Preamble
With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").
The terms used are not gender-specific.
Last updated: January 13, 2026
Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Types of Data Processed
- Inventory data.
- Contact data.
- Content data.
- Usage data.
- Meta, communication and process data.
Categories of Data Subjects
Purposes of Processing
- Feedback.
- Provision of our online services and user-friendliness.
Relevant Legal Bases
Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in this privacy policy.
- Legitimate Interests (Art. 6(1)(f) GDPR) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual German federal states may apply.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, assurance of availability and separation of data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and responses to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.
Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.
Provision of Online Services and Web Hosting
We process users' data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
- Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and process data (e.g., IP addresses, time stamps, identification numbers, persons involved).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
- Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
- Legal bases: Legitimate Interests (Art. 6(1)(f) GDPR).
Server Log Files
Each time our online services are accessed, the web server automatically stores information in so-called server log files. These log files contain the IP address of the requesting computer, date and time of access, name and URL of the retrieved file, the amount of data transferred, notification of successful retrieval (HTTP response code), browser type and version, the user's operating system, referrer URL (the previously visited page) and the requesting provider.
This data is automatically collected for technical reasons and serves to ensure smooth connection establishment of the website, to ensure comfortable use of our website, to evaluate system security and stability, and for other administrative purposes.
Server log files are stored for a maximum of 7 days and then deleted. Data is stored for security reasons, e.g., to investigate cases of abuse. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.
Hosting and Data Processing
We use the services of OVHcloud (OVH SAS) for hosting our website. The servers are located in Strasbourg, France (EU). The hosting provider processes the above-mentioned data (IP addresses, access data, etc.) on our behalf. A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.
Data processing takes place exclusively within the European Union and is subject to the GDPR. OVHcloud is obliged as a data processor to take appropriate technical and organizational measures to protect the processed data.
OVH SAS
2 rue Kellermann
59100 Roubaix, France
Website: https://www.ovhcloud.com/en/
Privacy Policy: https://www.ovhcloud.com/en/personal-data-protection/
Use of Cookies
Our website uses cookies only to a very limited extent. Cookies are small text files that are stored on your device and that your browser stores. They serve to make our offer more user-friendly.
Session Cookies for Protected Areas
We use session cookies on certain pages of our website (in particular on the /logtest page) to enable access to protected areas. These cookies are stored exclusively for the duration of your session or for a maximum of 24 hours.
- page_access: This cookie stores the authentication information for access to protected areas. Validity period: 24 hours. The cookie is set with the "httpOnly" and "secure" flags to increase security.
- user_data: This cookie stores session data for displaying user information. The cookie is automatically deleted upon logout.
Important: These cookies are only set on the protected pages, not when normally visiting our blog. If you do not visit these protected areas, no cookies will be stored on your device.
- Types of data processed: Meta, communication and process data (e.g., IP addresses, time stamps, identification numbers, persons involved).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Authentication and access control for protected areas.
- Retention and deletion: Session cookies: maximum 24 hours; automatic deletion upon logout or after expiry of the validity period.
- Legal bases: Legitimate Interests (Art. 6(1)(f) GDPR).
You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of our website may be limited, in particular access to protected areas will not be possible.
External Links and Services
Our online services contain links to external websites and third-party services. When you click on these links, you leave our website and your data will then be processed by the respective third-party providers.
Discord
We offer a link to our Discord server on our website (https://discord.gg/AcSuPyQauD). Discord is a communication service provided by Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA.
Important: When you click on the Discord link and join our server, you leave our website. Discord will then process your data in accordance with their own privacy policy. We have no influence on data processing by Discord and are not responsible for it.
Discord may process the following data, among others:
- Discord username and profile data
- IP address
- Messages and communication content
- Usage data and metadata
Discord Privacy Policy: https://discord.com/privacy
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); Meta, communication and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of community features and communication options.
- Legal bases: Legitimate Interests (Art. 6(1)(f) GDPR).
Note: We do not use Discord directly on our website (no embed, no widget). It is exclusively an external link. Data transfer to Discord only takes place if you actively click on the link.
General Information on Data Storage and Deletion
We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or there are no further legal grounds for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.
In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or protection of the rights of other natural or legal persons must be archived accordingly.
Our privacy notices contain additional information on the retention and deletion of data that specifically applies to certain processing operations.
Where there are multiple entries on the retention period or deletion periods of a date, the longest period shall always apply. Data that is no longer stored for its originally intended purpose but due to legal requirements or other reasons is processed exclusively for the reasons justifying its retention.
Retention and deletion of data: The following general periods apply for retention and archiving under German law:
-
10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents required for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
-
8 years - Accounting documents, such as invoices and cost receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
-
6 years - Other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g., hourly wage slips, operating accounting sheets, calculation documents, price tags, but also payroll documents insofar as they are not already accounting documents and cash register receipts (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
-
3 years - Data required to consider potential warranty and damage claims or similar contractual claims and rights as well as to process related inquiries, based on previous business experience and common industry practices, is stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
Period begins at the end of the year: If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships under which data is stored, the event triggering the period is the time at which the termination or other ending of the legal relationship becomes effective.
Rights of Data Subjects
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
- Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
- Right to withdraw consent: You have the right to withdraw any consent given at any time.
- Right of access: You have the right to obtain confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
- Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with legal requirements, to request restriction of processing of the data.
- Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
Blogs and Publication Media
We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy policy.
- Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and contributions as well as related information, such as information on authorship or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g., IP addresses, time stamps, identification numbers, persons involved).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Feedback (e.g., collecting feedback via online form). Provision of our online services and user-friendliness.
- Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Storage and Deletion".
- Legal bases: Legitimate Interests (Art. 6(1)(f) GDPR).
Changes and Updates
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your participation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and please check the information before contacting us.
Definitions
This section provides an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions apply. The following explanations, however, are primarily intended for understanding.
- Inventory data: Inventory data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, facilities or systems by enabling unique assignment and communication.
- Content data: Content data includes information generated in the course of creating, editing and publishing content of all kinds. This category of data may include texts, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information and publication dates.
- Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
- Meta, communication and process data: Meta, communication and process data are categories that contain information about how data is processed, transmitted and managed. Metadata, also known as data about data, includes information that describes the context, origin and structure of other data. It may include information about file size, creation date, author of a document and change histories. Communication data captures the exchange of information between users through various channels, such as email traffic, call logs, messages on social networks and chat histories, including the persons involved, time stamps and transmission paths. Process data describes the processes and procedures within systems or organizations, including workflow documentation, transaction and activity logs, as well as audit logs used for tracking and verification of operations.
- Usage data: Usage data refers to information that captures how users interact with digital products, services or platforms. This data includes a wide range of information showing how users use applications, which features they prefer, how long they spend on certain pages and which paths they navigate through an application. Usage data may also include frequency of use, time stamps of activities, IP addresses, device information and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content and improving products or services. Furthermore, usage data plays a crucial role in identifying trends, preferences and potential problem areas within digital offerings.
- Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data, be it collection, evaluation, storage, transmission or deletion.
