Privacy Policy

Controller

The controller responsible for data processing on this website is:

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing.

Types of Data Processed

• Usage data (e.g., page views, dwell time, click paths).
• Meta, communication, and procedural data (e.g., IP addresses, timestamps).
• Log data (e.g., access times, requested URLs).
• Contact data (e.g., email addresses).

Categories of Data Subjects

• Website visitors and users.
• Communication partners.

Purposes of Processing

• Provision of the online offering and user-friendliness.
• Security measures.
• Communication and response to inquiries.
• Feedback and improvement of the website.

Legal Bases

The following legal bases under the GDPR apply to the processing of personal data on this website:

• Consent (Art. 6(1)(a) GDPR) — The data subject has given consent to the processing of their personal data for one or more specific purposes. This applies to extended analytics (session replay).
• Legitimate interests (Art. 6(1)(f) GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This applies to server logs and basic analytics.

National data protection regulations in Germany: In addition to the GDPR, national data protection regulations apply in Germany. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions regarding the right to information, the right to erasure, the right to object, and the processing of special categories of personal data.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include in particular ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access relating to entry, transmission, ensuring availability, and separation. We have also established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to threats to data.

Securing online connections using TLS/SSL encryption (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Transport Layer Security (TLS) encrypts the information transmitted between the website and the user's browser, protecting the data from unauthorized access. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL.

Rights of Data Subjects

As a data subject, you have the following rights under the GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
• Right to withdraw consent: You have the right to withdraw your consent at any time.
• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and certain additional information.
• Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you.
• Right to erasure and restriction: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively to obtain restriction of processing in accordance with legal requirements.
• Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller.
• Right to lodge a complaint: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

To exercise these rights, please contact us at .

Provision of Online Services and Web Hosting

We process user data to enable them to use our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Server Log Files

Access to our online offering is logged in so-called "server log files." The server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and as a rule IP addresses and the requesting provider.

The server log files are used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization and stability of the servers.

• Processed data types: Usage data, meta/communication/procedural data, log data.
• Data subjects: Users (e.g., website visitors).
• Purposes: Provision of the online offering and user-friendliness; security measures.
• Retention and deletion: Log file information is stored for a maximum of 14 days and then deleted or anonymized.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Self-Hosted Infrastructure

For the provision of our online offering, we use server hardware operated by us, along with the associated storage space, computing capacity, and software. All data is processed on servers located in Germany.

• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Website Analytics

We use Umami, an open-source, privacy-friendly analytics tool, to understand how visitors use this website. Umami does not use cookies for basic tracking and does not collect personally identifiable information.

Basic Analytics (Essential)

Basic analytics collects anonymized, aggregated data about website visits. This includes: page views, referrers, device types (desktop/mobile), browsers, and countries. No cookies are used, no personal data is collected, and IP addresses are not stored.

• Processed data types: Usage data (anonymized).
• Data subjects: Website visitors.
• Purposes: Improving website performance and user experience.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Extended Analytics (With Consent)

With your explicit consent, we collect additional usage insights including click patterns, scroll behavior, and mouse movements to better understand how visitors interact with the site. This data helps identify usability issues and improve the website.

• Processed data types: Usage data (interactions, click patterns, scroll behavior).
• Data subjects: Website visitors who have given consent.
• Purposes: UX improvement and debugging.
• Retention: 30 days.
• Legal basis: Consent (Art. 6(1)(a) GDPR).

You can withdraw your consent at any time using the Privacy Settings link in the footer.

Contact

When contacting us (e.g., by email), the details of the inquiring person are processed insofar as this is necessary to answer the contact inquiry.

• Processed data types: Contact data (email address), content data (message content).
• Data subjects: Communication partners.
• Purposes: Communication; response to inquiries.
• Retention and deletion: Emails are retained for as long as necessary to process the inquiry, and then deleted unless legal retention obligations require further storage.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Note on email: Please note that emails on the internet are generally not sent in an encrypted form. While emails are usually encrypted during transport, they are typically not encrypted on the servers from which they are sent and received (unless end-to-end encryption is used). We therefore cannot assume responsibility for the transmission path of emails between the sender and reception on our server.

Changes and Updates

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or individual notification.

Definitions

This section provides an overview of the terminology used in this privacy policy. Where terms are legally defined, their legal definitions apply. The following explanations are primarily intended to aid understanding.

• Personal data: "Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically any handling of data.
• Usage data: Usage data refers to information that records how users interact with digital products, services, or platforms. This data may include page views, dwell time, click paths, device information, and browser types.
• Log data: Log data is information about events or activities that have been logged in a system or network. This data typically includes timestamps, IP addresses, user actions, error messages, and other details about the use or operation of a system.
• Meta, communication, and procedural data: These categories include information about how data is processed, transmitted, and managed. Meta-data describes the context, origin, and structure of other data. Communication data captures the exchange of information between users. Procedural data describes processes and workflows within systems.