Privacy Notice

1. Name and Contact Details of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Mario Ottmann (Sole Proprietorship)
Sperberkamp 12a
22175 Hamburg
Germany
Email: info@marioottmann.com

2. General Information on Data Processing

The protection of your personal data is important to us. We process your personal data only to the extent necessary to provide a functional website as well as our content and services. Processing only takes place on the basis of legal permission or your consent.

The technical and organizational measures (TOMs) we have implemented ensure an appropriate level of protection, in particular we use SSL/TLS encryption for the transmission of data between your browser and our server.

3. Collection of Access Data and Server Log Files (Hosting)

Scope of Personal Data Processing

When you visit our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). This includes:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address

Purpose and Legal Basis of Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. Storage in log files is carried out to ensure the functionality of the website and to ensure the security of our information technology systems. Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

Recipients and International Data Transfer (Hosting)

Our website is hosted via the service provider Vercel. Vercel, Inc. is a US company. By using this service provider, a transfer of personal data to the USA takes place. To ensure an adequate level of data protection, we have agreed on the Standard Contractual Clauses (SCCs) issued by the EU Commission with Vercel.

4. Newsletter Registration (Email Marketing)

Scope of Personal Data Processing

For registration to our newsletter, we only collect your email address. No other personal data is collected.

Purpose and Legal Basis of Processing

The processing of your email address serves the purpose of sending you the newsletter. Processing is based on your consent (Art. 6 para. 1 lit. a GDPR), which you give us during the registration process. We use the double opt-in procedure to ensure that the consent was actually given by you.

Withdrawal of Consent

You can withdraw your consent at any time with effect for the future and unsubscribe from the newsletter. This can be done via the unsubscribe link contained in each newsletter or by sending a message to the contact email address mentioned above.

Recipients and International Data Transfer (Newsletter Tool)

We use the service provider kit.com (or a related email tool) to send the newsletter. This service provider receives your email address for the purpose of sending on our behalf. Depending on the location of the service provider and the storage of the data, a transfer to a third country (e.g. USA) may take place. We ensure that an adequate level of data protection is guaranteed through appropriate safeguards (such as the Standard Contractual Clauses).

5. Web Analytics with Umami (without Cookies)

Scope of Personal Data Processing

We use the analytics service Umami Online for statistical evaluation of visitor access. Umami is a privacy-friendly analytics tool that does not use cookies. The collected data is anonymized and does not allow any conclusions about your person. Only technical and usage data is collected, such as:

Anonymized/hashed IP address
Browser/device information
Pages visited and duration of stay
Origin (referrer)

Purpose and Legal Basis of Processing

The analysis serves to optimize our website and to create visitor statistics. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR lies in these purposes. Through the anonymization of data and the renunciation of cookies, the processing is minimally invasive and only slightly restricts your fundamental rights and freedoms.

Recipients and International Data Transfer (Umami)

The service is provided by Umami Online. We ensure that any data processing outside the EU/EEA (e.g. in the USA) is secured by the agreement of the Standard Contractual Clauses.

6. Storage Duration (Data Deletion)

We only store personal data for as long as is necessary to achieve the purposes mentioned here or as prescribed by the storage periods provided by law. Data is deleted according to the following criteria:

Newsletter Data: Your email address will be deleted immediately after withdrawal of your consent (unsubscription from the newsletter) or at the latest 30 days after your unsubscription.
Log Files/Hosting Data: Log files are deleted after a maximum of 7 days, unless further storage for evidence purposes (e.g. in case of abuse) is required.
Umami Data: The anonymized usage data is automatically deleted after a maximum of 12 months, as it is no longer relevant for website optimization after that.

7. Your Rights as a Data Subject

As a data subject, you have the right to:

Access (Art. 15 GDPR): You have the right to request information at any time about whether and what data we process about you.
Rectification (Art. 16 GDPR): You can request the correction of inaccurate data or the completion of incomplete data.
Erasure (Art. 17 GDPR): You have the right to request the deletion of your data, provided the legal requirements are met.
Restriction of Processing (Art. 18 GDPR): You can request that the processing of your data be restricted.
Data Portability (Art. 20 GDPR): You have the right to receive the data concerning you in a structured, commonly used and machine-readable format.
Object (Art. 21 GDPR): You have the right to object to the processing of data concerning you at any time on grounds relating to your particular situation.
Withdrawal of Consent (Art. 7 para. 3 GDPR): You can withdraw consent once given at any time with effect for the future.
Complaint to a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data is unlawful.