Privacy Policy
Last updated: February 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Martin Müller
Bismarckstraße 11
56626 Andernach
Germany
Email: [email protected]
2. General Information on Data Processing
2.1 Scope of Processing
We only process personal data of our users to the extent necessary to provide a functional website and to deliver our content and services. The processing of personal data generally only takes place with the user's consent. An exception applies where obtaining prior consent is not possible for practical reasons and the processing is permitted by law.
2.2 Legal Basis
Where we obtain consent for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. For the processing of personal data required for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for pre-contractual measures. Where processing is required for compliance with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. Where processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.
2.3 Deletion and Storage Duration
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period where required by European or national legislation. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless there is a necessity for further storage for the conclusion or performance of a contract.
3. Hosting and Content Delivery
3.1 Hetzner
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes data generated during website visits on our behalf. We have concluded a Data Processing Agreement (DPA) with Hetzner in accordance with Art. 28 GDPR. For further information, please refer to Hetzner's privacy policy at https://www.hetzner.com/legal/privacy-policy.
3.2 Cloudflare
We use the Content Delivery Network (CDN) and security services of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. All traffic between your browser and our server is routed through Cloudflare's network. Cloudflare analyses traffic between you and our website to detect and prevent attacks. In doing so, Cloudflare may set cookies (e.g. __cf_bm) that are required for bot detection and the provision of security services.
The use of Cloudflare is based on our legitimate interest in providing our website as securely and efficiently as possible pursuant to Art. 6(1)(f) GDPR in conjunction with § 25(2) No. 2 TDDDG (German Telecommunications Digital Services Data Protection Act — technically necessary access).
Cloudflare is certified under the EU-U.S. Data Privacy Framework. For further information, please refer to Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/.
4. Collection of General Information (Server Log Files)
Each time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data is collected:
- Browser type and version
- Operating system of the user
- IP address of the user
- Date and time of access
- Websites from which the user's system accessed our website (referrer)
- Websites accessed by the user's system through our website
Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring system security, the technically error-free presentation and optimisation of the website.
Storage duration: Data is stored in server log files for a maximum of 14 days. Storage beyond this period only occurs in the event of a security-relevant incident (e.g. DDoS attack) until the incident has been fully resolved.
5. Web Analytics
5.1 Umami (Self-Hosted)
We use Umami on our website, a privacy-friendly open-source web analytics tool. Umami is self-hosted on servers operated by Hetzner Online GmbH in Germany.
Umami collects and processes the following data in anonymised or pseudonymised form:
- Pages visited and time spent
- Referrer (referring website)
- Browser type and operating system
- Device type and screen resolution
- Country of access (based on IP address; the IP address itself is not stored)
Umami does not set any cookies and does not store any personal data. There is no cross-device tracking and no data is shared with third parties. The IP address is used solely to determine the country of access and is discarded immediately thereafter.
Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the statistical evaluation of user behaviour to optimise our website. As Umami does not set cookies and does not store personal data, consent pursuant to § 25 TDDDG is not required.
6. Contact
6.1 Contact Form
Our website provides a contact form for electronic communication. When you use the contact form, the following data is transmitted and stored:
- Name
- Email address
- Content of your message
- Date and time of the enquiry
The data is processed exclusively through our own backend and is not transmitted to third-party providers.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in enabling convenient contact). Where the contact is aimed at concluding a contract, Art. 6(1)(b) GDPR additionally serves as the legal basis.
Storage duration: Data is deleted no later than 12 months after the enquiry has been fully processed, provided no statutory retention obligations apply. In the event of a contractual relationship, statutory retention periods of 6 or 10 years apply pursuant to § 257 HGB (German Commercial Code) and § 147 AO (German Fiscal Code).
6.2 Contact by Email
You may also contact us by email. In this case, the personal data transmitted with the email is stored (email address, content, date and time, IP addresses of the servers involved). Email transmission is handled through our own mail server.
The legal basis, storage duration and deletion periods correspond to those stated in Section 6.1.
7. Cookies
7.1 General Information on Cookies
Cookies are small text files that are stored on your device when you visit a website. They serve to make the website more user-friendly and effective.
7.2 Cookies Used on This Website
Our website uses only technically necessary cookies:
- Language preference (Next.js): A cookie is set to store your preferred language selection. This cookie is technically necessary to display the website in your chosen language.
- Cloudflare cookies: Cloudflare may set technically necessary cookies (e.g.
__cf_bm) to analyse traffic and protect our website from attacks.
Legal basis: Art. 6(1)(f) GDPR in conjunction with § 25(2) No. 2 TDDDG. The aforementioned cookies are strictly necessary for the provision of the functions you have expressly requested or for the secure operation of the website.
7.3 Managing and Deleting Cookies
You can configure your browser to inform you about the setting of cookies and to allow cookies only on a case-by-case basis. You can refuse cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Instructions for managing cookies in common browsers:
8. Integrated Third-Party Services
8.1 ProvenExpert (Review Widget)
We embed a review widget from Expert Systems AG (ProvenExpert), Quedlinburger Str. 1, 10589 Berlin, Germany, on our website. When the widget loads, a connection is established with ProvenExpert's servers, during which your IP address and additional browser information are transmitted for technical reasons. ProvenExpert may set cookies on your device in this process.
Legal basis: Art. 6(1)(a) GDPR (consent). The ProvenExpert widget is only loaded after you have given your consent via our consent tool. You may withdraw your consent at any time with effect for the future by adjusting the cookie settings on our website.
For further information, please refer to ProvenExpert's privacy policy at https://www.provenexpert.com/en-us/privacy-policy/.
9. External Links
Our website contains links to external third-party websites (in particular LinkedIn and GitHub). When you click on these links, you are redirected to the respective external website. As these are simple hyperlinks, no data is transmitted to the operators of these websites before you click. After clicking, the privacy policies of the respective provider apply.
10. Newsletter
We offer you the opportunity to subscribe to a newsletter through which we inform you about current topics, offers and news.
10.1 Registration and Double Opt-In
We use a double opt-in procedure for newsletter registration. This means that after your registration, we send you a confirmation email containing a confirmation link that you must click. Only then is your registration completed. We log the time of registration, the sending of the confirmation email and the time of confirmation in order to be able to verify the registration.
10.2 Data Collected
For the newsletter we only require your email address. Any further information is voluntary and serves to personalise communication.
10.3 Legal Basis
The processing of your email address for the purpose of sending the newsletter is based on your consent pursuant to Art. 6(1)(a) GDPR.
10.4 Withdrawal
You may withdraw your consent to receive the newsletter at any time with effect for the future. You can unsubscribe via the unsubscribe link included in every newsletter email or by sending an email to [email protected]. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.
10.5 Storage Duration
Your email address is stored for as long as you are subscribed to the newsletter. After unsubscribing, your email address is deleted without undue delay, provided no statutory retention obligations apply.
11. Provision of Contractual Services
We process personal data that you provide to us in the context of placing an order or initiating a contract. This includes in particular your name, address, email address, telephone number and payment data.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures).
Recipients: For the fulfilment of the contract, we may share your data with involved service providers (e.g. payment service providers, shipping companies) where this is necessary.
Storage duration: Data is deleted after the expiry of statutory retention periods (generally 6 years pursuant to § 257 HGB or 10 years pursuant to § 147 AO).
12. Your Rights as a Data Subject
You have the following rights with respect to the personal data concerning you:
- Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process concerning you.
- Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or the completion of incomplete data.
- Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided no statutory retention obligations apply.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data.
- Right to data portability (Art. 20 GDPR): You have the right to receive the data concerning you in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6(1)(f) GDPR.
- Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent given at any time with effect for the future.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is determined by your place of residence. A list of supervisory authorities can be found at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
To exercise your rights, please contact: Martin Müller, Bismarckstraße 11, 56626 Andernach, Germany, Email: [email protected]
13. Right to Object in Individual Cases (Art. 21 GDPR)
Where the processing of your personal data is based on Art. 6(1)(f) GDPR (legitimate interest), you have the right to object at any time, on grounds relating to your particular situation, to the processing. This also applies to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
14. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The amended privacy policy will apply to your subsequent visits.