data privacy

As of September 18, 2023

Table of Contents


Niklas Reiprich
Kirchplatz 6
04523 Pegau

Email Address:


Relevant Legal Bases

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of residence. Furthermore, specific legal bases may apply in individual cases, which we will inform you about in the privacy policy.

  • Legitimate interests (Art. 6(1) lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations in Germany apply. This includes, in particular, the Act for the Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). The BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making on an individual basis, including profiling. In addition, state data protection laws of the individual federal states may apply.

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

  • Usage data.
  • Meta, communication, and process data.

Categories of data subjects

  • Users.

Purposes of processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Security measures.
  • Provision of our online services and user-friendliness.
  • Information technology infrastructure.

Rights of Data Subjects

Rights of data subjects under the GDPR: You, as data subjects, have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1) lit. e or f GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and additional information as per legal requirements.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you or the completion of incomplete personal data as per legal requirements.
  • Right to erasure and restriction of processing: You have, according to legal requirements, the right to demand the erasure of personal data concerning you without undue delay or, alternatively, the restriction of processing of the data.
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transmission of that data to another controller in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data concerning you violates the GDPR provisions.

Provision of Online Offer and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed data types: Usage data (e.g., visited web pages, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Provision of contractual services and fulfillment of contractual obligations.
  • Legal bases: Legitimate interests (Art. 6(1) lit. f) GDPR).

Further information on processing procedures, processes, and services:

  • Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity, and software that we rent or otherwise obtain from a server provider (also known as a "web hoster"); Legal bases: Legitimate interests (Art. 6(1) lit. f) GDPR).
  • Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed websites and files, date and time of access, data volumes transferred, report of successful access, browser type and version, the user's operating system, referrer URL (previously visited page), and, in general, IP addresses and the requesting provider. Server log files may be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the performance and stability of the servers; Legal bases: Legitimate interests (Art. 6(1) lit. f) GDPR).Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes is excluded from deletion until final clarification of the respective incident.
  • 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal bases: Legitimate interests (Art. 6(1) lit. f) GDPR); Website:; Privacy Policy: Data Processing Agreement:

Changes and Updates to the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting them.


In this section, you will find an overview of the terminology used in this privacy policy. To the extent that the terms are legally defined, their legal definitions apply. The following explanations are intended to serve understanding primarily.

  • Personal data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Controller: The "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction.

Created with the free privacy policy generator from Dr. Thomas Schwenke