Controller

Justus Ferdinand August

Potsdam, Germany

justus.august@icloud.com

Categories of data and purposes

• Provision of the website

  When you visit this site, technical usage data (IP address, browser type, operating system, time of access, referring URL) is temporarily processed in server log files to ensure the site can be delivered securely and reliably.

• Communication

  If you contact me by email or other channels you provide, I process the personal data contained in your inquiry solely to respond and manage the correspondence.

• Analytics and performance

  I use privacy-friendly analytics offered by Vercel (Vercel Web Analytics) to understand aggregate usage trends without creating individual user profiles or storing personally identifiable information beyond short-lived pseudonymous metrics.

Legal bases

• Art. 6(1)(b) GDPR: Processing necessary to perform pre-contractual measures at your request when you contact me in a professional capacity.
• Art. 6(1)(f) GDPR: Processing based on my legitimate interest in providing a secure, stable, and optimised website, as well as responding to enquiries.
• Art. 6(1)(a) GDPR: Processing based on your consent, where I explicitly ask for it (for example, when you opt in to optional analytics). You may withdraw consent at any time with future effect.
• Art. 6(1)(c) GDPR: Processing necessary to fulfil legal obligations, such as complying with statutory retention periods or responding to regulatory requests.

Hosting and processors

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel acts as a processor on the basis of a Data Processing Agreement, including EU Standard Contractual Clauses. Technical and organisational measures are implemented to safeguard your data. Server locations are in the European Union where possible; data transfers to third countries occur only with appropriate safeguards.

Retention

Personal data is stored only for as long as necessary to fulfil the purposes described above. Log files are automatically deleted within 30 days unless longer retention is required to investigate security incidents. Correspondence related to legal obligations may be retained for up to six years pursuant to Section 257 HGB and Section 147 AO.

Data disclosures

I share personal data with service providers only where necessary and subject to GDPR-compliant processing agreements. In particular, analytics data is processed by Vercel. If further processors are engaged, they are selected with care and bound by contractual obligations to protect your data.

Your rights

• Right of access to the personal data processed about you (Art. 15 GDPR).
• Right to rectification of inaccurate or incomplete personal data (Art. 16 GDPR).
• Right to erasure ('right to be forgotten') under the conditions of Art. 17 GDPR.
• Right to restriction of processing in accordance with Art. 18 GDPR.
• Right to data portability for data you provided on the basis of consent or a contract (Art. 20 GDPR).
• Right to object to processing based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent you have previously given at any time, without affecting the lawfulness of processing before the withdrawal.
• Right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or alleged infringement (Art. 77 GDPR).

To exercise your rights, please contact me using the details above. I will respond within one month in accordance with Art. 12 GDPR.

Security

Appropriate technical and organisational measures are in place to protect personal data against loss, misuse, unauthorised access, and disclosure. These measures are reviewed regularly and adapted where necessary to maintain a level of security appropriate to the risk.

Updates

I may update this privacy policy to reflect legal requirements or changes in processing activities. The date of the last update is shown below.

Last updated: 2024-06-10