Privacy Policy

Momentos Labs is a trade name of Tobias Winkler, a sole proprietorship registered in Italy under VAT number IT03353510211, with registered address at Via Flitt 3a (Flittnerstraße), 39040 Lüsen (BZ), Italy, who is the controller for the processing described here. For privacy questions or requests, contact info@momentoslabs.com.

• Contact details and enquiry content you submit, including your name, business, email address, telephone number and message.
• Technical data that our hosting and security systems necessarily receive, such as IP address, browser, device, requested page, date and time, and security logs.
• Your cookie and storage preferences. We do not currently deploy optional analytics or marketing technologies.

• To answer enquiries and take steps requested before entering a contract (GDPR Article 6(1)(b)).
• To operate, secure and troubleshoot the website and prevent abuse, based on our legitimate interests in providing a safe and reliable service (Article 6(1)(f)).
• To remember optional technology choices and, if such technologies are introduced, use them only with your consent (Article 6(1)(a)). You may withdraw consent at any time through Cookie settings.
• To meet legal obligations where applicable (Article 6(1)(c)).

We disclose data only where needed to operate the website and respond to you. This may include our hosting and infrastructure providers, Resend as our contact-email delivery provider, professional advisers, and authorities where legally required. These providers act under contractual confidentiality and data-protection obligations where applicable.

Some providers may process data outside the European Economic Area. Where required, we rely on an adequacy decision, the European Commission’s Standard Contractual Clauses, and appropriate supplementary safeguards. You may contact us for information about the relevant safeguards.

• Enquiries and related correspondence: generally up to 24 months after the last interaction, or longer where needed for a contract, legal claim or statutory duty.
• Security and server logs: generally up to 30 days unless an incident requires longer retention.
• Consent preferences: up to six months, then we ask again. Data is deleted or anonymised when no longer needed.

Subject to the GDPR, you may request access, correction, deletion, restriction, portability, or object to processing based on legitimate interests. You may withdraw consent without affecting earlier lawful processing. Email us to exercise a right; we may need to verify your identity. You may also complain to the data-protection authority where you live or work, or where you believe an infringement occurred.

You do not have to provide personal data, but we cannot answer an enquiry without sufficient contact information. We do not use the website data described here for solely automated decisions that produce legal or similarly significant effects.

This business website is not directed to children. We may update this notice when our services or legal obligations change; the date above identifies the current version.