Privacy Policy

Pursuant to the EU General Data Protection Regulation (GDPR)

1. Data Controller

The controller responsible for data processing on this website within the meaning of Art. 4(7) GDPR is:

Tom Waldek
The Human Origin
Paradisgasse 35/4
1190 Vienna, Austria
Email: tom@thehumanorigin.org

2. Overview of Data Processing

This website is designed to collect as little personal data as possible. There are no cookies, no analytics or tracking tools, no newsletter sign-ups, and no user accounts. The following sections describe the limited processing that does occur when you visit or interact with this site.

3. Hosting

This website is hosted on GitHub Pages, a service provided by GitHub Inc., 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA.

When you access this website, GitHub automatically collects and stores certain information in server log files that your browser transmits. This may include:

• Your IP address
• Date and time of the request
• The page requested
• Browser type and version
• Referring URL

This data is processed by GitHub to deliver the website to you. We have no access to these server logs.

Data transfer to the USA

GitHub is based in the United States. The transfer of data to the US is covered by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, which GitHub has adopted as part of its data processing agreements.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the reliable and secure provision of this website.

4. Google Fonts

This website uses fonts provided by Google Fonts (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). These fonts are loaded externally from Google's servers (fonts.googleapis.com and fonts.gstatic.com).

When you load a page on this site, your browser establishes a connection to Google's servers. In the process, your IP address is transmitted to Google. Google may process this data on servers in the United States.

We are aware that the Regional Court of Munich (LG München I, Az. 3 O 17493/20, 20 January 2022) found that the external loading of Google Fonts without user consent can constitute a violation of the GDPR, as it transmits the visitor's IP address to Google without a sufficient legal basis. We are evaluating a transition to self-hosted fonts.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the consistent and optimised presentation of our website. You can object to this processing (see Section 9).

Further information: Google Privacy Policy.

5. Cal.com Booking

We use Cal.com to allow you to book a conversation directly from this website. The service is operated by Cal.com Europe B.V. and runs on the European instance at cal.eu. Your data is processed and stored within the European Union.

When you use the booking function, the following data is collected:

• Your name
• Your email address
• Your selected date and time

This data is used solely to schedule and confirm your booking. It is not used for marketing or shared with third parties.

Legal basis: Art. 6(1)(b) GDPR — processing necessary for the performance of pre-contractual measures taken at your request.

6. Email Contact

If you contact us by email at tom@thehumanorigin.org, your email address and the content of your message will be stored for the purpose of handling your enquiry.

This data will not be shared with third parties. It will be deleted once your enquiry has been fully addressed, unless retention is required by law.

Legal basis: Art. 6(1)(b) GDPR — processing necessary for pre-contractual or contractual purposes at your request.

7. Pulse Check Diagnostic Tool

This website includes an interactive diagnostic tool called the Pulse Check. It runs entirely in your browser using client-side JavaScript. Your answers and results are processed locally on your device.

No data from the Pulse Check is transmitted to any server. Nothing is stored, logged, or tracked. When you close or refresh the page, all data is discarded.

8. SSL/TLS Encryption

This website uses SSL/TLS encryption (recognisable by https:// in the browser address bar) to protect the transmission of data between your browser and our server. This prevents third parties from reading data in transit.

9. Your Rights Under the GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — You can request confirmation of whether we process your personal data, and if so, obtain a copy.
• Right to rectification (Art. 16 GDPR) — You can request correction of inaccurate data or completion of incomplete data.
• Right to erasure (Art. 17 GDPR) — You can request deletion of your personal data where there is no legal obligation to retain it.
• Right to restriction of processing (Art. 18 GDPR) — You can request that processing of your data be restricted under certain conditions.
• Right to data portability (Art. 20 GDPR) — You can request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR) — You can object to processing based on legitimate interest (Art. 6(1)(f)) at any time, on grounds relating to your particular situation.

To exercise any of these rights, contact us at: tom@thehumanorigin.org

10. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

The competent authority for Austria is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Website: dsb.gv.at

11. Changes to This Policy

We may update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available on this page.

12. Last Updated

April 2026