Privacy Policy

Table of Contents

• Controller
• Overview of Processing Activities
• Applicable Legal Bases
• Security Measures
• Provision of the Online Offering and Web Hosting
• Vercel Speed Insights
• Vercel Web Analytics
• Contact
• No Use of Cookies
• Local Storage
• External Links
• Rights of Data Subjects
• Changes and Updates

Controller

See Legal Notice

Overview of Processing Activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

• Contact data (e.g. name, email address).
• Content data (e.g. text entered in forms).
• Usage data (e.g. page views and time spent, click paths, types of devices and operating systems used).
• Meta, communication and procedural data (e.g. IP addresses, timestamps).
• Log data (e.g. log files relating to access and retrieval).

Categories of Data Subjects

• Users (e.g. website visitors).
• Communication partners (e.g. persons making enquiries via the contact form).

Purposes of Processing

• Provision of our online offering and user experience.
• Responding to contact enquiries and communication.
• Security measures.
• IT infrastructure.

Applicable Legal Bases

Applicable legal bases under the GDPR: The following provides an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection laws may apply in your country or our country of residence or establishment. Where more specific legal bases apply in individual cases, we will inform you of these in this Privacy Policy.

• Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject that require the protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the data protection provisions of the GDPR, national data protection laws apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated individual decision-making including profiling. In addition, the data protection laws of the individual federal states may apply.

Security Measures

We implement appropriate technical and organisational measures in accordance with the applicable legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input, disclosure, securing of availability and separation of such data. Data transmission between your browser and our server is protected by TLS/SSL encryption (HTTPS).

Provision of the Online Offering and Web Hosting

We process users' data in order to be able to provide our online services. For this purpose, we process users' IP addresses, which are necessary to transmit the content and functions of our online services to the user's browser or device.

Hosting Provider

This website is hosted by Vercel Inc., San Francisco, CA, USA. As a data processor, Vercel processes usage data and log data (e.g. IP addresses, browser type, access times) for the operation and security of the website. Vercel is certified under the EU-US Data Privacy Framework (DPF) and thus provides an adequate level of data protection for the transfer of personal data to the United States. Further information can be found in Vercel's Privacy Policy.

Collection of Access Data and Log Files

Access to our online offering is logged in the form of server log files. Server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL and, as a rule, IP addresses and the requesting provider. Server log files are used for security purposes (e.g. to prevent DDoS attacks) and to ensure server stability. Log file information is stored for a maximum period of 30 days and thereafter erased or anonymised. Data whose further retention is required for evidentiary purposes is exempt from erasure until the final resolution of the incident concerned.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Vercel Speed Insights

This website uses Vercel Speed Insights, a service provided by Vercel Inc., San Francisco, CA, USA, for measuring website performance and Core Web Vitals. The following technical metrics data is collected:

• Performance metrics (Core Web Vitals: LCP, INP, CLS, FCP, TTFB).
• URL / page visited.
• Browser type and device type.
• Connection data (e.g. IP address, country).

Data is transmitted to Vercel's servers in the United States. Vercel is certified under the EU-US Data Privacy Framework (DPF). No cookies are set and no user profiles are created. The metrics data is used solely for the technical optimisation of this website. Further information can be found in Vercel's Privacy Policy.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR) — legitimate interest in the technical quality assurance and optimisation of this website.

Vercel Web Analytics

This website uses Vercel Web Analytics, a service provided by Vercel Inc., San Francisco, CA, USA, to analyse usage of this website. The following data is collected:

• Pages visited (URL paths).
• Referrer (referring website).
• Country and region of the visitor (derived from IP address, not stored).
• Device type and operating system.
• Browser type.

Data is collected without cookies and without the creation of user profiles. IP addresses are not stored permanently. Data is transmitted to Vercel's servers in the United States. Vercel is certified under the EU-US Data Privacy Framework (DPF). Further information can be found in Vercel's Privacy Policy.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR) — legitimate interest in analysing and improving the online offering.

Contact

When you contact us via the contact form, we process the data you provide (name, email address, message content) to handle your enquiry. Your data is transmitted via and processed and stored on the servers of Formspree (Formspree, Inc., USA) in the United States (Amazon Web Services).

The data transfer to the United States is based on standard contractual clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Further information can be found in Formspree's Privacy Policy.

We erase contact enquiries as soon as they are no longer required for processing, typically after 6 months, unless statutory retention obligations require otherwise.

Legal bases: Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

No Use of Cookies

This website does not use cookies. Neither first-party nor third-party cookies are set.

Local Storage

This website saves your display preference (light or dark mode) in your browser's localStorage. This is not a cookie and no personal data is transmitted. The preference remains solely on your device and can be cleared at any time via your browser settings.

External Links

This website contains links to external services (e.g. GitHub, LinkedIn, YouTube). When you follow these links, you leave this website. The respective operators of those services are responsible for their data protection practices, over which we have no influence.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, arising in particular from Arts. 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
• Right to withdraw consent: You have the right to withdraw consent given at any time.
• Right of access: You have the right to request confirmation as to whether data concerning you is being processed, and to obtain access to such data, as well as further information and a copy of the data in accordance with the applicable legal provisions.
• Right to rectification: You have the right, in accordance with the applicable legal provisions, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with the applicable legal provisions, to request the immediate erasure of data concerning you, or alternatively to request the restriction of processing of the data in accordance with the applicable legal provisions.
• Right to data portability: You have the right to receive data concerning you that you have provided to us, in a structured, commonly used and machine-readable format, or to request the transfer of such data to another controller, in accordance with the applicable legal provisions.
• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Changes and Updates

We ask you to regularly review the content of this Privacy Policy. We update the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We will notify you as soon as any changes require an action on your part (e.g. consent) or any other individual notification.

Where we provide addresses and contact details of companies and organisations in this Privacy Policy, please note that addresses may change over time and we ask you to verify the details before making contact.