Privacy Policy

Date: November 13, 2023

Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
Transfer of Personal Data
Use of Cloudflare Services
International Data Transfers
Rights of the Data Subjects
Provision of the Online Offer and Web Hosting
Blogs and Publication Media
Contact and Inquiry Management

Controller

Tim Rauhut
Schönwalder Str. 20
13347 Berlin

Email Address: tim.rauhut[ät]protonmail.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data

Inventory Data.
Contact Data.
Content Data.
Usage Data.
Meta, Communication, and Procedure Data.

Categories of Data Subjects

Communication Partners.
Users.

Purposes of Processing

Provision of Contractual Services and Fulfillment of Contractual Obligations.
Contact Inquiries and Communication.
Security Measures.
Administration and Answering of Inquiries.
Feedback.
Provision of our Online Offer and User-Friendliness.
Information Technology Infrastructure.

Relevant Legal Bases

Relevant legal bases in accordance with the GDPR: Below is an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you about them in the privacy policy.

Performance of a contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - The processing is necessary for the performance of a contract of which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - The processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection in Germany apply. This includes in particular the Law for Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains special regulations on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may be applicable.

Note on the applicability of the GDPR and the Swiss DPA: These data protection notices serve both to provide information according to the Swiss Federal Act on Data Protection (Swiss DPA) as well as according to the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data" used in the Swiss DPA, the terms used in the GDPR "processing" of "personal data" as well as "legitimate interest" and "special categories of data" are used. However, the legal meaning of the terms is determined within the scope of the Swiss DPA according to the Swiss DPA.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data, and responses to data endangerment. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures, according to the principle of data protection, through technology design and through data protection-friendly default settings.

Transfer of Personal Data

As part of our processing of personal data, it may happen that the data is transferred to other places, companies, legally independent organizational units, or persons, or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with legal requirements. Provided that the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the data protection level is otherwise secured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 Para. 1 GDPR). Furthermore, we will inform you about the basis for third-country transfers in the individual providers from the third country, whereby the adequacy decisions serve as a primary basis. Information on third-country transfers and existing adequacy decisions can be obtained from the information offering of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in the context of the data protection notices which of the service providers we use are certified under the Data Privacy Framework.

Rights of the Data Subjects

Rights of the data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
Right to withdraw consent: You have the right to withdraw consents at any time.
Right of access: You have the right to request confirmation as to whether relevant data is being processed and to request information about this data, as well as further information and a copy of the data in accordance with the statutory provisions.
Right to rectification: You have the right under the statutory provisions to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the statutory provisions, to demand that data concerning you be deleted immediately, or alternatively, in accordance with the statutory provisions, to demand a restriction of the processing of the data.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of your personal data violates the provisions of the GDPR.

Provision of the Online Offer and Web Hosting

We process the data of users to enable them to use our online services. For this purpose, we process the IP address of the user, which is necessary to deliver the contents and functions of our online services to the user's browser or device.

Types of Data Processed: Usage data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Procedure Data (e.g., IP addresses, time stamps, identification numbers, consent status).
Persons Concerned: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online offer and user-friendliness; Information Technology Infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further Information on Processing Processes, Procedures, and Services:

Collection of Access Data and Log Files: Access to our online offer is logged in the form of so-called "server log files". Server log files can include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and also to ensure the load of the servers and their stability; Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data, whose further retention is necessary for evidence purposes, is exempted from deletion until the final clarification of the respective incident.

Use of Cloudflare Services

We use Cloudflare's services for various functions of our online offering. Specifically, we use Cloudflare Tunnel to securely connect our web servers to the internet. This service ensures that our website traffic is protected and secure. Additionally, we use Cloudflare Email Routing services for managing our email communications. Cloudflare's email services help in filtering spam and provide enhanced security for our email communications. Both these services are designed to improve the performance and security of our website and email systems, while also helping to protect the privacy and integrity of data in transit.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter referred to as "publication medium"). The data of the readers are processed only to the extent necessary for the presentation of the publication medium and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium in these data protection notices.

Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Procedure Data (e.g., IP addresses, time stamps, identification numbers, consent status).
Persons Concerned: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information of the inquiring persons is processed as far as this is necessary for answering the contact inquiries and any requested measures.

Types of Data Processed: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited web pages, interest in content, access times); Meta, Communication, and Procedure Data (e.g., IP addresses, time stamps, identification numbers, consent status).
Persons Concerned: Communication partners.
Purposes of Processing: Contact inquiries and communication; Management and answering of inquiries; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
Legal Bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).