Privacy Policy

Privacy Policy

1. Data Controller & Overview

Data Controller under GDPR:
Ingmar Konnow
Rudolf-Leonard-Str. 4
01097 Dresden
Germany

Phone: +49 (0)173 9087237
Email: admin@ingmar.konnow.de

Last Updated: March 16, 2025

2. Types of Data Collected

Among the types of Personal Data that this website collects, by itself or through third parties, there are:

  • Usage Data (e.g., pages visited, access times, interaction patterns)
  • Email address (when registering)
  • Username (when registering)
  • Technical data (IP address, browser type, operating system, device information)
  • Cookies and tracking technologies

Detailed information on each type of Personal Data collected is provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.

Special Categories of Data: This website does not intentionally collect any special categories of personal data (such as health information, racial or ethnic origin, political opinions, religious or philosophical beliefs).

Children's Privacy: Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.

3. Methods and Place of Processing

Processing Methods

The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons involved with the operation of this Website (administration, legal, system administrators) or external parties (such as third-party technical service providers, hosting providers).

Place of Processing

The Data is processed at the Data Controller's operating offices and in any other places where the parties involved in the processing are located.

Server Location: Germany (Ghost CMS instance at Hetzner Online GmbH)

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To learn more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

4. Hosting Provider

Hetzner Online GmbH

Industriestr. 25
91710 Gunzenhausen
Germany

Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interests)

We use Hetzner for:

  • Server infrastructure
  • Network security
  • Data storage

Processed data includes:

  • IP addresses
  • Access timestamps
  • Request technical metadata

Data Processing Agreement: An agreement is in place.
Server Location: Germany (Ghost CMS instance)
Technical and Organizational Measures: Hetzner implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including regular security audits, access controls.

Hetzner's Privacy Policy

5. Data Processing Activities

Website Analytics

Legal Basis: Art. 6(1)(a) GDPR (Consent)

Processed data:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of accessing computer
  • Time of server request
  • IP address (anonymized)

Purpose: To analyze website usage patterns and improve user experience
Storage Duration: 14 days
Opt-out Possibility: You can opt out of analytics by declining non-essential cookies in the cookie banner

Ghost User Accounts

Legal Basis: Art. 6(1)(b) GDPR (Performance of a Contract)

Stored data:

  • Email address (encrypted)
  • Username (pseudonymized)
  • Password hash (bcrypt algorithm)
  • Last login timestamp

Purpose: To provide user account functionality and personalized content
Storage Duration: Until account deletion by user or after 2 years of inactivity
Data Subject Rights: You can access, modify, or delete your account data at any time through your account settings

Comment Function

Legal Basis: Art. 6(1)(a) GDPR (Consent)

Stored data:

  • Comment text
  • Email address
  • Username (for non-anonymous publication)

Purpose: To enable user interaction and discussion
Storage Duration: Until deletion of the commented content
Moderation: Comments may be reviewed before publication to prevent spam or abusive content

6. Technical Security Measures

We implement:

  • Regular vulnerability scans and penetration testing
  • Two-factor authentication for admin access
  • Daily backups with secure off-site storage
  • Automatic security updates for all system components
  • Intrusion detection and prevention systems
  • Regular security training for all staff with access to systems

Incident Response: We maintain a comprehensive incident response plan to quickly address any potential data breaches. In the event of a personal data breach, we will notify affected users and relevant supervisory authorities within 72 hours, as required by GDPR Article 33.

7. Data Retention

Personal Data is stored for the following periods:

  • Usage Data: 14 days
  • Account Data: Until account deletion or after 2 years of inactivity
  • Comment Data: Until deletion of the commented content
  • Server Logs: 30 days for security and troubleshooting purposes
  • Backup Data: Maximum of 90 days for disaster recovery purposes

Personal data will be deleted when:

  • The purpose for which it was collected no longer exists
  • Legal retention periods have expired
  • Consent has been withdrawn
  • The data subject has exercised their right to erasure

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Data Minimization: We follow the principle of data minimization, collecting and retaining only the personal data that is necessary for the specified purposes.

8. Purposes of Processing

The Data concerning the User is collected to allow the Owner to provide its services and for the following purposes:

  • Providing the website and its functions
  • Improving user experience through analytics and feedback
  • Compliance with legal obligations
  • Protection against misuse, unauthorized access, and cyber threats
  • Statistical analysis (in anonymized form)
  • Communicating with users who have registered accounts
  • Enabling user interaction through comments and discussions

Each purpose is tied to specific legal bases as outlined in the respective sections of this privacy policy.

This website uses cookies and similar tracking technologies to enhance user experience and collect information about how the website is used. We categorize cookies as follows:

  • Necessary Cookies: Essential for the website to function properly
  • Preference Cookies: Enable the website to remember choices you make
  • Analytics Cookies: Help us understand how visitors interact with the website
  • Marketing Cookies: Used to track visitors across websites for advertising purposes

Cookie Management: We provide a comprehensive cookie consent banner that allows you to:

  • Accept or decline non-essential cookies
  • Make granular choices about specific cookie categories
  • Change your preferences at any time through our cookie settings page

For detailed information about the cookies we use, please refer to our Cookie Policy.

10. Third Country Transfers

For US-based services:

  • We only use providers with EU Standard Contractual Clauses
  • Annual data protection impact assessments
  • Data minimization through pseudonymization

Google Fonts

Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interests)

We use Google Fonts to display consistent typography across our website. Google may process your IP address when you access our website. We have implemented Google Fonts locally to minimize data transfer to Google's servers.

OpenStreetMap

Data transfer to the United Kingdom is based on the fact that the United Kingdom is considered a secure third country under data protection law.

11. Your Rights under GDPR

You have the right to:

  • Access your stored personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erasure ("right to be forgotten", Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

How to Exercise Your Rights:

  1. Send an email to admin@ingmar.konnow.de with your specific request
  2. Provide sufficient information to identify yourself
  3. Clearly state which right you wish to exercise
  4. We will respond to your request within 30 days

Complaints: If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. You can lodge a complaint in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Contact for data protection inquiries:
admin@ingmar.konnow.de

You can withdraw any consent you have given us at any time with future effect. The withdrawal can be made informally, for example by email to:

admin@ingmar.konnow.de

Sample withdrawal text:

Subject: Withdrawal of Consent

Dear Sir or Madam,
I hereby withdraw my consent to the processing of my personal data according to your privacy policy dated [insert date].
 
Yours sincerely,
[Your name]
[Your address, if necessary]

The lawfulness of data processing carried out until the withdrawal remains unaffected.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify registered users of any material changes by email and post a notice on our website.

The date of the latest revision is indicated at the top of this privacy policy. We encourage you to review this privacy policy periodically to stay informed about how we protect your personal information.

13. Contact

For general inquiries, please contact us at:
admin@ingmar.konnow.de

Our privacy practices comply with GDPR and other relevant data protection laws. This privacy policy has been prepared with consideration of the guidelines from the European Data Protection Board and applicable data protection authorities.

This privacy policy was created with consideration of the guidelines from the European Data Protection Board.