio QSOs.
What data is stored?
As part of the use, the following data is processed:
User data
Call sign
Username
(optional) Email address
Logbook data
Call sign of the other station
Date and time (UTC)
Band, frequency, operating mode
Report, comments
further QSO information common for radio operations
No sensitive personal data will be processed.
Access and visibility
Users only have access to the designated log areas
No public display of personal data without consent
A public test account is used exclusively for demonstration purposes
Transfer of data
Log data is not automatically passed on to third parties.
Optional uploads to external services (e.g. ClubLog, QRZ.com, HRDLog) are only actively carried out by the respective user and are their responsibility.
Server operation & security
Operation on your own infrastructure
Access exclusively via HTTPS encrypted connection
No direct access to the server from the Internet
Regular maintenance and data backup
Storage period
User data and log data are stored for as long as a user account exists
Test data can be deleted at any time
If desired, a user account including data can be removed
Contact
If you have any questions about data protection in connection with Wavelog:
📧 [email protected]
👉 Note:
Wavelog is a technical tool for radio amateurs and not a social network. data subject who demand the protection of personal data does not outweigh.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons when Processing Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special regulations on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and their separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by displaying HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Rights of data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
Right to revoke consent: You have the right to revoke your consent at any time.
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with the legal requirements.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another person responsible.
Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data violates the provisions of the GDPR.

Provision of the online offering and web hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the websites and files accessed, date and time of access, amounts of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Contact and inquiry management

When you contact us (e.g. by post, contact form, e-mail, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that this is necessary to answer the contact requests and any requested measures.

Types of data processed: Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
Affected persons: Communication partner.
Purposes of processing: Contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the request communicated; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Cloudflare CDN and Security

Important: This website uses Cloudflare as a content delivery network (CDN) and security service.

Cloudflare, Inc. is a US company that provides CDN, DDoS protection and security services. When you access our website, your connection runs over Cloudflare’s network.

Data processed by Cloudflare:

IP addresses (for routing and security)
HTTP request data (headers, URLs)
Security-related information (to detect and prevent attacks)

Cloudflare’s role:

Purpose	Description
CDN	Stores and delivers static content from servers closer to you
DDoS protection	Protects our service Distributed denial of service attacks
SSL/TLS	Encrypts data in transit between you and our servers
Security	Blocks malicious traffic and bot attacks

Cloudflare processes data in accordance with their privacy policy: https://www.cloudflare.com/privacypolicy/

Cloudflare is licensed under the EU-U.S. Data Privacy Framework certified.

Legal basis for processing

We process your data on the basis of:

Fulfillment of the contract (Art. 6 Para. 1 lit. b GDPR) – To provide our QSL card service
Legitimate interests (Art. 6 Para. 1 lit. f GDPR) – For security, fraud prevention and service improvement
Consent (Art. 6 Para. 1 lit. a GDPR) – Where you have expressly agreed

Cookies and Tracking

This website does not set any cookies in visitors’ browsers. No tracking cookies, advertising cookies, or third-party cookies are used.

In detail:

No analytics cookies — We do not use Google Analytics or comparable third-party services
No advertising cookies — No advertisements are displayed
No language detection cookies — Language detection is based solely on the URL structure (e.g. /en/, /it/, /sl/)
YouTube embeds — When loading embedded YouTube videos, YouTube may set its own cookies. This is outside our control and is managed by Google/YouTube. See the “Embedded YouTube Videos” section for details
Theme preference — The selected display mode (light/dark) is stored exclusively in the browser’s localStorage and is not transmitted to the server

Only for logged-in administrators does WordPress set technically necessary session cookies. These are required for the editorial system and do not affect regular visitors.

Web Analytics

For statistical analysis of website usage, we use the WordPress plugin WP Statistics. This tool runs exclusively on our own server — no data is transmitted to third parties.

Features of WP Statistics

No cookies — WP Statistics does not set cookies, does not use browser cache or localStorage
IP anonymization — IP addresses are anonymized before processing (last octet is removed) and then irreversibly hashed with a daily rotating key
Local processing — All data is processed and stored exclusively on our own server (Synology NAS, located in Austria). No data is transmitted to external services
No data processing agreement required — Since no third party is involved, no DPA is necessary

Data collected

Pages visited and time of access
Referring website (referrer)
Browser and operating system used
Approximate location (country/region, derived from the anonymized IP address)

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies in improving and tailoring our online services to user needs.

Data storage

Data type	Storage period
Account data	Until you request deletion
Session data	7 days (automatic expiry)
Uploaded images	Until you delete them or your account is removed
Audit logs	90 days to Security purposes

Your rights under GDPR

You have the following rights regarding your personal data:

Right to information (Art. 15) – Request a copy of your data
Right to rectification (Art. 16) – Correct incorrect data
Right to deletion (Art. 17) – Request deletion of your data (“right to be forgotten”)
Right to restriction (Art. 18) – Restrict processing of your data
Right to data portability (Art. 20) – receive your data in a transferable format
Right to object (Art. 21) – Objection to processing based on legitimate interests

To exercise these rights, please contact us at [email protected].

Data security

We implement appropriate technical and organizational measures to protect your data:

Passwords are hashed using bcrypt and 12 rounds of salt
All data is transmitted via HTTPS/TLS encryption
Session tokens are cryptographically random
Rate limiting prevents brute force attacks
Map images are only accessible to authenticated users

International data transfer

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) through our use of Cloudflare. Cloudflare participates in the EU-U.S. Data Privacy Framework, which provides adequate protection for personal data transferred from the EU to the USA.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Austria the responsible authority is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna, Austria
[email protected]
https://www.dsb.gv.at

Changes to this Statement

We may update this privacy policy from time to time. The current version is always available on this page with the “Last updated” date. Significant changes will be communicated to registered users.

Embedded YouTube Videos

We embed YouTube videos on our website. The videos are stored on the platform YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

When you visit a page with an embedded YouTube video, a connection to YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube or Google account, YouTube can associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

Data processed by YouTube

User IP address
Browser type and version, operating system
Page URL visited (referrer)
Device information
YouTube/Google cookies (if an account exists or cookies were previously set)

Purpose and legal basis

The embedding of YouTube videos serves the appealing presentation of our content and the communication of information about amateur radio. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Data transfer to third countries

Through the integration of YouTube videos, data may be transferred to Google LLC in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

For more information about data protection at YouTube/Google, please refer to Google’s privacy policy: https://policies.google.com/privacy

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF).

Data protection information – Wavelog on oeradio.at

This data protection information applies in addition to the general data protection declaration of oeradio.at and refers exclusively to the online logbook Wavelog, accessible at:

🔗 https://wavelog.oeradio.at

Purpose of processing

Wavelog is a web-based logbook for radio amateurs.
The service is used exclusively for recording, managing and evaluating amateur radio QSOs.

What data is stored?

As part of the use, the following data is processed:

1. User data

Call sign
Username
(optional) Email address

2. Logbook data

Call sign of the other station
Date and time (UTC)
Band, frequency, operating mode
Report, comments
further QSO information common for radio operations

No sensitive personal data will be processed.

Access and visibility

Users only have access to the designated log areas
No public display of personal data without consent
A public test account is used exclusively for demonstration purposes

Passing on data

There is no automatic forwarding of log data to third parties.

Optional uploads to external services (e.g. ClubLog, QRZ.com, HRDLog) are carried out only actively by the respective user and are their responsibility.

Server Operations & Security

Operation on your own infrastructure
Access exclusively via HTTPS encrypted connection
No direct access to the server from the Internet
Regular maintenance and data backup

Storage duration

User data and log data are stored for as long as a user account exists
Test data can be deleted at any time
If desired, a user account including data can be removed

Contact

If you have any questions about data protection in connection with Wavelog:

📧 [email protected]

👉 Note:
Wavelog is a technical tool for radio amateurs and not a social network.

Article Rating

We offer a rating feature (1–5 stars) with optional feedback on blog posts. When submitting a rating, the following data is processed:

Star rating (1–5) – required
Optional checkboxes (“Content is accurate”, “Article was helpful”, for translations: “Translation is good”)
Optional free-text comment (max. 1,000 characters)
Anonymised IP hash – Your IP address is stored as a one-way hash (not in plain text). This is used solely to prevent duplicate ratings within 24 hours. It is not possible to derive the actual IP address from the hash.
Language of the rated page (DE/EN/IT/SL)
Timestamp of the rating

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – quality assurance of our content and reader feedback.

Storage duration: Rating data is stored indefinitely to enable long-term quality analysis. The IP hash is only used for the 24-hour duplicate check.

No cookies: The rating feature does not set any cookies and does not use external services. All data is processed exclusively on our own server.