In German: DatenschutzerklΓ€rung
Last updated: June 13, 2026
This privacy policy explains what data is collected when you visit my blog, how it is processed, and what rights you have under the EU General Data Protection Regulation (GDPR / DSGVO).
1. Controller (Verantwortlicher)
The party responsible for data processing on this website is: me
2. Hosting (WordPress.com / Automattic)
This website is hosted on WordPress.com, a service of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
When you visit this website, Automattic’s servers automatically collect technical information in so-called server log files, including your IP address, browser type and version, operating system, referrer URL, date and time of access, and pages visited. This data is necessary to deliver the website, ensure its stability and security, and defend against attacks. It is not merged with other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable operation of this website).
Automattic is a US company. Data may therefore be transferred to the United States. Automattic is certified under the EU-US Data Privacy Framework, which the European Commission has recognized as providing an adequate level of data protection. Further information is available in Automattic’s privacy policy: https://automattic.com/privacy
3. Cookies
This website uses cookies β small text files stored on your device. WordPress.com sets technically necessary cookies that are required for the website to function (for example, session and security cookies). These are placed on the basis of Art. 6(1)(f) GDPR. Where cookies are not strictly necessary (e.g. statistics, see Section 6), consent under Art. 6(1)(a) GDPR applies via the cookie banner.
You can configure your browser to block or delete cookies at any time. Blocking necessary cookies may limit the functionality of this website.
4. Comments
If you leave a comment on this blog, the following data is collected and stored: your name, your email address, your website (optional, if provided), the content of your comment, the date and time of submission, and your IP address.
The IP address is stored for security reasons β for example, to identify spam or unlawful content (legal basis: Art. 6(1)(f) GDPR, legitimate interest in operating a safe comment function). Name and comment content are published on the website; your email address is never published.
Comments and their associated data are stored until the comment is deleted or until you request deletion.
Spam protection with Akismet. This website uses the Akismet anti-spam service, also provided by Automattic Inc. (USA). When you submit a comment, data such as your IP address, name, email address, website, and comment text are transmitted to Akismet servers and checked against a spam database. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in preventing comment spam). Data transfer to the USA is safeguarded by Automattic’s certification under the EU-US Data Privacy Framework.
5. Gravatar
The comment function uses the Gravatar service (Automattic Inc., USA). When you comment, a cryptographic hash of your email address is transmitted to Gravatar to check whether a profile picture is associated with it. If you have a Gravatar account, your profile picture will be displayed next to your comment.
If you do not want your Gravatar image to appear, please comment using an email address that is not registered with Gravatar. Legal basis: Art. 6(1)(f) GDPR. Gravatar’s privacy information: https://automattic.com/privacy
6. Statistics (Jetpack / WordPress.com Stats)
This website uses WordPress.com Stats (part of Jetpack, operated by Automattic Inc.) to analyze visitor traffic. The tool collects data such as your shortened/anonymized IP address, the pages you visit, the referring website, your browser, and your approximate location (country level).
This data is used solely to understand how the blog is used and to improve its content. No personal user profiles are created and the data is not shared with third parties for advertising purposes.
Legal basis: your consent via the cookie banner, Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.
Jetpack also serves images through Automattic’s content delivery network (CDN, e.g. i0.wp.com), which involves transmitting your IP address to retrieve image files. Legal basis: Art. 6(1)(f) GDPR (fast and efficient delivery of website content).
7. Contact by Email
If you contact me by email, your message and the contact details you provide (name, email address) are stored in order to handle your inquiry and any follow-up questions. This data is not shared with third parties.
Legal basis: Art. 6(1)(f) GDPR; if your inquiry relates to a contract, Art. 6(1)(b) GDPR. Your data is deleted once your request has been fully dealt with, unless statutory retention obligations apply.
8. External Links
This website contains links to external websites and profiles, including Facebook, Instagram, and Canva. These are simple links only β no social media plugins, tracking pixels, or embedded content from these platforms are integrated into this website. When you click such a link, you leave this website, and the privacy policy of the respective provider applies. I have no influence on the data processing carried out by these third parties.
9. Your Rights
As a data subject under the GDPR, you have the following rights:
- Access (Art. 15 GDPR): You may request information about the personal data I process about you.
- Rectification (Art. 16 GDPR): You may request the correction of inaccurate data.
- Erasure (Art. 17 GDPR): You may request the deletion of your data, provided no legal retention obligations apply.
- Restriction of processing (Art. 18 GDPR): You may request that the processing of your data be restricted.
- Data portability (Art. 20 GDPR): You may request to receive your data in a structured, commonly used, machine-readable format.
- Objection (Art. 21 GDPR): You may object to processing based on legitimate interest at any time, for reasons arising from your particular situation.
- Withdrawal of consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw it at any time with effect for the future.
To exercise any of these rights, please contact me.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
10. SSL/TLS Encryption
This website uses SSL/TLS encryption (recognizable by “https://” and the lock symbol in your browser) to protect the transmission of data such as comments and contact inquiries.
11. Changes to This Privacy Policy
I may update this privacy policy from time to time to reflect legal changes or changes to the website (for example, if new features or embedded services are added). The version published on this page always applies.