Privacy Policy

1. General Information

The protection of your personal data is particularly important to me. On this website, personal data is processed exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

The following information explains the type, scope, and purpose of the processing of personal data when visiting this website.

Controller

The controller responsible for data processing under applicable data protection laws is the person named in the legal disclosure.

SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content - such as form submissions or logins. You can recognize an encrypted connection by the browser's address bar, which begins with "https://", and by the lock icon.

When SSL/TLS encryption is active, data you transmit to me cannot be read by third parties.

2. Hosting and Server Log Files

Hosting Provider

This website is hosted by an external service provider (hosting provider):
netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany

The hosting provider is used to provide this website in a secure, reliable, and efficient manner. netcup processes connection and access data on my behalf based on a data processing agreement pursuant to Art. 28 GDPR.

netcup uses additional sub-processors for service provision, including:

  • ANX Holding GmbH, Klagenfurt, Austria (support services such as regulatory inquiries and billing)
  • ANEXIA Internetdienstleistungs GmbH, Klagenfurt, Austria (infrastructure and data center operations)
  • ANEXIA Deutschland GmbH, Karlsruhe, Germany (infrastructure and data center operations)

These companies may have access to technical personal data (e.g., IP addresses, log data) as part of their duties. Processing is carried out exclusively under instructions and based on a data processing agreement with netcup GmbH.

Server Log Files

When you visit this website, the web server automatically records certain technical data in so-called server log files. These include in particular:

  • requested pages and files
  • IP address of the accessing device
  • date and time of the request
  • amount of data transferred
  • referrer URL (the previously visited page)
  • browser type and version
  • operating system

This data is logged for security reasons (e.g., to detect misuse or attacks), for technical optimization, and to ensure the website’s stable operation. No linkage to other data sources or personal analysis takes place.

Security and Attack Detection (CrowdSec)

To secure my server infrastructure, I use the security system CrowdSec. CrowdSec automatically analyzes suspicious access attempts based on server-side log data, such as repeated failed login attempts or unusual IP request patterns.

Community Feature and Data Sharing

I participate in the CrowdSec Community Feature, which enables the reporting of IP addresses identified as malicious during attack detection to the CrowdSec network. This promotes collective security through shared threat intelligence.

The data transmitted includes:

  • the full IP address
  • the timestamp of the incident
  • the classification of the behavior (e.g., port scan, brute-force attempt)

The IP address constitutes personal data under the GDPR.
It is neither anonymized nor pseudonymized, but transmitted in plain form as this is required for effective attack prevention.

The recipient of this data is:
CrowdSec SAS, 20 rue Maurice Arnoux, 92120 Montrouge, France

Processing is based on Art. 6(1)(f) GDPR - my legitimate interest in ensuring the integrity, availability, and security of my servers and web services. Participating in the CrowdSec network helps detect and block attacks early.

No profiling or linkage to other personal data takes place. The data is used exclusively for the purposes of attack detection and prevention.
Further details on CrowdSec's data processing are available at: https://www.crowdsec.net/privacy-policy

3. Access to the Administration Interface (CMS)

To manage the content of this website, I use a web-based administration system that is exclusively accessible by me as the website operator. Access is provided through a dedicated subdomain and is protected by additional access control. Public registration or use of this area by third parties is not possible.

Access to the administration interface is logged on the server side (e.g., IP address, timestamp, access type) to detect unauthorized access attempts and to ensure system security. This data is used solely for technical security purposes and is not linked with other data sources.

4. Content and API Access via CMS

To manage and publish website content, I use a so-called headless CMS. Texts, images, and other content are provided via an API and integrated into the frontend of the website.

The CMS exposes certain content through publicly accessible endpoints. These may include personal information - for example, when I mention individuals in the context of my work, publish photos, or provide personal background information.

No personal data of website visitors is collected or processed through the API. The API solely serves the delivery of content, not user interaction or data collection.

5. Contact

If you contact me by email, your message - including any personal data contained therein (e.g., name, email address, message text) - will be stored and processed for the purpose of handling your request. This data will not be shared without your consent.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in communication), or on Art. 6(1)(b) GDPR (performance of a contract), if your request is related to entering into a contract.

Note on Data Security in Email Communication

Please note that communication via email can have security vulnerabilities. Complete protection of data against access by third parties is not possible when using unencrypted email.

Contact Form

Currently, I do not offer a contact form. Should I introduce one in the future, any data entered there will also only be processed for the purpose of handling your request and will not be shared without your consent.

Use of the form will be voluntary. You may alternatively continue to contact me via email.

6. Newsletter

I plan to offer a free newsletter on this website. If you subscribe, personal data such as your email address and, if applicable, your name will be processed in order to send you regular updates about new posts or content on this site.

Subscription will likely use a double opt-in procedure. This means that after signing up, you will receive an email asking you to confirm your email address. This confirmation is required to complete the registration and ensure that no one else subscribes using your address.

Your consent to process this data is based on Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future, e.g., via the unsubscribe link in the newsletter or by sending an informal message to the contact address listed in the imprint.

I will use the provided data exclusively for sending the newsletter and will not share it with third parties unless legally required to do so.

7. Data Retention

I retain personal data only as long as necessary for the respective processing purposes or as legally required.

  • Server log data (e.g., IP addresses) is generally stored for a maximum of 7 to 14 days and then automatically deleted, unless required for investigating security incidents.
  • Emails and inquiries are stored for as long as necessary to process the request and, if applicable, beyond that, where legal retention obligations apply (e.g., tax or commercial law).
  • Additional personal data (e.g., from future forms or newsletter subscriptions) is retained only for as long as there is valid consent or another legal basis for processing.

Once the processing purpose no longer applies, or the applicable legal retention period expires, the relevant data will be deleted.

8. Data Subject Rights

Under the GDPR, you have the following rights regarding the processing of your personal data:

  • Access (Art. 15 GDPR): You have the right to obtain information about whether and which personal data I process about you.
  • Rectification (Art. 16 GDPR): You have the right to have incorrect or incomplete data corrected.
  • Erasure (Art. 17 GDPR): You may request deletion of personal data, provided that no legal retention obligations oppose this.
  • Restriction of Processing (Art. 18 GDPR): You have the right to restrict processing under certain circumstances.
  • Objection (Art. 21 GDPR): You may object to processing that is based on Art. 6(1)(f) GDPR.
  • Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format, where technically feasible.

If you wish to exercise any of these rights, you can contact me using the address provided in the legal disclosure.

In addition, you have the right to lodge a complaint with a supervisory authority. This is usually the data protection authority of your place of residence or the location of my registered office.

This website contains links to external profiles and platforms such as LinkedIn, ResearchGate, or GitHub. These are standard HTML links, which means no data is transferred to the respective platforms automatically. Data is only transferred once you click on such a link.

Please note that, once you access the linked pages, the respective platform’s privacy policies apply and that those providers may process personal data independently.