Controller

Justus August

Potsdam, Germany

justus.august@icloud.com

Categories of data and purposes

• Provision of the website

  When you visit this site, technical usage data (such as IP address, browser type, operating system, time of access, and referring URL) is temporarily processed in server log files so the site can be delivered securely and reliably.

• Communication

  If you contact me by email or another channel you choose, I process the personal data in your inquiry only to respond and manage our correspondence.

• Analytics and performance

  I use privacy friendly analytics from Vercel (Vercel Web Analytics) to understand overall usage trends without building individual user profiles or storing personally identifiable information beyond short lived pseudonymous metrics.

Legal bases

• Art. 6(1)(b) GDPR: Processing that is necessary to perform pre contractual steps at your request when you contact me in a professional context.
• Art. 6(1)(f) GDPR: Processing based on my legitimate interest in running a secure, stable, and well performing website and in answering enquiries.
• Art. 6(1)(a) GDPR: Processing based on your consent where I ask for it explicitly, for example if you opt in to optional analytics. You can withdraw consent at any time with effect for the future.
• Art. 6(1)(c) GDPR: Processing that is necessary to meet legal obligations, such as keeping records for statutory retention periods or responding to regulators.

Hosting and processors

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel acts as a processor under a data processing agreement that includes EU Standard Contractual Clauses. Technical and organisational measures are in place to safeguard your data. Servers are located in the European Union where possible, and transfers to countries outside the EU happen only with appropriate safeguards.

Retention

Personal data is stored only for as long as needed to fulfil the purposes described above. Log files are usually deleted automatically within 30 days unless they are needed longer to investigate security incidents. Correspondence that relates to legal obligations may be kept for up to six years under Section 257 HGB and Section 147 AO.

Data disclosures

I share personal data with service providers only where this is necessary and only on the basis of GDPR compliant processing agreements. Analytics data in particular is processed by Vercel. If I bring in additional processors, I select them carefully and bind them by contract to protect your data.

Your rights

• Right of access to the personal data processed about you (Art. 15 GDPR).
• Right to rectification of inaccurate or incomplete personal data (Art. 16 GDPR).
• Right to erasure ('right to be forgotten') under the conditions of Art. 17 GDPR.
• Right to restriction of processing in accordance with Art. 18 GDPR.
• Right to data portability for data you provided on the basis of consent or a contract (Art. 20 GDPR).
• Right to object to processing based on legitimate interests (Art. 21 GDPR).
• Right to withdraw consent you have previously given at any time, without affecting the lawfulness of processing before the withdrawal.
• Right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or alleged infringement (Art. 77 GDPR).

To exercise any of these rights, please contact me using the details above. I aim to respond within one month in line with Art. 12 GDPR.

Security

Appropriate technical and organisational measures are in place to protect personal data against loss, misuse, unauthorised access, and disclosure. These measures are reviewed from time to time and adjusted where needed so the level of security stays appropriate to the risk.

Updates

I may update this privacy policy when legal requirements change or when my processing activities change. The date of the last update is shown below.

Last updated: 2024-06-10