Privacy policy

1. Controller

The controller within the meaning of the GDPR is:

Jens Hartmann Burnitzstr. 47 60596 Frankfurt am Main Deutschland E-Mail: post@weltenbummler.info Telefon: +49 69 34877122

2. Your rights as a data subject

With regard to the personal data concerning you, you have the following rights vis-à-vis the controller: the right of access (Art. 15 GDPR), to rectification (Art. 16), to erasure (Art. 17), to restriction of processing (Art. 18), to data portability (Art. 20), and the right to object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1)(f) GDPR (Art. 21 GDPR).

To exercise your rights, an informal message to the e-mail address stated above is sufficient.

3. Right to lodge a complaint with a supervisory authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for the controller is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany. You may also contact the supervisory authority of your habitual residence.

4. Hosting and server log files (Vercel)

This website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When the site is accessed, the host automatically collects and stores information transmitted by your browser in server log files: in particular the IP address, date and time of access, the requested resource, the referrer URL, and the browser and operating system used.

The legal basis is Art. 6 (1)(f) GDPR; our legitimate interest lies in the secure, stable and efficient provision of the website. A data processing agreement pursuant to Art. 28 GDPR is in place with the provider. Any transfer to the USA is based on the EU-US Data Privacy Framework and the European Commission's Standard Contractual Clauses (Art. 44 et seq. GDPR).

5. Content delivery and DNS (Cloudflare)

For name resolution (DNS) and to secure delivery, we use services of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. In doing so, the IP address of the requesting device is processed in order to technically deliver the request and to mitigate attacks. The legal basis is Art. 6 (1)(f) GDPR (secure and reliable provision); a data processing agreement is in place, and any third-country transfer is safeguarded by Standard Contractual Clauses.

6. Web analytics (Plausible Analytics)

For the statistical evaluation of usage we use Plausible Analytics, operated by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible works entirely cookie-free, stores no IP addresses, creates no device- or person-related profiles, and does not track you across sites. Only aggregated, anonymous statistics are produced (e.g. page views, referral source, approximate country-level origin) as well as anonymous performance metrics (Core Web Vitals). The data is processed exclusively within the EU.

As no information is stored on or read from your device in the process, no consent under § 25 (1) TDDDG is required. The legal basis for processing anonymous reach data is our legitimate interest in designing the website to meet user needs (Art. 6 (1)(f) GDPR). A consent banner is therefore not required.

7. Error and stability monitoring (Sentry)

To detect technical errors and ensure the stability of the website, we use Sentry, a service of Functional Software, Inc. (45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA). Processing takes place via the provider's EU region with storage in a data centre in Frankfurt am Main. If an unhandled program error occurs in the browser, technical error data is transmitted — in particular the error type and message, the accessed URL and technical context; the IP address may be processed in this context. No cookies are set and no personal profiles are created.

The legal basis is Art. 6 (1)(f) GDPR; the legitimate interest lies in ensuring error-free and secure operation. A data processing agreement is in place with the provider; any third-country transfer is safeguarded by Standard Contractual Clauses.

8. Web fonts

The fonts used are served locally from our own server. There is no connection to third-party servers (such as Google Fonts) in this process; no data is transferred to third parties.

9. Contact by e-mail

If you contact us by e-mail, we process the data you transmit (your e-mail address and the content of your message) solely to handle your request. The legal basis is Art. 6 (1)(f) GDPR (interest in responding) or Art. 6 (1)(b) GDPR where the request relates to a contract. The data is deleted as soon as it is no longer required to achieve the purpose and no statutory retention obligations apply.

10. Storage period

We process personal data only for as long as is necessary for the respective purposes. Server log files are generally retained only briefly and then deleted or anonymised, unless they are needed to investigate a specific security incident.

11. Encryption

For security reasons and to protect the transmission, this website uses TLS encryption (HTTPS). You can recognise an encrypted connection by the padlock symbol in your browser's address bar.

12. No automated decision-making; changes

There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR. We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The version published here at the time applies.