Privacy Policy
Last updated: November 29, 2024
We take the protection of your personal data very seriously. This privacy policy explains what information we collect, how we use it, and what rights you have regarding your data. This policy complies with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the California Consumer Privacy Act (CCPA).
1. Data Controller
The data controller responsible for data processing on this website can be reached via email.
E-Mail: [email protected]
If you have any questions about data protection, please contact us using the email provided above.
2. Data Collection on this Website
We are committed to data minimization and privacy by design. This website collects only the minimum amount of data necessary to provide our services and improve user experience. Below is a comprehensive overview of all data processing activities.
2.1 Hosting and Technical Infrastructure
This website is hosted on privately operated server infrastructure. When you visit our website, the following technical data is automatically processed:
- IP address (anonymized after processing)
- Date and time of access
- Browser type and version
- Operating system
- Referrer URL (the page you came from)
- Pages visited on our website
- Amount of data transferred
- HTTP status code
Provider: Privately operated server infrastructure
Purpose: This data is processed to ensure the technical operation, security, and stability of our website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website operation).
Retention: Server logs are automatically deleted after 30 days.
DPA: Not applicable — the website is operated on privately managed infrastructure under our direct control.
Server Locations: The servers are located in a secure, privately managed facility. Data is processed exclusively on this infrastructure.
2.2 SSL/TLS Encryption
This website uses SSL/TLS encryption (HTTPS) to protect the transmission of your data. All communication between your browser and our servers is encrypted. You can recognize an encrypted connection by the 'https://' in your browser's address bar and the lock icon.
3. Purposes of Data Processing
We process personal data only for the following specific, explicit, and legitimate purposes:
- Technical operation and security of the website (Art. 6(1)(f) GDPR)
- Website performance optimization and improvement (Art. 6(1)(f) GDPR)
- Detection and prevention of fraud and abuse (Art. 6(1)(f) GDPR)
- Compliance with legal obligations (Art. 6(1)(c) GDPR)
- Anonymous usage analytics to improve user experience (Art. 6(1)(f) GDPR)
4. Legal Basis for Data Processing
We process your data based on the following legal bases under GDPR:
- Art. 6(1)(a) GDPR - Consent: Where you have given explicit consent to the processing of your data for specific purposes
- Art. 6(1)(b) GDPR - Contract Performance: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
- Art. 6(1)(c) GDPR - Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject
- Art. 6(1)(f) GDPR - Legitimate Interests: For the technical administration, security, fraud prevention, and improvement of our website. Our legitimate interests do not override your fundamental rights and freedoms
5. Data Retention
We adhere to the principle of storage limitation and only store personal data for as long as necessary for the stated purposes or as required by law:
- Server logs: Automatically deleted after 30 days
- Analytics data (aggregated): Raw data retained for 90 days, aggregated statistics retained indefinitely (non-personal)
- Session data: Deleted immediately when you close your browser
- Contact inquiries (if submitted): Retained until the purpose is fulfilled, plus any statutory retention period (typically 6-10 years for business communications under German commercial law)
After the retention period expires, personal data is automatically and securely deleted or anonymized.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties. Your data is only shared in the following limited circumstances:
- You have given explicit consent (Art. 6(1)(a) GDPR)
- It is necessary for contract performance (Art. 6(1)(b) GDPR)
- We are legally obligated to do so (Art. 6(1)(c) GDPR)
- It is necessary for the establishment, exercise, or defense of legal claims (Art. 6(1)(f) GDPR)
Third-Party Processors
We do not use any third-party processors for hosting or analytics. All data processing is carried out on our privately operated infrastructure.
Should we engage third-party processors in the future, they will be contractually obligated to process data only according to our instructions and to implement appropriate security measures in accordance with Art. 28 GDPR.
7. Your Rights Under GDPR
You have comprehensive rights regarding your personal data under the General Data Protection Regulation (GDPR):
- Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data along with information about the processing
- Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and to have incomplete data completed
- Right to Erasure / 'Right to be Forgotten' (Art. 17 GDPR): You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected
- Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain circumstances
- Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller
- Right to Object (Art. 21 GDPR): You have the right to object at any time to processing of your personal data based on legitimate interests (Art. 6(1)(f) GDPR). If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests
- Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal
- Right Not to be Subject to Automated Decision-Making (Art. 22 GDPR): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you
To exercise any of these rights, please contact us using the contact details provided in Section 1. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
8. Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR or other data protection laws, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or the place of the alleged violation.
For Germany, the competent federal authority is:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn, Germany
You may also contact your local state data protection authority (Landesdatenschutzbeauftragter). A list of authorities can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
9. Data Security
We take the security of your data very seriously and implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access (Art. 32 GDPR).
Our security measures include:
- SSL/TLS encryption (HTTPS) for all data transmission
- Secure server infrastructure with regular security updates and patches
- Firewall protection and intrusion detection systems
- Access controls and authentication mechanisms
- Regular security audits and vulnerability assessments
- Secure coding practices and code reviews
- Security headers (Content Security Policy, HTTP Strict Transport Security, X-Frame-Options, etc.)
- Automatic security monitoring and logging
- Incident response procedures
- Employee training on data protection and security
Our security measures are continuously reviewed and improved in line with technological developments and best practices. Despite our security measures, please be aware that no method of transmission over the internet or electronic storage is 100% secure.
10. Cookies and Tracking
This website does not use traditional cookies or tracking technologies. No analytics services are in use. This means:
- No consent banner is required (as no cookies are used)
- Your browser does not store any tracking data
- You cannot be identified or tracked across websites
- No advertising or remarketing cookies are used
- No third-party advertising networks have access to your data
11. Analytics Services
We do not currently use any analytics services on this website. No visitor data is collected for statistical or performance analysis purposes.
Privacy Features:
Data Collected:
Legal Basis:
Data Retention:
Opt-Out:
12. Changes to this Privacy Policy
We reserve the right to update this privacy policy to reflect changes in our data processing practices, legal requirements, or business operations. Material changes will be clearly indicated on this page with an updated 'Last updated' date. We recommend checking this page regularly for updates. If we make significant changes that affect your rights, we will provide prominent notice on our website or, where appropriate, contact you directly.
13. International Data Transfers
As our website is operated on privately managed infrastructure within the European Union, your data is not transferred to countries outside the European Economic Area (EEA) for hosting purposes. All data processing occurs on servers located within the EU.
Transfer Safeguards:
- Data is processed exclusively on privately managed servers within the EU
- Technical and Organizational Measures: All data transfers are protected by encryption and access controls
- No third-country hosting providers are used for website operation
Should international transfers become necessary in the future, we will ensure that appropriate safeguards are in place in accordance with Chapter V GDPR.
14. Data Protection Officer
Under Art. 37 GDPR, we are currently not required to appoint a Data Protection Officer as we are a small organization that does not engage in large-scale processing of sensitive data or systematic monitoring. However, you can always contact us directly regarding any data protection matters using the contact information provided in Section 1. We take all data protection inquiries seriously and will respond promptly.
15. Children's Privacy
Our website and services are not directed to children under the age of 16 (or the minimum age required by applicable law in your jurisdiction). We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately using the contact details in Section 1, and we will take steps to delete such information from our systems. If we become aware that we have collected personal data from a child without appropriate parental consent, we will delete that information as quickly as possible.
16. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Your California Rights:
- Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share personal information
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
- Right to Correct: You have the right to request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the 'sale' or 'sharing' of your personal information. We do not sell or share personal information
- Right to Limit Use of Sensitive Personal Information: We do not collect or process sensitive personal information
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights
Categories of Personal Information Collected:
- Identifiers: IP addresses (anonymized)
- Internet Activity: Browsing history on our website, page views
- Geolocation Data: Country-level location (derived from anonymized IP)
We collect this information solely for the business purposes described in Section 3 (website operation, security, and improvement).
We do NOT sell personal information: We do not sell, rent, or share your personal information with third parties for monetary or other valuable consideration.
To exercise your California privacy rights, please contact us using the information in Section 1. We will verify your identity and respond to your request within 45 days.
For more information about California privacy rights, visit: https://oag.ca.gov/privacy/ccpa
17. Automated Decision-Making and Profiling
We want to be completely transparent: this website does NOT engage in any form of automated decision-making or profiling as defined by Art. 22 GDPR. Specifically:
- No automated decisions are made that produce legal effects concerning you or similarly significantly affect you
- No profiling of individual users is performed
- No algorithms are used to make decisions about you automatically
- Analytics are purely statistical and aggregated, not individualized
- No behavioral targeting or personalized advertising is conducted
If this changes in the future, we will update this privacy policy and, where required, obtain your explicit consent.