Privacy Policy

Last updated: May 2026

1. Controller

The controller responsible for data processing on this website is:

Philipp Weber
Nordendstraße 4a
80799 Munich
Germany
Email:

2. Hosting and delivery via Cloudflare Pages

This website is provided through Cloudflare Pages. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

When you access this website, Cloudflare processes technical connection and access data, in particular:

  • IP address,
  • date and time of access,
  • requested URL,
  • referrer URL,
  • browser type and browser version,
  • operating system,
  • technical security and status information.

This processing is carried out for the purpose of securely, stably, and efficiently providing the website.

The legal basis is Art. 6(1)(f) GDPR. My legitimate interest lies in the secure, efficient, and reliable provision of my online content.

3. Security features: WAF, bot protection and rate limiting

To protect this website against misuse, automated attacks, bot traffic, and overload, I use Cloudflare security features, in particular Web Application Firewall (WAF), bot protection, and rate limiting.

In this context, security-related technical data may be processed and — depending on the configuration — strictly necessary cookies may be set. These may include in particular:

  • __cf_bm
  • cf_clearance
  • __cfruid
  • _cfuvid

These cookies and similar technologies serve security and protection purposes only.

The legal basis for the subsequent processing of personal data is Art. 6(1)(f) GDPR. My legitimate interest lies in protecting the website against abusive use, attacks, and disruptions.

To the extent that information is stored on or accessed from your terminal device, this is based on § 25 para. 2 no. 2 TDDDG, insofar as the operation is strictly necessary to securely provide the digital service you have expressly requested.

4. No optional tracking or marketing services

I currently do not use any optional analytics, marketing, or convenience services. In particular, this site uses no Cloudflare Web Analytics, no Zaraz, no Google Analytics, no external fonts, no maps, no comment function, and no embedded social media tracking.

5. Processor and recipients

Cloudflare processes personal data for me as a technical service provider. To the extent Cloudflare processes personal data on my behalf, the processing is based on Cloudflare's Data Processing Addendum (DPA) / processor terms.

The recipient of the above-mentioned data is therefore Cloudflare as hosting, delivery, and security provider.

6. International transfers

Cloudflare is a U.S. provider with a global infrastructure. Personal data may therefore also be processed in the United States and in other third countries.

For such processing, Cloudflare refers to its Data Processing Addendum, its participation in the EU-U.S. Data Privacy Framework, and — where required — to Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Please note: I do not claim exclusively EU-only processing unless I have specifically activated regional processing features offered by the provider.

7. Retention

I do not create any additional visitor profiles and do not store any access or security data myself in addition to what Cloudflare processes for the operation of this website.

To the extent Cloudflare processes technical metadata and security data within its services, Cloudflare's product- and configuration-specific retention periods apply.

8. Your rights

Under the applicable legal requirements, you have the right to:

  • access,
  • rectification,
  • erasure,
  • restriction of processing,
  • data portability,
  • object to processing based on Art. 6(1)(f) GDPR.

You also have the right to lodge a complaint with a data protection supervisory authority. For operators based in Bavaria, this is generally the Bayerisches Landesamt fuer Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany, www.lda.bayern.de.

9. Requirement to provide data

The provision of personal data is neither legally nor contractually required for merely visiting this website. However, without processing technically necessary data, the website cannot be delivered and secured.

10. Automated decision-making

No automated decision-making within the meaning of Art. 22 GDPR takes place.