Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the topic of data protection can be found in the privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Notice Concerning the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This may include data that you enter in a contact form, for example.

Other data is collected automatically or after your consent when you visit the website through our IT systems. This includes mainly technical data (e.g. browser, operating system, or time of page access). These data are collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze user behavior. If the website allows the initiation or conclusion of contracts, the submitted data will also be processed for offers, orders, or similar requests.

What rights do you have regarding your data?

You have the right to obtain information, free of charge, about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, you have the right to request the restriction of processing your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions about this or any other topic related to data protection.

2. Hosting

We host our website with the following providers:

Netlify

Our website is hosted via the service provider Netlify. The provider is Netlify Inc., 2325 3rd Street, Suite 29, San Francisco, CA 94104, USA. Personal data may be processed in the United States.

Netlify is certified under the EU-U.S. Data Privacy Framework, which serves as a legal basis for ensuring appropriate protection of personal data when transferred from the EU to the USA. Further information is available at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

In addition, Netlify relies on so-called EU Standard Contractual Clauses under Art. 46(2) and (3) GDPR. These model contracts, published by the European Commission, ensure that personal data processed in non-EU countries (such as the US) is subject to the same data protection standards.

Through the combination of the Data Privacy Framework and Standard Contractual Clauses, Netlify commits to maintaining a level of data protection equivalent to EU standards, even when processing takes place in the United States.

These clauses are based on an implementing decision by the European Commission, available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Netlify provides a Data Processing Agreement under Art. 28 GDPR, which refers to the above-mentioned clauses and serves as the legal basis for our collaboration. You can access the agreement here: https://www.netlify.com/pdf/netlify-dpa.pdf

More information on Netlify’s data handling can be found in their privacy policy: https://www.netlify.com/privacy/

Cloudflare

What Is Cloudflare?

We employ Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on our website to enhance loading speed and security. Cloudflare operates a global Content Delivery Network (CDN) and provides various security services that sit between site visitors and our hosting provider. Below are the key details.

How the CDN Works

A CDN is a distributed network of caching servers. Cloudflare stores replicas of our site at locations around the world, then routes visitor requests to the nearest server. This reduces data transfer distances and accelerates content delivery, especially for users far from our origin server. In addition, security features such as DDoS protection and a Web Application Firewall boost resilience against attacks.

Why We Use Cloudflare

By using Cloudflare, we ensure fast, reliable access to our content. Beyond performance optimizations (e.g., image compression, HTTP/2 support), Cloudflare blocks malicious traffic, throttles abusive bots, and mitigates spam. According to the provider, this can reduce our bandwidth usage by up to 60% and halve average page load times. The “I’m Under Attack” mode adds an extra JavaScript challenge to filter out threats before granting access.

Data Collected and Processed

Cloudflare only processes data necessary to deliver its services, as specified by us. Typically, this includes:

  • IP address
  • Timestamps and log data
  • Browser and device details
  • Security tokens and performance metrics

These elements help detect and neutralize threats. All processing complies with applicable law, including the GDPR.

Storage Locations and Retention Periods

Data may be stored in both the USA and the European Economic Area. For Free, Pro, and Business plans, visitor data is generally retained for up to 24 hours. Enterprise customers using the Enterprise LogShare feature may see data stored for up to 7 days. Security incidents can warrant longer retention in specific cases.

Deletion and Opt‐Out

Most logs are automatically deleted within 24 hours. Permanent logs are anonymized to improve long‐term network security and performance. To block Cloudflare processing entirely, you may disable scripts in your browser or install a script blocker. Deletion requests must be directed to us, the site operator; Cloudflare itself does not honor direct removal requests.

Legal Bases for Processing

  • Consent (Art. 6 (1)(a) GDPR): When you have actively agreed to Cloudflare’s use.
  • Legitimate Interests (Art. 6 (1)(f) GDPR): To optimize and secure our online services.

Transfers to Third Countries

Cloudflare participates in the EU-US Data Privacy Framework and implements the EU Commission’s Standard Contractual Clauses (Art. 46 (2) and (3) GDPR) for data transfers to the USA. These measures ensure continued compliance with EU data protection standards even when data is processed or stored outside the EU.

Comments via Giscus (GitHub Discussions)

We embed Giscus, a comments component that connects this page to a public GitHub Discussions thread. When you load the comments, your browser requests content from giscus.app and GitHub. This involves transmitting technical data (e.g., IP address, user agent) to those providers. All comment content is stored by GitHub in the linked Discussion and is publicly visible.

Authentication & local storage. If you choose to sign in with GitHub to post a comment or reaction, Giscus uses GitHub’s OAuth flow. After successful sign-in, a server-encrypted token is stored in your browser’s local storage so the widget can send authenticated requests to the GitHub API. The token remains in your browser until you sign out or clear local storage.

Legal bases. Processing is based on your consent (GDPR Art. 6(1)(a)); the local-storage token is strictly necessary to provide the requested comment function and is permitted under TTDSG §25(2).

Data controller roles. We are the controller for the embedding on this site. GitHub is an independent controller for personal data it processes when you view or post in Discussions. Please see GitHub’s privacy statement for details (including rights and contact options).

Storage periods.

  • Comment content: stored by GitHub until you delete it or the Discussion is removed.
  • Local-storage token: remains in your browser until sign-out or manual deletion.

International transfers. GitHub may process data in the US and other countries; transfers are based on Standard Contractual Clauses (SCCs) and GitHub’s participation in the EU-U.S. Data Privacy Framework.

Further information: GitHub Privacy Statement and Giscus documentation.

Opt-in loading. The Giscus comments widget and GitHub sign‑in are only activated when you click “Sign in with GitHub.” No data is stored or loaded before that moment. You consent to token storage in your browser’s local storage by clicking, and that token is used solely to provide the requested comment functionality (GDPR Art. 6(1)(a); TTDSG § 25(2)).

GitHub (third-party recipient/controller)

Parts of this site (e.g., the Giscus comments widget) request content or APIs from GitHub. When your browser connects to GitHub, technical usage data (e.g., IP address, time, user agent) is processed by GitHub as an independent controller to deliver those services and for security. Legal basis: consent (Art. 6(1)(a)) when you actively load the widget; otherwise legitimate interests (Art. 6(1)(f)) in technically delivering third-party content you request.

International transfers. GitHub may process data in the US/other countries under SCCs and the EU-U.S. Data Privacy Framework (DPF). See GitHub’s Privacy Statement for details and your rights.

3. General Notes and Mandatory Information

Data Protection

The operator of these pages takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. This policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g. communication via email) can have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Notice Concerning the Responsible Party

The responsible party for data processing on this website is:

Heye Vöcking
B6 eellanikhcsuP
nilreB 53421

Phone: 7317688 5751 94+
Email: ved.eyeh@t3vct7b9-ofni

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons cease to apply.

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR if special categories of data are processed under Art. 9(1) GDPR. If you have expressly consented to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also based on § 25(1) TDDDG. Consent may be revoked at any time. If your data is necessary for contract performance or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. If required for compliance with a legal obligation, we process your data based on Art. 6(1)(c) GDPR. Additionally, data may be processed based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal basis for each case is explained in this privacy policy.

Recipients of Personal Data

As part of our business operations, we cooperate with various external entities. In some cases, the transfer of personal data to these third parties is required. We only share personal data if it is necessary for contract performance, if we are legally obliged to do so (e.g., to tax authorities), if we have a legitimate interest (Art. 6(1)(f) GDPR), or if another legal basis permits the transfer. When using processors, we only transfer personal data based on a valid processing agreement. In case of joint processing, a joint processing agreement is concluded.

Many data processing operations are only possible with your express consent. You may revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE RELEVANT LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with a Supervisory Authority

If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process based on your consent or in performance of a contract in a structured, commonly used, and machine-readable format. You also have the right to request the transfer of this data to another controller, where technically feasible.

Right to Access, Rectification, and Erasure

Within the limits of applicable law, you have the right at any time to request information about your stored personal data, its origin and recipients, and the purpose of the processing and, if applicable, a right to rectification or erasure of this data. For this purpose and for any other questions on personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time to exercise this right. The right to restrict processing applies in the following cases:

  • If you contest the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request restriction of processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request restriction of data processing instead of erasure.
  • If we no longer need your personal data but you require it for the establishment, exercise, or defense of legal claims, you may request restriction of processing instead of erasure.
  • If you have objected under Art. 21(1) GDPR, a balancing of your and our interests must be made. As long as it is not yet clear whose interests prevail, you have the right to request restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data – aside from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the change in the address line of your browser from “http://” to “https://” and by the lock icon in your browser line.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Server Log Files

The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data will not be merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website – for this purpose, the server log files must be collected.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it was requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Source: https://www.e-recht24.de