Privacy Policy
Last updated: Jan 16, 2026
1. Controller and Scope of Application
The protection of personal data is an important concern. Personal data is therefore processed exclusively on the basis of the applicable legal provisions, in particular the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2021).
This Privacy Policy provides information about which personal data is processed when using the websites and online offerings, for what purposes this processing takes place, and which rights data subjects are entitled to.
The controller within the meaning of the GDPR is:
Thomas Mirnig, BA MA
Oberblumeggstraße 20b
8502 Lannach
Austria
Phone: +43 660 6514258
Email: hello[at]thomasmirnig.com
This Privacy Policy applies to all websites and online offerings operated by Thomas Mirnig, in particular – but not exclusively – to:
https://thomasmirnig.com
https://getinfinicons.com
all associated subdomains
as well as further project-related websites, landing pages or product pages
This Privacy Policy is provided centrally at thomasmirnig.com and applies regardless of which of the above-mentioned domains is used to access the content.
2. Amendments to this Privacy Policy
Legal requirements, regulatory obligations or technical developments (such as the use of new tools or services) may make it necessary to amend this Privacy Policy.
The current version of this Privacy Policy can be accessed, read, saved and printed at any time. The version published at the time of the respective website visit shall always apply.
3. Contact
If contact is made by email or via a contact link provided on the website, the personal data transmitted (e.g. name, email address and the content of the enquiry) will be processed in order to handle the enquiry and, if necessary, to respond to follow-up questions.
This data will not be disclosed to third parties unless this is necessary to process the enquiry or explicit consent has been given.
Processing is carried out on the basis of Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in appropriate communication).
The personal data will be deleted as soon as the purpose of processing ceases to apply and no statutory retention obligations exist.
4. Cookies
The websites currently use only technically necessary cookies, insofar as these are required by the hosting or website framework used (e.g. Framer) to ensure basic website functionality.
Cookies for marketing, tracking or analysis purposes are not currently used. For this reason, a cookie consent banner is not currently required.
5. Web Fonts
No external web font services (such as Google Fonts via APIs) are used to display fonts. All fonts are integrated locally so that no connection to external servers is established when accessing the websites and no personal data is transmitted to third parties.
6. Web Analytics (currently not active)
No web analytics are currently used on the websites.
Should anonymous statistical analysis of usage be carried out in the future, it is intended to use a particularly privacy-friendly analytics tool such as Fathom Analytics. This tool operates without cookies and without the creation of personal user profiles.
If activated, only anonymized, aggregated data would be processed in order to improve the web offering. Identification of individual persons would not be possible. In this case, processing would be carried out on the basis of legitimate interest pursuant to Art. 6(1)(f) GDPR. Corresponding information would then be added to this Privacy Policy.
7. Digital Products, Webshop and Payment Processing (Lemon Squeezy)
The sale of digital products (e.g. icon sets, licenses or downloads) is carried out via the external platform Lemon Squeezy, which acts as a so-called Merchant of Record.
The entire purchase process – including payment processing, invoicing, tax calculation and, where applicable, the generation of license keys – is carried out exclusively via Lemon Squeezy. No payment data such as credit card or bank information is stored or processed on the websites themselves.
In the course of a purchase, the following personal data may in particular be processed:
Name
Email address
Billing and payment information
Information on purchased products and licenses
generated license keys
This data is processed for the purpose of fulfilling the purchase contract pursuant to Art. 6(1)(b) GDPR.
Lemon Squeezy processes personal data as an independent controller. In this context, personal data may also be transferred to third countries, in particular the United States. Lemon Squeezy uses appropriate safeguards pursuant to Art. 46 GDPR (e.g. Standard Contractual Clauses). Further information can be found in Lemon Squeezy’s Privacy Policy.
8. Affiliate Program and Affiliate Links
An own affiliate program is operated under which third parties are entitled to promote products and receive a commission in the event of a successful referral. The technical handling of the affiliate program, in particular the allocation of referred purchases and the settlement of commissions, is carried out via Lemon Squeezy.
In this context, affiliate IDs or tracking parameters may be processed, among other things, in order to ensure the correct allocation of sales. This processing is necessary to properly operate the affiliate program.
Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in operating an affiliate program).
In addition, affiliate links to products or services of third parties may be used on the websites in the future. When clicking on such a link, the respective provider may recognize that the visit or purchase was made via that link. In such cases, the privacy policies of the respective providers apply.
9. Newsletter (Loops.so)
When registering for the newsletter, the email address and – if provided – the name are processed in order to regularly send information about projects, digital products and topics related to design and technology.
Registration takes place using the so-called double opt-in procedure. After registration, a confirmation email is sent. The newsletter is activated only after clicking the confirmation link contained therein.
The newsletter is sent via the service Loops.so (Astrodon Corporation, Beaverton, Oregon, USA), which acts as a data processor. In particular, the email address, name, time of registration and confirmation as well as newsletter preferences may be processed.
Processing is carried out on the basis of consent pursuant to Art. 6(1)(a) GDPR and § 174(3) TKG 2021. Consent can be withdrawn at any time with effect for the future, for example via the unsubscribe link in the newsletter or by email.
Personal data may be transferred to the United States. This transfer is carried out on the basis of appropriate safeguards pursuant to Art. 46 GDPR (e.g. Standard Contractual Clauses).
10. Rights of Data Subjects
Data subjects are entitled to the following rights in particular:
right of access to the processed data
right to rectification of inaccurate data
right to erasure of personal data
right to restriction of processing
right to data portability
right to object to processing
right to withdraw consent given
To exercise these rights, an informal notification by email to hello[at]thomasmirnig.com is sufficient.
In addition, there is the right to lodge a complaint with the competent supervisory authority:
Austrian Data Protection Authority
Barichgasse 40–42
1030 Vienna
https://www.dsb.gv.at
11. Data Security
Appropriate technical and organizational security measures are implemented to protect personal data. These measures serve to protect data against loss, manipulation, unauthorized access or unauthorized disclosure and are regularly adapted to the state of the art.
12. Language Version
This Privacy Policy was created in the German language. An English translation is provided for better understanding by international users.
In the event of discrepancies or differences in interpretation between the German version and a translation, the German version shall prevail.