Privacy Policy

Self-built with as little data collected as possible. But with analytics, so I know what gets used.

This website is self-built and I try to collect as little data as possible. As I do, however, want to know how the website is used, I run a self-hosted instance of Matomo (formerly Piwik) without cookies for analytics. But read for yourself:

Privacy policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter "data") within my online offering and the websites, functions and content connected with it, as well as my social media profiles (hereinafter collectively referred to as the "online offering"). With regard to the terms used, such as "processing" or "controller", I refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Jona Hölderle
Wolterstraße 18
15366 Neuenhagen bei Berlin
Germany
jona@pluralog.de

Types of data processed

  • Master data (e.g. names).
  • Contact data (e.g. email).
  • Content data (e.g. text entries, photographs).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta / communication data (e.g. device information, IP addresses).

Categories of data subjects

Visitors and users of the online offering (hereinafter I also refer to the data subjects collectively as "users").

Purpose of processing

  • Provision of the online offering, its functions and content.
  • Responding to contact enquiries and communicating with users.
  • Security measures.
  • Reach measurement / marketing.

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Relevant legal bases

In accordance with Art. 13 GDPR, I inform you of the legal bases of my data processing. Where the legal basis is not stated in the privacy policy, the following applies: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing in order to perform my services and carry out contractual measures as well as to respond to enquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfil my legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard my legitimate interests is Art. 6(1)(f) GDPR. In the event that the vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.

Cooperation with processors and third parties

Where, in the course of my processing, I disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. where transmitting data to third parties, such as payment service providers, is necessary to perform a contract pursuant to Art. 6(1)(b) GDPR), where you have consented, where a legal obligation provides for this, or on the basis of my legitimate interests (e.g. when using agents, web hosts, etc.).

Where I engage third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.

Rights of data subjects

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request that data concerning you be erased without delay, or alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data.

You have the right to request that the data concerning you which you have provided to me be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right, in accordance with Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw any consent given, with effect for the future, in accordance with Art. 7(3) GDPR.

Right to object

You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right to object to direct marketing

"Cookies" are small files stored on users' computers. Different information can be stored within cookies. A cookie's primary purpose is to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Cookies that are deleted after a user leaves an online offering and closes their browser are referred to as temporary cookies, "session cookies" or "transient cookies". Such a cookie may, for example, store the contents of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, a login status can be stored if users visit again after several days. Such a cookie may also store the interests of users used for reach measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only the controller's cookies, they are referred to as "first-party cookies").

I may use temporary and permanent cookies and explain this within my privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies can lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case not all functions of this online offering may be usable.

Erasure of data

The data I process is erased or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated within this privacy policy, the data stored by me is erased as soon as it is no longer required for its intended purpose and erasure does not conflict with any statutory retention obligations. Where the data is not erased because it is required for other and legally permissible purposes, its processing is restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with statutory requirements in Germany, data is retained in particular for 6 years pursuant to § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, business letters, accounting vouchers, etc.) and for 10 years pursuant to § 147(1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).

Hosting

The hosting services I use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which I use for the purpose of operating this online offering.

In doing so, I, or rather my hosting provider endil GmbH with servers at Hetzner Online GmbH, process master data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of this online offering on the basis of my legitimate interests in an efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

My hosting provider collects, on the basis of my legitimate interests within the meaning of Art. 6(1)(f) GDPR, data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.

For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Backups are deleted after 14 days. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally resolved.

Contact

When you contact me (e.g. by email, phone or via social media), the user's details are processed to handle the contact enquiry and its processing pursuant to Art. 6(1)(b) GDPR. The users' details may be stored in a contact management system.

I delete enquiries once they are no longer required. I review the necessity every two years; statutory archiving obligations also apply.

Reach measurement with Matomo

As part of Matomo's reach analysis, the following data is processed on the basis of my legitimate interests (i.e. interest in the analysis, optimisation and economic operation of my online offering within the meaning of Art. 6(1)(f) GDPR): the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, your time spent on the website and the external links you click. Users' IP addresses are anonymised before they are stored.

In the version I use, Matomo does not use cookies for analysis.

Users can object to the anonymised data collection by the Matomo program at any time with effect for the future by clicking the link below. In this case, a so-called opt-out cookie is placed in their browser, with the result that Matomo no longer collects any session data. If users delete their cookies, however, this also means that the opt-out cookie is deleted and must therefore be reactivated by the users.

Online presences on social media

I maintain online presences within social networks and platforms in order to communicate with the customers, prospects and users active there and to inform them about my services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless stated otherwise within my privacy policy, I process users' data insofar as they communicate with me within the social networks and platforms, e.g. by writing posts on my online presences or sending me messages.