Privacy Policy

When visiting this website, various data may be processed depending on usage:

• Technical access data through server operation (log files).
• Reach measurement with Umami Analytics (self-hosted, without cookies).
• Communication data when contacting us (contact form/email/phone).
• Security-relevant data within our Web Application Firewall (WAF).

Details, purposes, legal bases, and retention periods can be found in the following sections.

Type of data: requested URL, date/time, transferred data volume, HTTP status, referrer, browser/OS, IP address (shortened/anonymized where technically possible).

Purpose: Website delivery, stability, error analysis, IT security.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operation/security).

Retention period: maximum 7-14 days; longer retention only on a case-by-case basis (e.g., incident analysis).

Recipients: Hetzner Online GmbH, Germany, as processor under Art. 28 GDPR.

We do not use tracking or marketing cookies.

Technically necessary cookies: As part of the WAF, a session cookie may be used to securely assign requests or defend against attacks.

Name: sl-session

Purpose: Security/load balancing functions (no tracking).

Retention: End of session.

Provider: Safeline (self-hosted).

Legal basis: Art. 6(1)(f) GDPR (IT security).

We use Umami Analytics as a privacy-friendly, self-hosted solution.

What is collected? Page views, visited URLs (without UTM/tracking parameters), referrer, browser/OS, screen resolution, approximate region (from anonymized IP), time spent.

What is not collected? No complete IP addresses, no cookies, no user profiles, no sharing with third parties.

Purpose: Anonymous statistics to optimize the website.

Legal basis: Art. 6(1)(f) GDPR.

Objection: We respect your browser's Do-Not-Track (DNT) setting. When DNT is active, no data is collected.

Retention: Aggregated event data for 12 months, then deletion/aggregation.

Processing context: Operation on our servers within the EU/EEA.

To protect our API and analytics endpoints, we use the "Safeline" WAF (self-hosted).

Processing: Checking requests (e.g., rate limiting, bot and attack detection); if applicable, session token (see above).

Personal data: No profiling, no use for marketing purposes.

Legal basis: Art. 6(1)(f) GDPR (security of our IT systems).

Retention: Security-relevant event logs max. 30 days or longer on a case-by-case basis.

Type of data: Content data (message), contact data (name, email, phone), metadata (timestamp).

Purpose: Processing your inquiry and correspondence.

Legal bases:

• Art. 6(1)(b) GDPR (pre-contractual/contractual), if applicable.
• Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
• Art. 6(1)(a) GDPR (consent), if voluntary additional information is provided.

Retention: Inquiries are stored for 6 months after completion; statutory retention periods take precedence.

Recipients: Internal departments; if applicable, processors (e.g., mail provider).

You have the following rights at any time (free of charge):

• Access to your stored data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure of your data (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR); always possible for direct marketing.
• Withdrawal of consent with effect for the future (Art. 7(3) GDPR).

To exercise your rights, you can contact us via the contact details above or our contact form.