PRIVACY POLICY (Datenschutzerklärung)

1) Controller

Bruno Morety
Kirchenstr. 88c, 81675 Munich, Germany
Email: bmorety@icloud.com

2) Hosting (GitHub Pages)

This website is hosted on GitHub Pages (provider: GitHub, Inc.). When you access the site, the hosting provider may process server log files (e.g., IP address, timestamp, requested URL, referrer, user agent) to ensure the secure and reliable operation of the service. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and error-free provision of our website). GitHub participates in the EU-U.S. Data Privacy Framework; transfers to the U.S. may also rely on Standard Contractual Clauses (Art. 46 GDPR). We do not permanently store hoster logs; any retention by the hoster is subject to its policies.

3) Our server logs

Our own systems may temporarily store server logs (IP address, date/time, URL, status code, referrer, user agent) for troubleshooting and security. Legal basis: Art. 6(1)(f) GDPR. Logs are deleted or anonymised after 30 days, unless a specific security incident requires longer retention.

4) Cookies & access to terminal equipment (§ 25 TTDSG)

We do not use non-essential cookies or comparable tracking technologies. If we introduce analytics or marketing technologies in the future, we will obtain your prior consent under § 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR. Strictly necessary cookies may be used without consent under § 25(2) TTDSG.

5) Web fonts (Google Fonts, remote)

For consistent typography, we load Google Fonts from servers operated by Google. Your IP address is transmitted to Google to deliver the fonts. Legal basis: your consent (Art. 6(1)(a) GDPR; § 25(1) TTDSG). You can withdraw consent at any time with future effect. Note: As a privacy-friendly alternative, we plan to migrate to locally hosted fonts to avoid external requests.

6) Reach measurement (Simple Analytics)

We use Simple Analytics (Simple Analytics B.V., Netherlands) for privacy-friendly, cookie-less website statistics. According to the provider, no personal data (in particular no IP addresses) are stored and no user profiles are built; only aggregated metrics are provided. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a non-invasive, aggregated understanding of website usage). Because no storage or access to information on the user’s device is required, no consent under § 25 TTDSG is necessary for this tool.

7) Contacting us / Social media

If you contact us by email or via social media (e.g., LinkedIn), we process your message, contact details, and any data you provide solely to handle the inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual measures) and/or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). We delete inquiries once they are finally handled, unless statutory retention duties apply.

8) Scheduling via TidyCal (independent controller)

If you click our scheduling link, you will be taken to TidyCal (Sumo Group Inc., USA). For data processing on tidycal.com, TidyCal acts as an independent controller (see TidyCal’s privacy policy). If TidyCal transmits booking details to us (e.g., your name, email, chosen time slot), we process them to schedule and conduct the call. Legal basis: Art. 6(1)(b) GDPR.

9) Recipients & third-country transfers

We disclose personal data only to service providers/recipients where necessary (e.g., hosting, analytics). Where data are transferred outside the EU/EEA, we ensure an adequate level of protection via an adequacy decision (Art. 45 GDPR, e.g., EU-U.S. DPF) or Standard Contractual Clauses (Art. 46 GDPR).

10) Storage periods

We store personal data only as long as necessary for the respective purpose or as required by statutory retention periods. After the purpose ceases or the retention periods expire, the data will be erased or anonymised.

11) Your rights

You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and to object (Art. 21 GDPR) to processing based on Art. 6(1)(e) or (f) GDPR. Where processing is based on consent (Art. 6(1)(a)), you can withdraw your consent at any time with effect for the future. You also have the right to lodge a complaint with a supervisory authority, in particular in your place of residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

12) Security

We use TLS encryption and appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access.