Privacy Policy

How CosBioSys handles your personal data under the EU General Data Protection Regulation (GDPR) and Austrian data-protection law. Written in plain language on purpose.

TL;DR We collect almost nothing. No cookies, no analytics, no Google, no pixels, no third-party trackers. If you subscribe to the newsletter we store your email address — only your email address — encrypted on an EU/CH server. You can request full deletion at any time by emailing connect@evobiosys.org.

1. Who is responsible

The data controller for CosBioSys (https://cosbiosys.org) is:

Jakob Possert
Vienna, Austria
Email: connect@evobiosys.org

2. What data we collect and why

a. Visiting the site

When you visit https://cosbiosys.org, your browser sends the usual technical data to the web server: IP address, user-agent, referrer, request timestamp, and path. These are used only to serve the page, diagnose errors, and protect against abuse.

Legal basis: legitimate interest under Art. 6(1)(f) GDPR — operating and defending a public website.
Storage: server access logs are retained for up to 14 days, then deleted.
No cookies, no analytics, no third-party scripts. The only outbound requests your browser makes from our pages are for Google Fonts (loaded via a CDN). We are reviewing self-hosting of fonts to eliminate even that.

b. Newsletter subscription (optional)

If you choose to subscribe to the newsletter, we collect your email address and nothing else.

Legal basis: your explicit consent under Art. 6(1)(a) GDPR, confirmed via double opt-in.
Storage: encrypted at rest with AES-256-GCM (for subscriber data at rest) on Infomaniak (Switzerland, EU-governed data-protection standards) and GitHub Pages (for static HTML/CSS only).
Newsletter service: self-hosted on subscriber.evobiosys.org — not Mailchimp, not Substack, not Brevo, not ConvertKit. Your email never leaves our infrastructure.
Retention: until you unsubscribe or request deletion.
Unsubscribe: every email includes a one-click unsubscribe link. You can also email us directly.

c. Contact by email

If you email connect@evobiosys.org, your message and address are stored on an Infomaniak email server (EU/CH). We keep correspondence for as long as it is useful for the conversation and delete on request.

3. Where the data lives

All personal data is hosted on Infomaniak (Switzerland, EU-governed data-protection standards) and GitHub Pages (for static HTML/CSS only). We do not use US-based cloud providers (no AWS, no GCP, no DigitalOcean, no Cloudflare) for any critical path carrying personal data. Backups are encrypted and stored inside Europe.

4. Your rights under GDPR (Art. 15–22)

Access — ask us what we hold on you.
Rectification — correct anything wrong.
Erasure — the “right to be forgotten”. We delete on request, no questions asked.
Restriction — have us stop processing your data further.
Portability — receive a copy of your data in a common format.
Objection — object to processing based on legitimate interest.
Withdraw consent — at any time, without giving a reason.

To exercise any of these rights, email connect@evobiosys.org with the subject line GDPR Request. We reply within 30 days.

5. Right to complain

You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde): dsb.gv.at.

6. Children

The newsletter is not directed at children under 16. If you are under 16, please do not subscribe without parental consent.

7. Changes to this policy

This policy was last updated on 2026-04-11. Material changes will be announced via the newsletter and on this page. Minor edits (grammar, clarity) are made in place.

See also the Legal Notice for information about the site operator.