Privacy Policy

Last updated: March 2026

1. Controller

The controller responsible for data processing on this website is:

Lars Müller
c/o Postflex #9366
Emsdettener Str. 10
48268 Greven
Germany

2. Overview

This privacy policy explains what personal data is collected when you visit this website and how it is processed. We take the protection of your personal data seriously and treat it in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

3. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the "https://" prefix in your browser's address bar.

4. Server Log Files

When you visit this website, the web server automatically collects and stores information in so-called server log files, which your browser automatically transmits to us:

IP address of the requesting device
Date and time of the request
URL and HTTP method of the request
Browser type and version
Operating system
Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). The processing is necessary for the operation and security of the website.

Retention: Server log files are automatically deleted after 30 days.

5. Contact Form

When you use the contact form on this website, the following data is collected:

Name
Email address
Message content

This data is stored on our own server and used solely to process your inquiry. No data is shared with third parties.

When a message is submitted, a generic notification (without any personal data) is sent to us via the Telegram messaging service (Telegram FZ-LLC, Dubai, UAE). The notification only informs us that a new inquiry has been received — your name, email, and message content are not transmitted to Telegram.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) if your inquiry relates to a contractual relationship, otherwise Art. 6(1)(f) GDPR (legitimate interest in answering inquiries).

Retention: Contact form submissions are stored for a maximum of 12 months, after which they are deleted. Shorter retention applies if the purpose of the inquiry has been fulfilled earlier.

6. Fonts (Self-Hosted)

This website uses the fonts "Inter" and "Poppins". The fonts are hosted locally on our own server. No connection to external servers (such as Google) is made, and no data is transmitted to third parties.

7. YouTube (Two-Click Solution)

This website embeds videos from YouTube (Google Ireland Limited). Videos are only loaded after your active consent (clicking the play button). No connection to YouTube is established by simply visiting the page.

Only when you choose to play a video, a connection to YouTube's servers is established and your IP address is transmitted. We use YouTube's enhanced privacy mode (domain: youtube-nocookie.com) to minimize data processing.

If you are logged into your YouTube/Google account, YouTube may associate your browsing behavior with your personal profile.

Legal basis: Art. 6(1)(a) GDPR (consent by click).

Third-country transfer: YouTube is operated by Google Ireland Limited, acting on behalf of Google LLC (USA). Data transfer is based on the EU-US Data Privacy Framework, under which Google is certified.

YouTube's privacy policy: https://policies.google.com/privacy

8. Appointment Scheduling (Calendly)

This website contains links to the appointment scheduling service Calendly (Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA). When you click on a scheduling link, you are redirected to Calendly's website. No connection to Calendly is established until you actively click the link.

When you use Calendly to book an appointment, the following data may be processed by Calendly:

Name and email address (entered by you)
Selected appointment date and time
IP address
Browser and device information

Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures — scheduling a consultation) and Art. 6(1)(a) GDPR (consent by clicking the scheduling link).

Third-country transfer: Calendly is based in the USA. Data transfer is based on the EU-US Data Privacy Framework, under which Calendly is certified.

Calendly's privacy policy: https://calendly.com/privacy

9. Infrastructure / Content Delivery (Cloudflare)

This website is delivered through the infrastructure of Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). All requests to this website pass through Cloudflare's network. In this process, the following data may be processed by Cloudflare:

IP address
HTTP request headers (browser type, language, referrer)
Requested URL
Date and time of access

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable delivery of the website).

Third-country transfer: Cloudflare is based in the USA. Data transfer is based on the EU-US Data Privacy Framework, under which Cloudflare is certified.

Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/

10. External Links (LinkedIn, GitHub)

This website contains links to external services such as LinkedIn and GitHub. When you follow these links, data may be collected by the respective third-party providers according to their own privacy policies. We have no influence over the data processing carried out by these providers.

11. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data.
Right to erasure (Art. 17 GDPR): You have the right to request deletion of your personal data, provided there is no legal obligation to retain it.
Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of the processing of your personal data.
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests at any time.
Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent (e.g., YouTube videos), you have the right to withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, please contact: [email protected]

12. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Tel.: 0211/38424-0
E-Mail: [email protected]
https://www.ldi.nrw.de

13. Cookies and Local Storage

This website does not use cookies, local storage, or similar technologies for tracking or analytics purposes. No information is stored on your device when you visit the public pages of this website. YouTube videos are only loaded after your active consent (see Section 7).

The internal admin area uses browser local storage solely to persist the authentication key for the current session. This is strictly necessary for the operation of the admin interface and is exempt from consent under TTDSG § 25 Abs. 2 Nr. 2.

Legal basis: TTDSG § 25 — no consent is required for strictly necessary storage.

14. Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place on this website.

15. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our data processing practices or legal requirements.