Privacy

Status and Validity

(As of: 23 October 2023)

Please note that this translation is for your information and reference only (even though it is rather precise). The is legally binding.

No-nonsense Executive Summary

Strict data protection regulations apply within the European Union (EU). Therefore, I need to explain to you exactly how I process your data. I will also explain your rights in this regard. To save time, please read the summary first:

• Accountable (“controller”) for this on-line offering in the sense of the EU-GDPR and national legislation is Ingo Struck.
• I welcome the EU GDPR legislation and the principle of data minimization.
• I examine how my visitors use my offer. In doing so, you remain unrecognized as an individual person. I do not use any technique that would allow me to observe your personal behaviour. I do not use so-called cookies.
• You will support me if you allow this modern form of analysis
• You can voluntarily send me emails. You can also subscribe to my newsletter without coercion or obligation. You can cancel the newsletter at any time.
• I will only share your information with third parties if I am required to do so by law or valid court order.
• Your data will only be processed within the EU or under non-EU jurisdiction with adequate protection.

Introduction

It is important to me to protect your personal data and to process it securely. As a matter of course, I adhere to the provisions of the relevant data protection laws, in particular the EU General Data Protection Regulation (GDPR). In the following text, I will refer to your personal data simply and briefly as “data”. Personal data are all data with which you can be personally identified. All linked websites, functions, and content that I offer you on-line, I refer to collectively as “on-line offering” for short.

I explain to you how I process your data when you use my on-line offer.

Basically, I support the principle of data minimization. I therefore only collect and process data for clear and specifically named purposes. I make these purposes visible for you. Whenever it is technically possible, I ask for your consent before processing your data. You can use my offer incognito within the scope of what is technically possible. Your personal data will be processed if it is factually or technically necessary. In addition, your data will be processed if a law requires me to do so.

Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR), other national data protection laws of the member states and other data protection regulations:

Definition of terms

“personal data” means any information relating to an identified or identifiable natural person. In the following, I will refer to such persons as “data subject”. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier (including so-called cookies) or one or more special features. These characteristics denote the physical, physiological, genetic, psychological, economic, cultural or social identity of a natural person.

“Controller” means the natural or legal person, public authority, agency or any other body, which alone or jointly with others determines the purposes and means of the processing of personal data.

“processing” means any operation or set of operations, which is performed upon personal data. It does not matter whether the operations consist of automated or manual procedures. The term is broad and covers practically every type and form of data handling.

“Non-EU jurisdiction” means any State or independent legal entity, which is not part of the European Economic Area (EEA).

“International organization” means any organization which has its place of business outside the European Union or which is partly or completely under non-EU jurisdiction.

“Processors” are third parties who process data on behalf of a “controller”. Processors must follow the instructions of the controller. The controller must conclude a separate contract on this with each processor. These contracts must meet certain requirements of the EU GDPR. They must be concluded in accordance with EU law or the law of an EU member state.

“IP address” is a unique identifier on the network. The service company for your Internet access assigns this identifier to you. The temporal association between this identifier and you as a person must, under certain circumstances, be stored by the service provider for a longer period. This may allow authorities to reconstruct your activities retrospectively as part of criminal or other investigations.

General information on data processing

Scope of the processing of personal data

As a matter of principle, I only process your data so that you can use my on-line offering and so that I can present my content and provide my services. I regularly process your data only if you consent in advance. An exception applies if you cannot consent in advance for actual reasons and legal regulations allow me to process the data anyway.

Legal basis for the processing of personal data

As a data subject, you can consent to me processing your data. Then Article 6(1) point (f) GDPR is the legal basis.

In the processing of personal data necessary for the performance of a contract to which you as a data subject are party, Article 6(1) point (b) GDPR constitutes the legal basis. This also applies if I process your data to negotiate, initiate or prepare contracts with you.

In some cases, as an entrepreneur or self-employed person, I am legally obliged to process your data. Then Article 6(1) point (c) GDPR is the legal basis.

Sometimes vital interests of the data subject or another natural person require me to process data. Then Article 6(1) point (d) GDPR is the legal basis.

It is possible that I as a person, my company, or third parties have a legitimate interest that I process data. If the processing is necessary to protect a legitimate interest of my person, my company, or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1) point (f) GDPR provides the legal basis for the processing. I use this legal basis as sparingly as possible.

Data erasure and storage duration

I block or delete the data of the data subject as soon as the purpose of storage ceases to apply. As the controller, I am subject to European and national legislation. I process data when this legislation provides for it in Union regulations, laws or other regulations. I also block or delete the data when a storage period prescribed by these legal norms expires. The data will nevertheless continue to be stored if it is necessary to conclude or fulfil a contract.

Provision of the on-line offering and creation of log files

Description and scope of data processing

With each call for the use of my on-line offering, my systems, or the systems of my processors, automatically record data and information from the computer system of the calling computer. I collect the following data:

1. Information about your browser type and version used
2. The operating system of your computer
3. Your IP address
4. Date and time of access
5. Websites from which your system accesses my on-line offering (incoming links)
6. The preference of the natural language in which you would like to use my on-line offering

With each call for the use of my on-line offering, my systems, or the systems of my processors, automatically record data and information from the computer system of the calling computer.

Legal basis for data processing

The legal basis for the temporary storage of data is Article 6(1) point (f) of the GDPR.

Purpose of data processing

Your IP address must be temporarily held in volatile storage by the system to deliver the on-line offering to your computer. For this purpose, your IP address must be processed in volatile memory for the duration of the request.

For technical reasons, you cannot explicitly consent to this processing. Therefore, my legitimate interest in you using my on-line offer justifies the purpose of this processing. The legal basis for the temporary storage of data is therefore Article 6(1) point (f) of the GDPR.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case when the data for the provision of the on-line offering are recorded, if the respective request has been processed conclusively.

Possibility of objection and removal

The collection of data for the provision of the on-line offering and the storage of the data in log files is indispensable for the operation of the on-line offering. Therefore, you cannot object to the storage and processing if you use my offer. If you do not wish these data to be processed, you must not use my offer any further.

No cookies

Description and scope of data processing

“Cookies” are small text files that are stored in your Internet browser or by your Internet browser on your computer system. If you call up an on-line offering, a “cookie” may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser and thus you as a user to be uniquely identified when you revisit the on-line offering.

My on-line offering functions completely without cookies; neither my own (original) cookies are stored nor are functions or offers of third parties used which would require the mandatory use of cookies. Therefore, I do not require your consent to the use of cookies at any point. I use special software to examine how my visitors use my offer. In doing so, you remain unrecognized as an individual person. This software also works without cookies.

Duration of storage, possibility of objection and removal

Cookies are stored on your computer and sent by it to authorized systems. Therefore, you have full control over the use of cookies. By changing the settings in your network browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been saved at any time. You can also have cookies deleted automatically when you close the browser or turn off the computer.

Analysis of use

Description and scope of data processing

If you do not want me to evaluate which parts of my offer you use, you can signal this via technical settings. To achieve this, configure your Internet browser to transmit a “global privacy control” or “do-not-track” signal with each request. Unless your browser transmits “do-not-track” or “Global Privacy Control” information, my systems, or my processors’ systems will route the call to a privacy-friendly analysis platform. In doing so, I collect the following data:

• Page URL – I track the page URL of each page view of my on-line offering to learn which pages my audience is viewing and how many times a particular page has been viewed.
• HTTP Referer – I use inbound links to track the number of visitors that were referred to my on-line offering from links on other websites.
• Browser – I evaluate, which browsers you use when you visit my website. This information is derived from technical protocol data (the User-Agent field in the HTTP header data). The full protocol data is discarded.
• Operating System – I only record the brand of the operating system and do not store the version number or other details. This information is derived from technical protocol data (the User-Agent field in the HTTP header data). The full protocol data is discarded.
• Device type – I evaluate, with which devices you use my on-line offering, to optimize the display for these devices. This information is derived from the number of available pixels in the width of the browser (window.innerWidth parameter). The real width of the browser in pixels is discarded.
• Visitor country – Based on the IP address, I look up the country from which you are using my on-line offering. I do not store information more specific than the country of origin. Your IP address will be discarded. I never store IP addresses in my analysis databases or analysis logs.

Legal basis for data processing

The legal basis for the temporary storage of data is Article 6(1) point (f) of the GDPR.

Purpose of data processing

I use the modern, data protection-friendly analysis software plausible.io to analyse your use of my on-line offering in a completely anonymous way. This helps me understand how you use my on-line offering. This is the only way I can provide you with useful content permanently.

In particular, no cookies are used to track your personal behaviour. Therefore, I do not ask you if you agree that I use cookies.

In these analyses, I am only interested in the statistically relevant behaviour of all users as a group, not the behaviour of individual users. Therefore, I use an analysis platform that is designed not to collect any personal data and that aims to make anonymous all data that could relate to individual persons. I need these analyses to further improve the service for you. Your data will only be used to improve the user experience of my on-line offering and to help you find the information you are looking for.

These purposes also include my legitimate interest in data processing in accordance with Article 6(1) point (f) GDPR.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. When collecting data for analysis purposes, this shall not take place before one year has elapsed.

Possibility of objection and removal

I only use the analysis platform if your browser does not transmit either “global privacy control” or “do-not-track” information. Although some voices regard the “do-not-track” mechanism as a “failed attempt”, popular browsers still support this functionality. I am endeavouring to use similar mechanisms in the future, provided that they are sufficiently widespread. In the footer of the pages of my on-line offering, you will be informed visibly whether your browser has activated the “do-not-track” functionality for my on-line offering. If you want to technically enforce your “do-not-track” request, I recommend installing a browser plug-in like Privacy Badger.

Since I cannot identify you as a person in the evaluations and analyses, I also have no possibility to delete or block specific data about you.

Email contact

Description and scope of data processing

You can contact me using the email addresses provided. Separately, you can subscribe to my newsletter. I will only send you the newsletter if you have specifically requested it. If you only contact me, you will not receive my newsletter automatically. The sending of emails on your part is just as voluntary as the subscription to my newsletter. In this respect, by emailing me, you agree that I may use and process the data contained in the email to the full extent. In this case, your personal data sent with the email will be processed.

I do not pass on any data to third parties in this context. I use your data exclusively for the processing of the conversation.

When you subscribe to my newsletter, I send a link to confirm. I send this link to the email address to which I should deliver the newsletter. You confirm that you have control over this email address when you open the link in the browser. You also confirm that you actually want my newsletter and have ordered it yourself. This procedure is also called “double opt-in”. I have contracted a specialized company to send the newsletter. There, your email address will only be used to send you the newsletter. The company processing your data on behalf of me is strictly forbidden by contract and by law to use your data in any other way. In particular, the company may not disclose your data to any third party. If I learn that the company is trying to sell your data, I will file a criminal complaint, terminate the contract with the company and claim damages.

Excluded from this is a misuse of my email addresses or my newsletter offer. In this case, I will enforce my rights. If necessary, I will take legal action. For this purpose, I will provide the necessary data to my legal counsel, competent police authorities, courts, tax offices and other authorized public bodies.

Legal basis for data processing

The legal basis for the processing of data transmitted while sending an email is Article 6(1) point (f) of the GDPR.

If the email contact has the goal of concluding a contract, the additional legal basis for the processing is Article 6(1) point (b) GDPR.

If the email contact represented an abusive use of my on-line offering, the additional legal basis for processing and forwarding within the scope of the lawful judicial or extra-judicial enforcement of my interests and rights is Article 6(1) point (f) GDPR.

Purpose of data processing

I process the data to respond to your contact, or to send you a newsletter regularly. If you emailed me to contact me, this also indicates the necessary legitimate interest in processing the data.

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the data that you have sent by email, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified. For the newsletter to be sent, this is the case if you have cancelled the subscription, or I can see that you have not actively used the subscription for more than one year. I review the necessity every two years. In addition, the statutory archiving obligations apply.

Possibility of objection and removal

If you contact me by email, you can object to the storage of your personal data at any time. In such a case, I am afraid I cannot continue the conversation with you.

You can send your revocation either also by e-mail or by telephone or by letter to me, the controller. You will find my email address, telephone number and postal address at the beginning of this document.

In this case, all personal data stored during the contact will be deleted within a reasonable period after checking the legality of the deletion. If deletion is legally not possible or the legality is doubtful, it is replaced by a blocking. This is particularly the case if the contact represents an abusive use of the on-line offering, or if the contact results or could result in a legal dispute between the data subject and the controller.

Administration, accounting, contact management

Description and scope of data processing

Within the scope of administrative tasks as well as for the organization of my company, accounting and for compliance with legal obligations (such as, among others, archiving), I process data exclusively outside my on-line offering. In this context, I process the same data that I process for the provision of the professional services contracted.

In this context, I disclose or transfer data to the tax authorities, consultants (such as tax consultants or auditors) as well as other fee agencies, public authorities and payment service providers.

Furthermore, I store information on suppliers, other business partners and potential business partners based on my business interests.

Data subjects can be my customers, interested parties, suppliers, potential business partners as well as their customers, users, website visitors or employees and third parties.

Legal basis for data processing

When I process data to carry out my business activities or to provide contracted services, the legal bases of the processing are Article 6(1) point (c) GDPR and Article 6(1) point (f) GDPR.

Purpose of data processing

The purpose and my interest in processing lies in the administration, accounting and archiving of data. These are tasks that I perform to maintain my business. This includes some legal obligations that I have to fulfil. Moreover, these are partly tasks with which I can provide my services.

Duration of storage

I store most of the data related to companies permanently. To fulfil legal archiving obligations, I delete the data at the earliest after the expiry of the legal retention periods and at the latest one year after the expiry of these periods.

Possibility of objection and removal

You can send an objection in writing to my postal address as the controller. In most cases, my interest as controller in the processing is likely to outweigh your request for deletion. In such cases, the data is regularly blocked instead of deleted. Notwithstanding this, the general rules on data deletion and blocking shall apply.

Rights of the data subject

If your personal data is processed, you are a data subject in the sense of the GDPR and you have the following rights against me, the controller:

Right of access by the data subject

In accordance with Article 15 of the GDPR, you can request confirmation from me, the controller, whether I am processing personal data concerning you. If such processing happens, you may request the following information from the controller:

1. The purposes for which the data are processed
2. The categories of personal data processed
3. The recipients or categories of recipients to whom the data concerning you have been or will be disclosed
4. The planned duration of storage of data relating to you or, if it is not possible to give details, criteria for determining the duration of storage
5. The existence of a right of rectification or erasure of data concerning you, a right to restriction of processing by the controller or a right to object to such processing
6. The existence of a right of appeal to a supervisory authority pursuant to Article 77 GDPR
7. All available information about the origin of the data, if the data is not collected directly from you as the data subject

You may request information whether I transfer your data to a non-EU jurisdiction or to an international organization. In connection with this transmission, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR.

Right of rectification

Under Article 16 of the GDPR, you have the right to ask the controller to correct and complete the processed personal data concerning you if it is incorrect or incomplete. The controller shall make the correction without undue delay.

Right to erasure

Obligation to delete
In accordance with Article 17 GDPR, you can demand that I, the controller, delete your data immediately, and I am obliged to delete this data immediately if one of the following reasons applies:

1. The data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You withdraw your consent on which the processing was based under Article 6(1) point (a) or Article 9(2) point (a) GDPR and there is no other legal basis for the processing.
3. You object to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21(2) GDPR.
4. The data concerning you have been processed unlawfully.
5. The controller is obliged to delete the data concerning you in accordance with Union law or the law of the Member States to which it is subject.
6. The data concerning you have been collected relating to information society services offered in accordance with Article 8(1) GDPR.

Information to third parties
If I, the controller, have made public the data concerning you and I am obliged to delete them pursuant to Article 17(1) GDPR, I shall take reasonable measures. These can also be purely technical measures. With the measures, I inform the other controllers within the meaning of the GDPR for the processing of your data that you, as the data subject, have requested them to delete all links to these data or copies or replications of these data.

Exceptions
You do not have the right to erasure if the processing is necessary

1. On the exercise of the right to freedom of expression and information
2. To comply with a legal obligation imposed on the controller under Union or national law to which the controller is subject or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
3. For reasons of public interest in the field of public health pursuant to Article 9(2) points (h) and (i) as well as Article 9(3) GDPR
4. For archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the law referred to in Section 1) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
5. To assert, exercise or defend legal claims.

Unless the data are deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, data must be retained for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) and Section 257 (1) Nos. 1 and 4, (4) of the German Commercial Code (HGB) (books, records, management reports, accounting vouchers, commercial ledgers, documents relevant for taxation and similar) and for 6 years in accordance with Section 257 (1) Nos. 2 and 3, (4) of the HGB (commercial letters). Emails constitute commercial letters if they have been exchanged in the context of a business relationship between you, the data subject, and me, the controller.

Right to restriction of processing

If at least one of the following conditions is met, you may request the restriction of the processing of personal data concerning you in accordance with Article 18 GDPR:

1. If you dispute the accuracy of the data concerning you for a period that allows the controller to verify the accuracy of the data.
2. The processing is unlawful, and you object to the deletion of the personal data and request instead the restriction of the use of the personal data.
3. The controller no longer needs the personal data for the purposes of the processing, but you need it to exercise or defend your rights.
4. You have objected to the processing under Article 21(1) of the GDPR and it has not yet been definitively established whether the controller’s legitimate grounds outweigh your grounds.

Where the processing of data relating to you has been restricted, such data may be processed (except storage) only with your consent or to pursue, exercise or defend legal claims or to protect the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you shall be informed by the controller before the restriction is lifted.

Notification obligation

If you have asserted the right to rectification, erasure, or restriction of processing towards the controller, the latter is obliged, pursuant to Article 19 GDPR, to notify all recipients of such rectification, erasure, or restriction of processing to whom the data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You are entitled to be informed of these recipients by the controller.

Right to data portability

Pursuant to Article 20 GDPR, you are entitled to receive the data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also are entitled to have this data transferred to another controller without interference from the controller to whom the data has been made available, provided that

1. The processing is based on a consent pursuant to Article 6(1) point (a) GDPR or Article 9(2) point (a) GDPR or on a contract pursuant to Article 6(1) point (b) GDPR and
2. The processing is carried out by automated procedures.

In exercising this right, you also are entitled to have the data concerning you transferred directly from one controller to another, as far as this is technically feasible.
The freedoms and rights of other persons may not be impaired thereby.
The right to data portability shall not apply to processing of data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

Pursuant to Article 21 GDPR, you are entitled to object at any time, for reasons arising from your particular situation, to the processing of data concerning you based on Article 6(1) points (e) or (f) GDPR, including profiling based on these provisions.
The controller shall no longer process the data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

Security measures

In accordance with Article 32 GDPR, I shall take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, considering state-of-the-art practices, the implementation costs and the nature, extent, circumstances, and purposes of the processing and the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons. The measures include in particular the safeguarding of confidentiality, integrity, and availability of data by

1. Control of the physical access to the data
2. Control of access, input, disclosure, availability assurance and disconnection of data concerning them
3. The establishment of procedures to ensure the exercise of data subject rights, deletion of data and reaction to threats to data
4. The consideration of the protection of personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by designing technology and by using data protection-friendly default settings in accordance with Article 25 GDPR

Transfer to non-EU jurisdiction with adequate protection

I process data in non-EU jurisdiction and transfer data to non-EU jurisdiction or to international organizations only in countries with “adequate protection” according to Article 45 GDPR. The reason for this is that for processing in other countries, I have to comply with the complicated requirements and conditions of Article 44 et seq. GDPR.

The EU Commission, after assessing the adequacy of the level of protection, may decide, through an implementing act, that a non-EU jurisdiction, a territory, or one or more specified sectors within a non-EU jurisdiction, or an international organization ensures an adequate level of protection. In this case, as the controller, I do not need any special permission from you to transfer the data to such a non-EU jurisdiction.

At the time of the last update of this privacy policy, the EU Commission has determined an adequate level of protection for the following countries

• Andorra
• Argentina
• Canada (commercial organizations)
• Faeroe Islands
• Guernsey
• Isle of Man
• Israel
• Japan
• Jersey
• New Zealand
• Republic of Korea
• Switzerland
• United Kingdom
• United States (EU-US Data Privacy Framework)
• Uruguay

Cooperation with processors and third parties

If I disclose, transfer or otherwise grant access to data to other persons and companies (processors or third parties) in the course of my processing, this will only be done based on

• Your consent
• A legal permission
• A legal obligation, or
• My legitimate interests.

If my own interests are involved, I will carefully consider and try to balance my interests with your rights and interests before any disclosure of your information.

If I commission third parties to process data in scope of a data processing agreement, this is done based on Article 28 GDPR.

Processors

I have commissioned the following companies to process your data and have concluded a contract with them for commissioned data processing:

Content Delivery Network KeyCDN

I use a content delivery network to deliver my on-line offering. My content is distributed worldwide on the servers of KeyCDN (processor) and delivered to you from there.

The KeyCDN service is offered by

proinity LLC
Reichenauweg 1
8272 Ermatingen
Switzerland

Register authority: Federal Statistical Office
UID: CHE-459.847.656

I have selected or restricted the locations for my on-line offering in such a way that the content is only delivered from EU member states and from non-EU countries that offer adequate protection from the perspective of the EU Commission. I have my content delivered from the following locations:

• European Union: Amsterdam, Athens, Bucharest, Copenhagen, Dublin, Frankfurt (Main), Helsinki, Lisbon, Madrid, Milan, Oslo, Paris, Stockholm, Vienna, Warsaw
• United Kingdom: London
• Switzerland: Zurich
• Canada: Montreal
• Israel: Tel Aviv
• Japan: Tokyo
• New Zealand: Auckland
• Argentina: Buenos Aires

Content Delivery Network CDN77

I use a content delivery network to deliver my on-line offering. My content is distributed worldwide on the servers of CDN77 (processor) and delivered to you from there.

The CDN77 service is offered by

DataCamp Limited
207 Regent Street
London W1B HH
United Kingdom

Register authority: Companies House
Company number: 07489096

I have selected or restricted the locations for my on-line offering in such a way that the content is only delivered from EU member states and from non-EU countries that offer adequate protection from the perspective of the EU Commission. I have my content delivered from the following locations:

• European Union: Amsterdam, Athens, Bratislava, Bucharest, Dublin, Frankfurt (Main), Madrid, Marseilles, Milan, Paris, Prague, Sofia, Stockholm, Vienna, Warsaw
• United Kingdom: London
• Switzerland: Zurich
• Canada: Toronto
• Israel: Tel Aviv
• Japan: Tokyo
• Argentina: Buenos Aires

Content Delivery Network CDNsun

I use a content delivery network to deliver my on-line offering. My content is distributed worldwide on the servers of CDNsun (processor) and delivered to you from there.

The CDNsun service is offered by

CDNsun s.r.o.
V zářezu 902/4
Prague, 158 00
Czech republic

Register authority: Ministerstvo spravedlnosti České republiky
Company number: 05745314

I have selected or restricted the locations for my on-line offering in such a way that the content is only delivered from EU member states and from non-EU countries that offer adequate protection from the perspective of the EU Commission. I have my content delivered from the following locations:

• European Union: Amsterdam, Athens, Bucharest, Budapest, Frankfurt (Main), Madrid, Milan, Paris, Stockholm, Warsaw
• United Kingdom: London
• Canada: Toronto
• Japan: Tokyo

Analysis Platform

I have commissioned a provider of a data protection-friendly analysis platform with the completely anonymized evaluation of the use of my offer. Your data will not be transferred there if your browser sends a “do-not-track” or “Global Privacy Control” signal.

The service plausible.io is offered by

Plausible Insights OÜ
Västriku tn 2
50403 Tartu
Estonia

Register authority: e-Business Register
Register number: 14709274

The processor stores and processes the anonymized data in a data centre in Frankfurt (Main), Germany.

Newsletter dispatch

I use a professional, multi-certified mailing service for the regular dispatch of my email newsletter.

The service rapidmail is offered by

rapidmail GmbH
Augustinerplatz 2
79098 Freiburg im Breisgau
Germany

Register court: Freiburg i.Br
Registration number: HRB 706983
EU VAT. ID: DE262810345

The processor contractually guarantees that your data will be stored and processed exclusively at a location in Germany.

Mailing

I use a professional mailing company to send personal and transactional emails.

The SMTP2GO service is offered by

SAND DUNE MAIL LIMITED
96-106 Manchester Street
Christchurch 8011
New Zealand

Register authority: New Zealand Companies Office
Company number: 1842323
NZBN: 9429033989624

The processor contractually ensures that your data is stored and processed exclusively at a location in the European Union.

To ensure this, I only use the specific endpoint mail-eu.smtp2go.comto send the emails.

Through this technical measure, the data transmitted through SMTP or API is processed exclusively within the European Union until it is transferred to the email receiving server assigned to your domain.

On-line surveys

I have contracted the service provider LimeSurvey to provide on-line surveys. If you participate in on-line surveys that I have created there, you agree to the privacy policy and terms and conditions of this company. Before the survey begins, you will be explicitly asked for your consent.

The service LimeSurvey is offered by

LimeSurvey GmbH
Survey services & consulting
Papenreye 63
22453 Hamburg
Germany

Register court: Hamburg
Registration number: HRB 137625
EU VAT. ID: DE301233134

It has been contractually agreed with the processor that your data will be stored and processed exclusively at a location in Germany.