Privacy Policy

General Notice and Mandatory Information

Information about the processing of your data in accordance with the General Data Protection Regulation (GDPR)

Summary

This is a static website that processes only the personal data necessary for the functionality, security, and provision of the website. For this purpose, I use the servers of Alfahosting GmbH in Germany and the services of Cloudflare, Inc. in the USA (see "Processors and Recipients"). I also use Cloudflare Turnstile to protect my forms against abusive automated requests. If you subscribe to my tracking-free newsletter, the data required for this will also be stored on the server at Alfahosting GmbH, from where the e-mails are sent.

Responsible Party for Data Processing

Johannes Roth
Autharistr. 17
81545 Munich

[email protected]
+4915224098239

I solely decide on the purposes and means of processing personal data.

SSL and TLS Encryption

For security reasons, my website uses SSL or TLS encryption. You can recognize an encrypted connection by the "https://" address line in your browser and the lock icon in the browser bar.

Data Subject Rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights towards me as the controller:

Right to Access, Rectification, Erasure, and Restriction

You have the right at any time, within the scope of applicable legal provisions, to obtain free information about your stored personal data (Art. 15 GDPR, including the origin of the data, its recipients, and the purpose of data processing) and, if necessary, the right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of this data, as well as to demand a restriction of processing (Art. 18 GDPR). For this purpose, and for any other questions regarding personal data, you can contact me at any time via the contact details provided above.

Right to Object

According to Art. 21 GDPR, you have the right to object to the processing of your data if it is based on Art. 6(1) sentence 1 lit. e or lit. f GDPR. I will then no longer process the personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

The collection of data for providing the website and the storage of log files are necessary for the operation of the website. In such cases, an objection can practically only be exercised by not using the website any further.

Right to Lodge a Complaint with a Supervisory Authority

You have the right, under Art. 77 GDPR, to lodge a complaint with a data protection supervisory authority about my processing of your personal data.

Right to Withdraw Consent

You have the right, under Art. 7(3) GDPR, to withdraw your consent to data processing at any time. The withdrawal of consent does not affect the legality of the processing carried out based on the consent before its withdrawal.

Right to Data Portability

Under Art. 20 GDPR, you have the right to receive your personal data, which you have provided to me, in a structured, commonly used, and machine-readable format or to request its transfer to another controller. The collection of data for providing the website and the storage of log files are necessary for the operation of the website. Therefore, they are not based on consent under Art. 6(1)(a) GDPR or a contract under Art. 6(1)(b) GDPR but are justified under Art. 6(1)(f) GDPR. The conditions of Art. 20(1) GDPR are therefore not met in this respect.

Processors and Recipients

This website is static. The following providers may be involved in the provision, protection, and optimization of the website. In doing so, only the minimum amount of data necessary for the technical operation of the website and the protection of my forms is processed.

The purposes listed below also establish my legitimate interest in data processing under Art. 6(1)(f) GDPR. The collection of data for providing the website and the storage of data in log files are necessary for the operation of the website.

Alfahosting

For the initial provision of the website and storage of personal data, I use the servers of Alfahosting GmbH, Edmund-von-Lippenmann-Straße 13-15, 06112 Halle (Saale), Germany (hereinafter "Alfahosting"). Alfahosting uses servers located exclusively in Germany, and I have concluded a data processing agreement with them.

Processed Information & Duration

In this context, the following data is collected for a limited period:

  • visited website,
  • amount of data transferred,
  • information about the type and version of the browser used,
  • the user's operating system,
  • the user's IP address,
  • the date and time of access, and
  • the websites from which the user's system accessed this website.

Purpose of Processing, Deletion & Legal Basis

This personal data is stored in log files to ensure the website's functionality and analyze potential disruptions. Temporary storage of the IP address by the system is necessary to make the website available to the user's device. For this purpose, the user's IP address must be stored for 24 hours. Afterward, the IP address is anonymized in the last octet ("000") and ultimately deleted entirely after seven days.

Cloudflare

I use the services of Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA ("Cloudflare") on this website. Cloudflare supports me in the secure and efficient provision of the website, in particular as a DNS provider, for caching/security functions, and for the provision of SSL/TLS functions.

I also use Cloudflare Turnstile to protect my forms against abusive automated requests and bot sign-ups. In this context, technical connection data and security-relevant signals are processed, in particular the IP address, information about the browser and device used, the user agent, the TLS fingerprint, the page accessed, the Turnstile sitekey, and other information required to detect automated requests and abuse.

The processing is carried out to ensure the security and functionality of the website and to defend against abusive automated access. To the extent that Cloudflare processes personal data for the provision of the services I use, this generally takes place as processing on my behalf. In connection with Cloudflare Turnstile, Cloudflare states that it also processes certain signals partly under its own data protection responsibility, in particular for improving the service's detection mechanisms.

Cloudflare processes data as part of a global network; this may involve transfers to third countries, in particular the United States. Cloudflare states that it is certified under the EU-U.S. Data Privacy Framework. Where required, Cloudflare additionally uses Standard Contractual Clauses and supplementary safeguards.

Processed Information & Duration

In this context, the following data in particular may be processed:

  • the technical access data listed above for Alfahosting, to the extent that such data arises when access is routed via Cloudflare,
  • the user's IP address,
  • information about the browser, device, and operating system used,
  • the user agent,
  • the TLS fingerprint,
  • the page accessed and the time of access,
  • the Turnstile sitekey, and
  • other technical and security-related signals required to detect bots and abusive automated access.

Turnstile issues a one-time token for verification. The exact storage duration of the data processed by Cloudflare is beyond my influence and is determined by Cloudflare. For further details, please refer to Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/ and the information on Cloudflare Turnstile: https://www.cloudflare.com/turnstile-privacy-policy/. Questions regarding data use by Cloudflare can be directed here: [email protected].

Purpose of Processing, Deletion & Legal Basis

Cloudflare acts as upstream technical infrastructure for parts of the provision and protection of this website. When you access this website and Cloudflare is active, which is the default, requests are routed via Cloudflare servers. The processed personal data is used for the provision of the website, the caching of content, the defense against attacks and abuse, and the maintenance of the security and functionality of the Cloudflare services used. This purpose also forms the basis of my legitimate interest in data processing under Art. 6(1)(f) GDPR.

To the extent that Cloudflare Turnstile is used to protect a form, the processing of the above-mentioned technical data and signals is necessary in order to classify the respective request as human or automated. Without this processing, the respective form may not be able to be submitted, or may not be able to be submitted securely.

Newsletter

If you subscribe to my newsletter, I process your data in order to send you emails with information about my projects. The newsletter is operated using the software phpList, which runs on my hosting with Alfahosting (Germany). Dispatch is carried out via Alfahosting's SMTP/mail server.

Processed Data

  • email address
  • subscription status (subscribed/unsubscribed)
  • double opt-in evidence (e.g. timestamps of subscription and confirmation, and the IP address generated in that process)
  • technical identifiers/tokens in links (e.g. for unsubscribing/preferences), to associate requests with your subscription

I do not use invisible tracking pixels or tracked links for click analytics in my emails or newsletters.

Legal Basis

Dispatch is based on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time with effect for the future by using the unsubscribe link in every newsletter email or by accessing the settings page.

Storage Duration

I store your data until you unsubscribe from the newsletter. After unsubscribing, your email address may be stored in a suppression list (blacklist) in order to reliably prevent future mailings (legitimate interest, Art. 6(1)(f) GDPR). Double opt-in evidence may also be stored for as long as necessary to assert, exercise, or defend legal claims.

Newsletter Settings / Unsubscribe

You can manage your newsletter subscription or unsubscribe here.

External Links

This website contains links to external third-party websites (e.g. YouTube, Bluesky, LinkedIn). When you click an external link, you leave this website. From that point on, the respective provider is responsible for processing personal data. This website does not embed any content from these third-party providers before you click an external link; any transfer of data to the respective providers only occurs when you open the linked page.