Privacy
The protection of your personal data is an important concern to me. This privacy policy informs you, pursuant to Art. 13 of the General Data Protection Regulation (GDPR), which personal data is processed when you visit this website, for which purposes and on which legal basis this takes place, and which rights you are entitled to.
notDIRK.de is a purely static, private publication offering without user accounts, without a comment function, without a contact form, without a newsletter, without payment functions, and without advertising. Processing of personal data therefore only takes place to the extent that is technically unavoidable for the operation of the website.
1. Controller
The controller within the meaning of the GDPR and other data protection provisions is:
Dirk Wolbeck
St.-Martin-Str. 28
56761 Düngenheim
Germany
Telephone: +49 174 3440541
E-mail: [email protected]
2. Data protection officer
There is no legal obligation to appoint a data protection officer for this service. The requirements under Art. 37 GDPR and under Sec. 38 BDSG (German Federal Data Protection Act) are not met, as no data processing takes place that would make an appointment necessary (in particular, no permanent employment of at least 20 persons in the automated processing, no extensive processing of special categories of data, and no core activity requiring extensive regular monitoring of data subjects). For all questions relating to data protection, you can contact the controller named under Section 1 directly.
3. General information on data processing, legal bases, and storage period
I process personal data only insofar as this is necessary to provide a functional website and the content I offer. The legal basis for the processing is regularly Art. 6 (1) (f) GDPR. My legitimate interest lies in the technically error-free presentation as well as the security and stability of the website. Insofar as you contact me by e-mail, the processing to handle your request is likewise carried out on the basis of Art. 6 (1) (f) GDPR.
The personal data of the data subject is deleted or its processing restricted as soon as the purpose of storage no longer applies. Storage beyond this may take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Specific storage periods are indicated below for the respective processing operations.
4. Hosting (Hetzner)
This website is operated on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is in Germany. On my behalf, Hetzner processes the data that arises in the course of accessing the website (in particular technical connection and access data). The legal basis is Art. 6 (1) (f) GDPR (interest in a reliable and secure provision of the website). A data processing agreement pursuant to Art. 28 GDPR exists with Hetzner.
5. Content delivery network / edge proxy (Cloudflare) and transfer to third countries
The website is publicly accessible exclusively via a so-called Cloudflare tunnel. The provider is Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare acts as an edge and reverse proxy as well as a content delivery network (CDN), terminates the TLS encryption at the network edge, and forwards the requests to the origin server. In doing so, Cloudflare necessarily processes the IP address and other connection data of the requesting end device in order to establish the connection, accelerate the delivery of content, and protect the website against attacks and misuse.
The legal basis is Art. 6 (1) (f) GDPR. My legitimate interest lies in a secure, high-performance, and available delivery of the website. A data processing agreement pursuant to Art. 28 GDPR exists with Cloudflare.
In the course of using Cloudflare, a transfer of personal data to the USA may occur. Insofar and as long as Cloudflare, Inc. is certified under the EU-US Data Privacy Framework (DPF), the transfer takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR. Otherwise, and additionally, the transfer is based on the Standard Contractual Clauses (SCC) adopted by the European Commission pursuant to Art. 46 (2) (c) GDPR, supplemented where applicable by additional protective measures.
6. Server log files
When this website is accessed, the web server used (Caddy) automatically records information and stores it in so-called server log files. The following are recorded:
- the IP address of the requesting end device,
- the date and time of access,
- the specifically requested resource (URL),
- the HTTP status code,
- the respective amount of data transferred,
- the browser type and browser version,
- the operating system used,
- the referrer URL (the previously visited page).
This data is technically necessary in order to deliver the content of the website correctly, to ensure system security and stability, and to be able to trace disruptions. The recording of this connection data occurs as a technical necessity when the website is accessed; without it, the website cannot be delivered. The legal basis is Art. 6 (1) (f) GDPR. This data is not merged with other data sources or used to identify individual persons.
For purely internal, server-side analysis of accesses, I use the locally operated program GoAccess. The analysis is carried out exclusively with an anonymized IP address; no personal reference is established in the process. No data is transmitted to external analytics or audience measurement services. The server log files are automatically deleted after 7 days.
7. No audience measurement, no tracking
This website does not use any external web analytics or audience measurement service. In particular, no Google Analytics, no Plausible, and no comparable tools are used. No JavaScript trackers, no statistics or marketing cookies, and no techniques for so-called fingerprinting are used. Your usage behavior is not tracked across different websites or sessions.
8. Cookies
This website itself does not set any cookies. Since it is a purely static offering without session management, without login, and without a shopping cart, no information is stored on or read from your end device by the website itself.
The Cloudflare service upstream as an edge proxy (see Section 5) may, for technical security reasons, set a strictly necessary cookie (e.g. „__cf_bm“). This serves exclusively for bot and attack defense as well as distinguishing human from automated accesses and is not used for analytics or marketing purposes. The storage is exempt from consent pursuant to Sec. 25 (2) No. 2 TDDDG (German Telecommunications Digital Services Data Protection Act), as it is strictly necessary to provide the service you have expressly requested.
Since no cookies or comparable technologies requiring consent are used, consent pursuant to Sec. 25 (1) TDDDG is not required; for this reason, no cookie consent banner is displayed.
9. Locally hosted fonts
For a uniform presentation, the fonts „Montserrat“ and „Roboto Mono“ are used. These fonts are provided and delivered locally by this website's own server. There is no integration via external services (such as Google Fonts) and no associated transfer of data to third parties. When the page is accessed, no connection is therefore established to third-party servers for the purpose of loading fonts.
10. Images, graphics, and integration of third parties
Images, graphics, and other assets are delivered exclusively from my own server via the Cloudflare edge. No third-party content with its own tracking is integrated. In particular, this website contains no social media plugins, no embedded content from external platforms, and no tracking pixels.
11. Contact by e-mail
Contact is possible exclusively by e-mail to [email protected]. When you send me an e-mail, the personal data you provide (in particular your e-mail address and the information contained in the text of your message) is processed and stored for the purpose of handling your request. The legal basis is Art. 6 (1) (f) GDPR (interest in responding to your matter). The provision of this data is neither legally nor contractually required and is voluntary; however, without the information necessary for a response, I cannot process your request. This data is deleted as soon as the processing of your matter has been completed and no statutory retention obligations preclude this.
For e-mail communication I use Microsoft 365. The provider within the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. In this context, a transfer of data to the USA to Microsoft Corporation may occur. Upstream is a spam and malware filtering service of Hornetsecurity GmbH, Am Listholze 78, 30177 Hannover, Germany, which checks incoming and outgoing e-mails for malicious software and unwanted messages. Data processing agreements pursuant to Art. 28 GDPR exist with both service providers. With regard to the transfer to the USA, the safeguards described under Section 13 apply (EU-US Data Privacy Framework, alternatively Standard Contractual Clauses).
12. Recipients and processors at a glance
To provide this website and for communication, I use the following service providers as processors within the meaning of Art. 28 GDPR:
- Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany – hosting/server operation (server location Germany).
- Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA – edge proxy, CDN, and TLS termination via a Cloudflare tunnel (third-country transfer USA).
- Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland – e-mail service (Microsoft 365; possible third-country transfer USA to Microsoft Corporation).
- Hornetsecurity GmbH, Am Listholze 78, 30177 Hannover, Germany – upstream spam and malware filter for e-mail traffic.
Your data is passed on to other third parties only if there is a legal obligation to do so or you have expressly consented.
13. Transfer to third countries
Insofar as, in the course of the processing operations described above (Cloudflare and e-mail via Microsoft 365), personal data is transferred to third countries outside the European Union or the European Economic Area – in particular to the USA – this takes place on the following graduated basis:
- Primarily: on the basis of an adequacy decision of the European Commission pursuant to Art. 45 GDPR, insofar and as long as the respective recipient is certified under the EU-US Data Privacy Framework (DPF).
- Alternatively: on the basis of the Standard Contractual Clauses (SCC) adopted by the European Commission pursuant to Art. 46 (2) (c) GDPR, supplemented where applicable by additional protective measures.
Further information on the respective safeguards as well as a copy of the Standard Contractual Clauses can be requested from the controller (Section 1).
14. SSL / TLS encryption
For security reasons and to protect the transmission, this website uses SSL / TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser displays „https://“ and a padlock symbol is shown. This protects the transmitted data against being read by uninvolved third parties during transmission. At the network edge, the encryption is terminated by the processor Cloudflare named under Section 5.
15. No automated decision-making, no profiling
No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.
16. Your rights as a data subject
Within the framework of the statutory requirements, you are entitled to the following rights vis-à-vis the controller with regard to the personal data concerning you:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR),
- right to erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to data portability (Art. 20 GDPR),
- right to object to the processing (Art. 21 GDPR).
Insofar as the processing is based on consent, you also have the right to withdraw your consent at any time with effect for the future pursuant to Art. 7 (3) GDPR. The lawfulness of the processing carried out on the basis of the consent up to the withdrawal remains unaffected by this.
Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR. I will then no longer process the personal data concerned unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
To exercise your rights, an informal notification to the contact details given under Section 1 is sufficient.
17. Right to lodge a complaint with the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right pursuant to Art. 77 GDPR to lodge a complaint with a data protection supervisory authority if you consider that the processing of the personal data concerning you infringes the GDPR. The supervisory authority responsible for the controller is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate)
Hintere Bleiche 34
55116 Mainz
Telephone: +49 (0)6131 8920-0
E-mail: [email protected]
Website: https://www.datenschutz.rlp.de
18. Currency and amendment of this privacy policy
This privacy policy has the status of July 2026. As a result of the further development of the website or due to changed legal or regulatory requirements, it may become necessary to adapt this privacy policy. The respective current version is always available on this page.
