In this policy, I lay out : what data I collect and why, how your data is handled, and your rights concerning your data.
This policy applies to this website (lukasrathmann.com):
Impressum · Legal Notice
The legal basis for data processing is the General Data Protection Regulation (GDPR) of the European Union. Furthermore, I don’t want to know or manage any personally identifying data around your interactions with my website.
When you visit my website, I am not interested in finding out who you are, and I do my best to ensure that the technology I use does not enable others to find out who you are.
I am proud that my website does not embed any third-party services that track you across the web. My website does not enable any third-party cookies. My website does not set any first-party cookies that could identify you across visits.
I am interested only in a handful of anonymized data points around my audience to learn whether it’s worth putting effort into my digital offerings. What’s interesting to me are some general trends in how my website is used, for example :
- how many people visit my website,
- which pages are most popular,
- which browsers and device sizes are used,
- which countries my website is popular in,
- the referring websites that send my visitors to my website.
To get these insights, my websites use an open source tool called Plausible Analytics. Plausible Analytics only aggregates anonymized visitor statistics for me that are not tied to your identity. Here is a list of the data that is collected and stored : https://plausible.io/data-policy
My website is hosted with Uberspace: uberspace.de
Uberspaces stores pseudonymized visitor information in server logfiles. This includes, among other things, the IP address, the browser visitors use, the time and date of the visits, and the system that visitors use. Uberspace deletes access logs after 7 days.
My website enforces HTTPS encryption.
Data Processing Agreements
I have not allowed any of my service providers to store or share any personally identifiable data about you. The providers I’ve chosen are based in the European Union and use industry best practices to anonymize your data to respect and protect your privacy. I have GDPR Data Processing Agreements (DPA, Vertrag zur Auftragsdatenverarbeitung, article 28 GDPR) in place with all the service providers mentioned here in this document.
Legal basis for processing your data in this context is GDPR article 6, section 1 (b) and (f).
When you get in touch with me with a question or to ask for help, I keep that correspondence, including your email address, so that I have a history of past correspondence to reference if you reach out in the future. I delete old correspondence on resolved topics from my archive once a year, unless (1) you and I have an ongoing business relationship or friendship, (2) unless you have expressly consented to further use your data and (3) unless the correspondence falls under commercial or tax retention obligations.
My email provider’s tech infrastructure will process and store whatever you send me and whatever I send you.
Legal basis for processing your data for this purpose is GDPR article 6, section 1 (a), (b), and (f).
You have the right to request all personal information I hold about you. You can always ask me to correct, update, or delete this information. Please contact me and we’ll sort it out.
If you think that the measures I take to protect your privacy are insufficient or if you have other concerns about my handling of your data, please contact me. You have the right to file an official complaint with the German and European data protection authorities.
I have adapted a few paragraphs from the Basecamp open-source policies / CC BY 4.0