Privacy Policy

2.1 Scope of Personal Data Processing

I process the personal data of visitors to my website only insofar as it is necessary to provide its functionality, contents, and services. Personal data is processed regularly only with the consent of the user. Exempt from this are cases in which the prior obtaining of consent is not possible for actual reasons and the processing of the data is permitted by statutory regulations.

2.3 Legal Basis for the Processing of Personal Data

Insofar as I obtain the consent of the person concerned for processing operations involving personal data, Article 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which I am subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

2.4 Rights of Data Subjects

As a data subject, you have the following rights, which you can exercise at any time by contacting me as indicated above.

• Right of Access according to Art. 15 GDPR: I am obliged to confirm to you on request which of your data is processed, to provide you with information about the way in which your stored data is processed, and to provide you with a copy of the data processed.
• Right to Rectification according to Art. 16 GDPR: You may correct and complement your data.
• Right to be forgotten according to Art. 17 GDPR: Respectively of the local laws, I am obliged to delete your data upon request.
• Right to Restriction of Data Processing according to Art. 18 GDPR: Insofar as I cannot legally delete your data, you may request a restriction on the processing of your data.
• Right of Data Portability according to Art. 20 GDPR: If you have consented to data processing, you may request that I transfer your data in a machine-readable format to you or a third party designated by you. The circumstances and content of the data transfer to a third party are subject to the restrictions of technical realization.
• Right to object according to Art. 21 GDPR: You may object to the processing of your personal data by me, respecting the applicable laws. I receive your objection to the above contact information.

2.5 Duration of Storage and Data Deletion

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may occur beyond this if this has been provided for by the European or national legislator in Union regulations, laws, or other regulations to which the responsible party is subject. Data will also be blocked or deleted when storage periods prescribed by the aforementioned standards expire unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

3.1 Legal Basis and Legitimate Interest

According to Art. 6 para. 1 lit. f GDPR, the data processing is based on a legitimate interest in the security and functionality of my website.

The IP address is a prerequisite for exchanging data on the Internet. Although its provision is not required by law, contract, or otherwise, it must be collected and processed as personal data to ensure the technical functionality of my website. It also provides the basis for combating cyberattacks on my website. Therefore, an objection to the processing of IP addresses is excluded.

3.2 Encryption

To protect the communication between your terminal and the systems through which my website is provided, I use current encryption methods. For example, your connection to my systems is secured using SSL/TLS over HTTPS.

3.3 Server Logs

With each request to my website, the system employed by me automatically collects data and information from the computer system of the accessing user. This data is only collected and stored in so-called log files for the purpose of the information technological security of my systems. The data collected in this way are not evaluated statistically or in relation to individuals. The evaluation is regularly automated. The manual analysis of log files for system-side troubleshooting or defense against cyberattacks is an exception to this.

Scope of data collected: type of web browser and browser version, the operating system used, your IP address, visited page/subpage or requested files and resources, date and time of your website request, host name of the accessing computer (where available).

I expressly do not use your data to identify you or any other user personally. Storage of this data together with other personal data does not take place.

The recorded log files are deleted no later than 6 months after your request. As far as is technically possible, your IP address will be anonymized 7 days after your request. Misused IP addresses are stored beyond this for up to one year and are exempt from anonymization to allow for them to be blocked long-term.

3.4 Cookies

My website itself does not use cookies. You will not be tracked by me, nor will a session cookie be generated for your visit.

I hereby inform you that Cloudflare creates cookies that are essential for technologically necessary purposes. Since the use of Cloudflare's services is required to access my website, you can only object to the use of cookies by Cloudflare by employing appropriate settings in your browser software. However, these can lead to impairment in the function and accessibility of the website. You can find more detailed information in Cloudflare's Cookie policy at:
https://www.cloudflare.com/cookie-policy/
and within Cloudflare's developer documentation:
https://developers.cloudflare.com/fundamentals/get-started/reference/cloudflare-cookies/
I further direct you to the information on Cloudflare below.

3.5 Cloudflare

To serve my website faster and protect my systems from attacks, I use Cloudflare as a so-called reverse proxy provider. Cloudflare helps me to provide the best possible user experience.

Cloudflare, Inc. is a publicly traded US corporation headquartered at 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare offers a content delivery network (CDN) and various information technology security services, including the proxy in use.

A proxy is a system that is placed between the user and hosting systems. Cloudflare provides such systems worldwide to make copies of my website and store them on their own servers. If my website is requested, Cloudflare's server closest to the requesting user can respond. Cloudflare can thus deliver my website faster to users around the world while saving my system's processing power.

Additionally, Cloudflare offers DDoS protection and the so-called web application firewall, two security services that prevent direct access to my systems, block attackers and other threats, and limit malicious crawlers and bots that exploit the resources and bandwidth of my systems.

Cloudflare uses cookies and processes user data. More detailed information about Cloudflare's compliance with the GDPR, including which data is processed and your rights, can be found on the dedicated pages at Cloudflare:
https://www.cloudflare.com/trust-hub/gdpr/
as well as in Cloudflare's Privacy Policy:
https://www.cloudflare.com/privacypolicy/

The legal basis for the use of Cloudflare is Art. 6 para. 1 lit. f GDPR.