Privacy Policy
1. Controller
2. Overview of Data Processing
This website processes personal data only to the minimum extent necessary. We do not use cookies or tracking that creates user profiles. For anonymous usage statistics, we use a privacy-friendly, self-hosted web analytics solution (see Section 8).
3. Hosting and Server Log Files
This website is hosted on a server in the EU. When you access this website, the hosting provider automatically stores information transmitted by your browser in so-called server log files. These include:
- IP address of the requesting device
- Date and time of the request
- Name and URL of the requested file
- Amount of data transferred
- Notification of whether the request was successful
- Identification data of the browser and operating system used
- Website from which the request was made (referrer URL)
Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the smooth operation and security of our website. Server log files are automatically deleted after 14 days.
4. Content Delivery Network (Cloudflare)
We use the Content Delivery Network (CDN) provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare acts as a reverse proxy in front of our web server and is used for DDoS protection and performant delivery of our website. As a result, all access to our website is routed through Cloudflare servers.
Cloudflare processes the following data, among others: IP address, accessed website, browser type and version, operating system, referrer URL, and time of access.
The use of Cloudflare is based on our legitimate interest in the secure and performant provision of our website (Art. 6(1)(f) GDPR). Cloudflare Inc. is certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection. We have concluded a data processing agreement (Art. 28 GDPR) with Cloudflare.
For more information, please refer to the Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
5. Fonts (Self-Hosted)
This website uses the fonts "Figtree," "Instrument Serif," and "Fraunces." These fonts are hosted locally on our own server. No connection to external servers (e.g., Google Fonts) is made, and no personal data is transmitted to third parties.
6. Contact via Email
If you contact us by email, your information (email address, and if applicable, name and content of the message) will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent. The recipient is our email hosting provider Microsoft Ireland Operations Ltd. as a data processor (Microsoft 365, EU Data Boundary).
Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to your inquiry). Data will be deleted after your inquiry has been fully processed, unless statutory retention obligations apply — typically no later than 6 months after conclusion of the inquiry. If a contractual relationship is established, retention periods are governed by statutory requirements (6 or 8 years pursuant to § 257 HGB or § 147 AO).
7. No Cookies and No Profiling
This website does not use cookies. No tracking pixels, social media plugins, or other technologies that create user profiles or track users across websites are used. The web analytics solution in use (see Section 8) operates entirely without cookies and without cross-device tracking.
Local Storage (localStorage)
We use the browser feature "localStorage" to save your chosen color scheme (light/dark) on this website. This storage is technically necessary to provide the service you requested (§ 25(2)(2) TDDDG). The data remains exclusively in your browser and is not transmitted to us or third parties. No consent is required for this purpose.
8. Web Analytics (Umami)
To analyze the usage of our website, we use Umami, a privacy-friendly open-source web analytics software. Umami is self-hosted by us on a server in the EU — no data is transmitted to third parties.
Umami operates entirely without cookies and does not store any personal data. IP addresses are not stored and are not used to identify users. Only anonymous, aggregated usage data is collected, such as:
- Pages visited and time spent
- Country of origin (without storing the IP address)
- Referring website (referrer)
- Device, operating system, and browser used (aggregated)
It is not possible to identify individual persons. No cross-device profiles are created and no fingerprinting is used.
Umami respects the "Do Not Track" (DNT) setting in your browser. If you have DNT enabled, no analytics data will be collected.
Since Umami does not set cookies and does not store or access any information on your device, consent pursuant to § 25 TDDDG is not required. Processing is based on our legitimate interest in the statistical evaluation of website usage to optimize our offering (Art. 6(1)(f) GDPR). You may object to this processing at any time (see Section 10).
9. SSL/TLS Encryption
For security reasons, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the "https://" prefix in your browser's address bar.
10. Your Rights as a Data Subject
You have the following rights regarding your personal data processed by us:
- Right of access (Art. 15 GDPR) — You have the right to obtain information about the personal data we process about you.
- Right to rectification (Art. 16 GDPR) — You may request the correction of inaccurate data.
- Right to erasure (Art. 17 GDPR) — You may request the deletion of your data, provided there is no statutory retention obligation.
- Right to restriction of processing (Art. 18 GDPR) — You may request the restriction of processing of your data.
- Right to data portability (Art. 20 GDPR) — You have the right to receive your data in a commonly used format.
To exercise your rights, please contact our privacy contact address (see Section 1).
Right to Object (Art. 21 GDPR)
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR, provided there are grounds arising from your particular situation. To exercise your right to object, simply send an email to our privacy contact address (see Section 1).
11. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.
The supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 981 180093-0
Email: [email protected]
12. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The current version of the privacy policy will apply to your subsequent visits.
As of: April 2026