Privacy Policy
📝 Placeholder — complete before going live
The following sections marked with [placeholder] must be filled in with your actual details. This policy has been prepared in accordance with the EU General Data Protection Regulation (GDPR). Have it reviewed by legal counsel before publishing.
1. Controller
The controller responsible for data processing on this website is:
[Placeholder — Full Name / Company Name]
[Placeholder — Street & Number]
[Placeholder — Postal Code, City]
Germany
Email: [email protected]
2. Data Protection Officer
[Placeholder — Name and contact details of the Data Protection Officer, if required by Art. 37 GDPR]
3. Hosting
This website is hosted by NovaCloud-Hosting (NovaCloud GmbH, [Placeholder — Address]). When you visit the website, technical data is processed in server log files, including:
- IP address
- Date and time of the request
- Requested page / resource
- HTTP status code and transferred data volume
- Referrer URL
- User agent (browser and operating system)
This processing is necessary for the operation and security of the website (Art. 6(1)(f) GDPR — legitimate interest). Server log files are retained for [Placeholder — e.g. 7] days and then deleted, unless retention is required for legal or security reasons.
4. Content Delivery Network (Cloudflare)
This website uses Cloudflare (Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA) as a Content Delivery Network (CDN) and reverse proxy. Cloudflare helps deliver pages and assets faster by serving them from edge locations close to you, and provides DDoS protection.
When you visit the website, Cloudflare processes your IP address and request metadata through its global edge network. Cloudflare acts as a data processor on our behalf. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in secure and efficient delivery) and Art. 28 GDPR (data processing agreement).
Cloudflare is certified under the EU-US Data Privacy Framework (DPF). For more information, see Cloudflare's Privacy Policy.
5. Analytics (PostHog)
This website uses PostHog (PostHog Inc., 2261 Market Street #4526, San Francisco, CA 94114, USA; EU operations via PostHog BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands) for web analytics. PostHog helps us understand how visitors interact with the website so we can improve it.
PostHog processes:
- Pages visited, interactions (clicks, scrolls)
- Browser and device information (user agent, screen size)
- Referrer URL
- Anonymized IP address (IP is masked before storage)
Cookies: PostHog stores a randomly generated user ID in local storage (not a cookie) to recognize returning visitors. No cross-site tracking or advertising cookies are used.
Consent requirement: PostHog is only loaded after you have given explicit consent via the cookie consent banner. Until consent is given, no analytics data is collected. You can withdraw consent at any time via the cookie settings.
PostHog is hosted on EU infrastructure. Data processing is based on Art. 6(1)(a) GDPR (consent). A Data Processing Agreement (DPA) with PostHog is in place.
More information: PostHog Privacy Policy.
6. Contact
When you contact us via email (mailto link), the data you provide (name, email address, message content) is processed solely for the purpose of handling your enquiry. This processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in communication).
No contact form data is stored on this website. The website uses a mailto: link which opens your local email client.
7. Your Rights under GDPR
As a data subject, you have the following rights under the GDPR:
- Right of access (Art. 15 GDPR) — request information about the personal data we hold about you.
- Right to rectification (Art. 16 GDPR) — request correction of inaccurate data.
- Right to erasure ("right to be forgotten") (Art. 17 GDPR) — request deletion of your data.
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object (Art. 21 GDPR) — object to processing based on legitimate interest.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To exercise your rights, contact us at: [email protected]
The competent supervisory authority is:
[Placeholder — Name and address of the relevant data protection authority, e.g. Landesbeauftragte für Datenschutz und Informationsfreiheit NRW]
8. Data Retention
Personal data is retained only as long as necessary for the purposes stated in this policy or as required by law (e.g. commercial or tax retention obligations under German law, typically 6–10 years).
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
Last updated: July 2026