This website and its web server are operated by private individuals domiciled in different European states. The web server is physically located in Germany and provided by netcup GmbH. We concluded a data processing agreement according to Article 28 GDPR with netcup GmbH.
Controller in terms of the GDPR is:
onrB 09 106
- Personal data we process
- Your rights (Articles 15–20 GDPR)
- Right to object (Article 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
There are several definitions in the GDPR. The most important definitions are:
- ‘personal data’ means any information relating to an identified or identifiable natural person
- ‘processing’ means any operation […] on personal data […] such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Examples for “personal data” are your name, your username(s), your address, your e-mail address, (sometimes) your IP address and more sensitive data like your religious and sexual orientation. Especially IP addresses can also represent corporate data (for instance, when you access websites using your corporate internet access) or they can be anonymous (for instance, when you use Tor to access websites).
The term “processing” can be considered as an umbrella term for everything we do with your personal data.
Personal data we process
When you visit our website, your IP address and maybe User-Agent (e.g. information about your web browser and/or operating system) are automatically processed by our web server. This is technically necessary since your client requests resources from our web server. Then, our web server needs your IP address to send packets to your client. By default, we do not process any other personal data of you.
Our web server writes information about each request to so-called log files. These log files only contain timestamp, HTTP status code, bytes transmitted and first line of request for each request. Example:
[31/Dec/2016:12:01:10 +0100] 200 3271 "GET /index.xml HTTP/2.0".
We collect this data (which doesn’t contain personal data) to identify technical errors (e.g. broken links). In general, log files are deleted after two weeks at a max.
The legal basis for the processing of this information is Article 6(1) f GDPR.
Your rights (Articles 15–20 GDPR)
According to the Articles 15 to 20 of the GDPR, you have several rights concerning your personal data processed by us:
- Art. 15: Right of access
- Art. 16: Right to rectification
- Art. 17: Right to erasure
- Art. 18: Right to restriction of processing
- Art. 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
- Art. 20: Right to data portability
Besides your IP address (and maybe User-Agent) which is automatically transmitted by your client and only used for responding to its requests, we do not process personal data of you. Since there is no need for us to identify you when you normally access our website, we aren’t obliged to maintain, acquire or process additional information in order to identify you for the sole purpose of complying with the GDPR.
This means that (according to Article 11 GDPR) Articles 15 to 20 don’t apply except where you, for the purpose of exercising your rights mentioned above, provide additional information enabling your identification.
Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e or f of Article 6(1) GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims. This doesn’t affect the lawfulness of processing based on consent before its withdrawal (point c of Article 13(2) GDPR).
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
For further information about our security measures, read our security notes.
Last update: May 24, 2018