Fabian Stadler Software Engineer & Architect

Privacy Policy

Responsible for data processing is:

Fabian Stadler
Schmalzgasse 8
69412 Eberbach
Deutschland

E-Mail: [email protected]

Thank you for your interest in my website. The protection of your privacy is very important to me. Below I will inform you in detail about the handling of your data.

0. General information

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1. Website access

To provide my online offer, I use a hosting service provider on whose server the website displayed to you, including its subpages, is stored (hosting) and which makes my site available on the Internet. For this purpose, I use an offer from DigitalOcean, LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA in accordance with Art. 28 GDPR.

According to DigitalOcean’s privacy policy, it is not entirely clear which data is collected by DigitalOcean for the service I use. Among other things, DigitalOcean reserves the right to use so-called cookies, small files that are stored on your end device for tracking purposes.

More detailed information about the collection and use of data relating to DigitalOcean’s general services can be found in their Data Processing Agreement: https://www.digitalocean.com/legal/data-processing-agreement.

In my opinion, DigitalOcean currently only uses one cookie on my website. Further information can be found in other sections of this statement. In addition, processed data is stored on a server in a data center in Frankfurt am Main, Germany.

As a rule, the processing involves the following data

  • the name of the requested files,
  • your IP address,
  • the date and time of access
  • the amount of data transferred,
  • the requesting provider (access data)
  • the forwarding address,
  • the browser name and its version

The data is usually collected for the creation of server log files for the purpose of ensuring trouble-free operation.

In accordance with Art. 6 para. 1f GDPR, this serves to safeguard my legitimate interests in the correct presentation of my offer, which predominate in the context of a balancing of interests. Further evaluations by DigitalOcean for tracking purposes cannot be ruled out. The deletion periods to which DigitalOcean adheres can be found in their Data Processing Agreement.

It should be noted here that DigitalOcean is a company from the USA, i.e. a third country, so that access to personal data from the USA cannot be ruled out. However, DigitalOcean participates in the adequacy decision of the EU-US Privacy Framework and thus undertakes to comply with data protection measures equivalent to those required by the GDPR.

2. Communication in the context of an order

Establishing contact on your part

I collect personal data when you provide it to me as part of an order or when you contact me pre-contractually (by post, email or telephone).

This data processing serves the purpose of fulfilling the contract with you or to carry out pre-contractual measures.

According to Art. 6 para. 1b GDPR, the legal basis of the processing is the fulfillment of a contract with you or the necessity in the context of the implementation of pre-contractual measures, which take place on the basis of your request.

After completion of the contract, your data will be restricted for further processing and deleted after the expiry of tax and commercial retention periods of 10 years, unless you have expressly consented to further use of your data.

Data processing of e-mails

When you send an e-mail to my e-mail inbox, I process:

  • your e-mail address
  • any other third-party e-mail addresses that you send in the CC field
  • the subject and content of the e-mail you send, as well as any personal data contained therein
  • attachments to your e-mail and any personal data contained therein, including document metadata
  • Metadata attached to the email you have sent

Depending on the type of request, the basis for processing this data is either Art. 6 para. 1b GDPR or Art. 6 para. 1f GDPR, the legitimate interest in satisfactorily responding to your request.

After completion of the contract, your data will be restricted for further processing and deleted after the expiry of tax and commercial retention periods of 10 years, unless you have expressly consented to further use of your data.

To receive, store and respond to electronic inquiries by email, I use Microsoft 365 Business Basic, a service provided to me by Microsoft as a processor.

You can view the exact terms of the contract at the following link: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=14

Microsoft is a company from the USA, a third country, whereby some metadata is transmitted to the USA when using Microsoft services. However, Microsoft participates in the adequacy decision of the EU-US Privacy Framework and thus undertakes to comply with data protection measures equivalent to those required by the GDPR.

3. Data processing in the context of an agreed contractual activity

If there is a contractually agreed activity between you and me, I reserve the right to define details of the processing of personal data required in the contractual relationship with you via an order processing contract, insofar as such data must be processed as part of the activity.

4 Data transmission to shipping companies

If it is necessary for the fulfillment of a contract or pre-contractual measures, I may pass on your data to a shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods or the fulfillment of your request.

According to Art. 6 para. 1b GDPR, the legal basis for the processing is the fulfillment of a contract with you or the necessity in the context of the implementation of pre-contractual measures, which take place on the basis of your request.

If it is merely a matter of communicating with you by post, the legal basis is Art. 6 para. 1f, the legitimate interest on my part in the satisfactory processing of your request.

After completion of the contract, your data will be restricted for further processing and deleted after the expiry of tax and commercial retention periods of 10 years, unless you have expressly consented to further use of your data. If no contract has been concluded with you, the data will be deleted after your request has been completed, unless there is a legal obligation to retain it.

5. Data transfer to payroll accountants

If there is a contractual relationship between you and me as a result of which payments are made and documented by means of invoices, I will pass on personal data that is stated on the invoices you have issued to a tax consultancy office that also handles the bookkeeping for me, among other things.

This usually involves data such as:

  • name, address
  • telephone number, if applicable
  • services received
  • VAT ID
  • payment information such as IBAN, BIC, name of the credit institution

The data is passed on on the basis of Art. 6 para. 1c GDPR and Art. 6 para. 1f GDPR, compliance with legal obligations to pay taxes and my legitimate interest in correct accounting.

As tax advisors are subject to professional secrecy in accordance with the GDPR, they are to be regarded as controllers in their own right, meaning that they themselves assume full responsibility for the data I transmit.

You can contact the following office as the person responsible for exercising your rights

Kanzlei Steuerberatung Staudenmaier
Breitensteinweg 1
69412 Eberbach

6. Cookies on my website

Cookies are small text files that can be automatically stored on your device when you visit my website.

When you visit my site, a cookie called _cl_bm is set by the sub-processor Cloudflare of DigitalOcean, the hoster of my website, to recognize potentially malicious visitors who want to attack my website with many calls in a short time. An ID is assigned to the user so that when they visit the website again, it can be determined that they have visited the website before. This cookie is deleted after 30 minutes.

DigitalOcean uses a CDN service from Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA as a processor. A CDN (Content Delivery Network) is a service that can replicate static content from my website on a web server in your geographical vicinity, if necessary, in order to display content more quickly and reduce the load on the main web server.

It is not entirely clear which data is processed by Cloudflare on behalf of DigitalOcean. It can be assumed that this is the access data listed at the beginning in the context of the website visit, which is stored on the server used by the CDN and forwarded to DigitalOcean.

This type of processing is carried out in accordance with Art. 6 para. 1f GDPR as a legitimate interest in averting danger from third parties and improving my offer.

Cloudflare is a company from the USA, a third country, and it should be mentioned here that data may be transferred to the USA, even if Cloudflare’s servers are located in the EU. However, Cloudflare participates in the adequacy decision of the EU-US Privacy Framework and thus undertakes to comply with equivalent data protection measures as those required by the GDPR.

7. Social media

My presence on social networks and platforms serves to improve active communication with my customers and interested parties. I provide information there about my products and current promotions.

XING

XING is a so-called job network on which I maintain a profile to improve active communication with my customers and to advertise my products.

Visit my profile

When you visit my XING profile, various processing of personal data takes place, which is carried out by both me and XING itself. XING is therefore to be regarded as a joint controller with me in accordance with the GDPR. However, there is no contractual relationship of this kind, as XING does not yet offer the option of entering into such a contract.

In the event that you are logged in to XING as a user, XING collects when you visit my profile, in addition to the access data when using a website such as:

  • the name of the requested files,
  • your IP address,
  • date and time of access,
  • the amount of data transferred,
  • the requesting provider (access data)
  • the forwarding address,
  • the browser name and its version

also personal data of your XING profile, such as your name, your specified job, whether you are connected to me, tracking information to improve your user experience, including information for the display of advertisements to finance their offer. XING is responsible for this processing, unless XING makes this data available to me. The legal basis for this is Art. 6 para. 1a GDPR, your consent in the context of using the social network and Art. 6 para. 1b GDPR, the fulfillment of a contract.

Certain information is also shared for me as the provider of the profile, such as your name and the name of the job you have specified, as well as the approximate time of your profile visit. The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition.

If you visit XING unregistered, only the usual access data on a XING website will be collected. You will then have limited access to the functions of XING. However, XING uses cookies to track users, among other things to target advertising to its users. The legal basis for the use of these cookies, both unregistered and registered, is Art. 6 para. 1a GDPR, your consent in the context of the query via a so-called cookie banner. You have the option at any time to revoke this processing at a later date or to reject it directly. However, the previous processing remains unaffected by the revocation in accordance with the GDPR. The deletion periods for the respective cookies can be found in XING’s privacy policy.

Other cookies required by XING for the operation of its service cannot be revoked. The legal basis for them is Art. 6 para. 1f GDPR, the legitimate interest of XING and myself in the correct presentation of the offer.

Interaction with me on XING

If you use other functions when using XING, such as the comment function, the option to send me a message, to mark postings on my part or you are networked with one of my contacts, XING provides me with personal data on your part, such as your name, your currently specified job, the comment/message, the type of interaction and the time of execution.

The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition. If you interact with me in order to initiate a contractual relationship, the legal basis is Art. 6 para. 1b.

If possible, I will delete messages as soon as your request has been completed. For all other types of interaction, you have the option of deleting your data yourself. For example, you can revoke messages to me, comments and tags using the XING functions. XING retains the data until you delete it.

It should be noted here that when you use XING, e.g. when you interact publicly, you also make your data available to third parties with whom you are connected, over whose use and processing neither XING nor I have any influence. If you are connected with me, XING will also provide me with your date of birth and changes to your employment relationship, depending on your settings. You can take measures in your privacy settings to share as little personal data as possible when using XING. If you wish to interact with me, I recommend that you send a brief request via XING and conduct further correspondence by post or email.

As the legal basis for processing, XING states, among other things, Art. 6 para. 1b the fulfillment of a contract (i.e. the provision of XING’s functions).

Further information on how XING collects and uses information when using the platform can be found in its privacy policy: https://privacy.xing.com/de/datenschutzerklaerung. For data collected within XING’s area of responsibility, please contact XING to assert your rights as a data subject.

LinkedIn

LinkedIn is a so-called job network on which I maintain a profile to improve active communication with my customers and to promote my products.

Visit my profile

When you visit my LinkedIn profile, various processing of personal data takes place, which is carried out by both me and LinkedIn itself. LinkedIn is therefore to be regarded as a joint controller with me in accordance with the GDPR. However, there is no contractual relationship of this kind, as LinkedIn does not yet offer the option of entering into such a contract.

If you are logged in to LinkedIn as a user, LinkedIn collects the following data when you visit my profile in addition to the access data when using a website:

  • the name of the requested files,
  • your IP address,
  • the date and time of access,
  • the amount of data transferred,
  • the requesting provider (access data)
  • the forwarding address,
  • the browser name and its version

also personal data of your LinkedIn profile, such as your name, your specified job, whether you are connected to me, tracking information to improve your user experience, including information for the display of advertisements to finance their offer. LinkedIn is responsible for this processing, unless LinkedIn makes this data available to me. The legal basis for this is Art. 6 para. 1a GDPR, your consent in the context of using the social network and Art. 6 para. 1b GDPR, the fulfillment of a contract.

Certain information is also shared for me as the provider of the profile, such as your name and the name of the job you have specified, as well as the approximate time of your profile visit. The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition.

If you visit LinkedIn unannounced, only the usual access data on a LinkedIn website will be collected. You will then have limited access to the functions of LinkedIn. However, LinkedIn uses cookies to track users, among other things to target advertising to its users. The legal basis for the use of these cookies, both unregistered and registered, is Art. 6 para. 1a GDPR, your consent in the context of the query via a so-called cookie banner. You have the option at any time to revoke this processing at a later date or to reject it directly. However, the previous processing remains unaffected by the revocation in accordance with the GDPR. The deletion periods for the respective cookies can be found in LinkedIn’s privacy policy.

Other cookies required by LinkedIn for the operation of its service cannot be revoked. The legal basis for them is Art. 6 para. 1f GDPR, the legitimate interest of LinkedIn and myself in the correct presentation of the offer.

Interaction with me on LinkedIn

If you use other functions when using LinkedIn, such as the comment function, the option to send me a message, to mark postings on my part or you are networked with one of my contacts, LinkedIn provides me with personal data on your part, such as your name, your currently specified job, the comment/message, the type of interaction and the time of execution.

The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition. If you interact with me in order to initiate a contractual relationship, the legal basis is Art. 6 para. 1b.

If possible, I will delete messages as soon as your request has been completed. For all other types of interaction, you have the option of deleting your data yourself. For example, you can revoke messages to me, comments and tags using the LinkedIn functions. LinkedIn retains the data until you delete it.

It should be noted that when you use LinkedIn, e.g. when you interact publicly, you also provide your data to third parties with whom you are connected, over whose use and processing neither LinkedIn nor I have any influence. If you are connected to me, LinkedIn may also provide me with your date of birth and changes to your employment details, depending on your settings. You can take measures in your privacy settings to share as little personal data as possible when using LinkedIn. If you wish to interact with me, I recommend that you send a brief request via LinkedIn and conduct further correspondence by post or email.

As the legal basis for the processing, LinkedIn states, among other things, Art. 6 para. 1b the fulfillment of a contract (i.e. making LinkedIn’s functions possible).

Further information on how LinkedIn collects and uses information when using the platform can be found in its privacy policy: https://de.linkedin.com/legal/privacy-policy?. For data collected in LinkedIn’s area of responsibility, please contact LinkedIn to assert your rights as a data subject.

LinkedIn Analytics

In addition to the basic functions of LinkedIn, LinkedIn also provides me with analysis data that LinkedIn uses, among other things, to improve its own services. This includes various personal data about you when you interact with me or my activities, such as posts or comments.

Among other things, LinkedIn provides me with an aggregated overview of the number of user views of my activities. I also receive an overview of the number of interactions, such as comments and likes, in which I am shown your name and your current job, among other things. Furthermore, LinkedIn provides me with an aggregated overview of my target group, in which, among other things, your job title or approximate position in your company is processed.

The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition and improving my marketing.

The data is available for me to view for about 1 year, after which I can no longer access it. However, LinkedIn can access the data for a longer period. The exact deletion periods can be found in their privacy policy.

I cannot guarantee you a right to revoke your consent to the processing of this data, but this is data that you share when using LinkedIn and that is processed by LinkedIn on the basis of Art. 6 para. 1b GDPR. In general, you can use LinkedIn’s delete function to delete the data.

Data transfer to a third country

LinkedIn is a company from the USA, a third country, and it should be mentioned here that data may be transferred to the USA, even if LinkedIn’s servers are located in the EU. However, LinkedIn participates in the adequacy decision of the EU-US Privacy Framework and thus undertakes to comply with data protection measures equivalent to those required by the GDPR.

mastodon.world

mastodon.world is a social network on which I maintain a profile in order to improve active communication with my customers and to promote my products.

Visit my profile

When you visit my mastodon.world profile, various processing of personal data takes place, which is carried out by both me and mastodon.world itself. According to the GDPR, mastodon.world is therefore to be regarded as a joint controller with me. However, there is no contractual relationship of this kind, as mastodon.world does not yet offer the possibility of entering into such a contract.

In the event that you are logged in to mastodon.world as a user, mastodon.world collects when you visit my profile, in addition to the access data when using a website such as:

  • the name of the requested files,
  • your IP address,
  • date and time of access,
  • the amount of data transferred,
  • the requesting provider (access data)
  • the forwarding address,
  • the browser name and its version

The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in the correct presentation of my offer.

If you visit mastodon.world unregistered, the same access data will be collected. You will then have limited access to the functions.

Among other things, mastodon.world uses cookies that are necessary for the website to function. The legal basis for the use of these cookies is Art. 6 para. 1f GDPR, the legitimate interest of mastodon.world and myself in the correct presentation of the offer. Users are not tracked.

Please refer to the privacy policy of mastodon.world for the deletion periods of the respective cookies.

Interaction with me on mastodon.world

If you use other functions when using mastodon.world, such as the comment function, the option to send me a message, to mark postings on my part or you are connected to one of my contacts, mastodon.world provides me with personal data on your part, such as your user name, the comment/message, the type of interaction and the time of execution.

The legal basis for this is Art. 6 para. 1f GDPR, my legitimate interest in customer acquisition. If you interact with me in order to initiate a contractual relationship, the legal basis is Art. 6 para. 1b.

If possible, I will delete messages as soon as your request has been completed. For all other types of interaction, you have the option of deleting your data yourself. For example, you can revoke messages to me, comments and markings via the functions of mastodon.world. mastodon.world retains the data until you delete it.

It should be noted that when you use mastodon.world, e.g. when you interact publicly, you also make your data available to third parties with whom you may or may not be connected, and neither mastodon.world nor I have any influence over the use and processing of this data.

You can take measures in your privacy settings to share as little personal data as possible when using mastodon.world. If you wish to interact with me, I recommend that you send a brief request via mastodon.world and conduct further correspondence by post or email.

As the legal basis for the processing, LinkedIn states, among other things, Art. 6 para. 1b the fulfillment of a contract (i.e. the provision of mastodon.world functions).

Further information on how mastodon.world collects and uses information when using the platform can be found in their privacy policy: https://mastodon.world/privacy-policy. For data collected within mastodon.world’s area of responsibility, please contact mastodon.world to assert your rights as a data subject.

8. Your rights in connection with data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, erasure and rectification

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time with regard to this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases

  • If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Objection to advertising emails

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.