Legal
Privacy
This website is built to be deliberately data-minimal. It uses no cookies and no comparable identification techniques on your device, and it has no contact form. Reach is measured with a cookieless, anonymous statistic (Plausible Analytics) — no profiles, no advertising use, no cookie banner. Personal data is otherwise processed only to the extent technically necessary to operate the website and to answer a direct enquiry. This notice explains, under Articles 13 and 14 GDPR, what that data is, for what purpose and on what legal basis it is processed — and what rights you have.
This English text is provided for convenience; the German Datenschutzerklärung is the legally authoritative version.
Controller
The controller for the processing of personal data on this website, within the meaning of the GDPR, is:
Dr. Jens Hartmann
Burnitzstraße 47
60596 Frankfurt am Main
Germany
Email: contact@
Telephone: +49 69 34877122
Processing when the website is accessed
Each time this website is accessed, the server automatically processes technical data transmitted by your browser. This is, in particular, the IP address of the requesting device, the date and time of access, the specific page or file requested, the HTTP status code and the volume of data transferred, the previously visited page (referrer) where transmitted, and the type and version of the browser and the operating system used.
This processing is technically necessary to deliver the website, to ensure its secure and stable operation and to defend against abusive access. The legal basis is Article 6 (1) (f) GDPR; the legitimate interest lies in a secure, functioning web presence. The data is erased once it is no longer required for that purpose. It is not combined with other sources and is not evaluated for advertising or analytics purposes.
Hosting
This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes the data arising when the website is accessed solely on our instructions, as a processor; the basis is a data processing agreement under Article 28 GDPR. As Vercel is based in the USA, personal data may be transferred there. That transfer is safeguarded by the European Commission's Standard Contractual Clauses agreed with Vercel (Article 46 (2) (c) GDPR).
Getting in touch
If you contact us by email or telephone, we process the data you provide — such as your name, your contact details and the content of your message — solely to handle and answer your enquiry. The legal basis is Article 6 (1) (b) GDPR where your enquiry concerns the conclusion or performance of a contract, and otherwise Article 6 (1) (f) GDPR (legitimate interest in answering enquiries). The data is erased once it is no longer required for that purpose and no statutory retention obligation — for instance under commercial or tax law — applies.
Reach measurement with Plausible Analytics
This website uses Plausible Analytics to measure reach. The provider is Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible is deliberately data-minimal: it sets no cookies, no local storage and no comparable identification techniques on your device, and it reads none. No profile is built and no cross-device tracking takes place.
On each page view, only anonymous usage data is collected: the page requested, the referring link, general information about the browser, operating system and device type used, and the country of the visit at country level. Your IP address is not stored; it is used only briefly to compute a daily-rotating, salted hash that makes a visit recognisable within a single day. That hash cannot be reversed and is discarded at the end of the day. Individual persons cannot be re-identified.
Processing takes place on servers located within the European Union. Plausible processes the data as a processor, solely on our instructions; the basis is a data processing agreement under Article 28 GDPR. No transfer to third countries takes place.
The legal basis is Article 6 (1) (f) GDPR; the legitimate interest is the needs-based design and continuous improvement of the website. Because no information is stored on or read from your device, no consent under § 25 TDDDG (the German implementation of the ePrivacy Directive) is required. Further information on how Plausible works and on its data handling: plausible.io/data-policy.
Recipients of the data
Your personal data is not passed to third parties — with the exception of the hosting provider named above and the reach-measurement provider (Plausible, see above), which each process the data as processors and solely on our instructions. Your data is not sold and is not transferred to third parties for advertising purposes.
No cookies, no cookie banner
This website stores no cookies and uses no comparable techniques on your device; the reach measurement with Plausible (see above) is cookieless. No advertising, no cross-device tracking and no profiling takes place. Typefaces are served from our own server; no further third-party content is embedded. No consent is therefore required, and there is no cookie banner.
Encryption
The website is delivered exclusively over an encrypted HTTPS (TLS) connection. The data transmitted between your browser and the server is thereby protected against being read by third parties.
Retention
Personal data is erased once the purpose of its processing ceases and no statutory retention period applies. The period that applies in each case follows from the sections above.
Your rights
In respect of your personal data you have the right of access (Article 15 GDPR), to rectification (Article 16 GDPR), to erasure (Article 17 GDPR), to restriction of processing (Article 18 GDPR) and to data portability (Article 20 GDPR).
Where processing rests on Article 6 (1) (f) GDPR, you have the right to object to it at any time on grounds relating to your particular situation (Article 21 GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority — in particular in the EU member state of your residence or the place of the alleged infringement (Article 77 GDPR). The authority competent for the controller is Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Wiesbaden. No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.
Changes to this privacy policy
We update this privacy policy when changes to the website or to the legal framework make that necessary. The version published here is the one that applies; its date is given below.