Privacy Policy

TL;DR:
I store server logfiles for up to 3 months and emails indefinitely. This website falls within the EU privacy regulations.

Name and Address of the Controller

The controller for the purposes of the EU General Data Protection Regulation (GDPR) and other national data protection laws in the member states and other legal provisions related to data protection is:

Dr.-Ing. Matthäus Wander
Tomberger Str. 6
53639 Königswinter
Germany

Email: <mail [at] wander.science>

Processing of General Data and User Information

When visiting this website, my webserver automatically stores temporary user connection data in server log files. This information includes:

1. IP address
2. Date and time of each request
3. Content requested from the server
4. Browser type and version
5. Operating system
6. Website from which the user originates (“referer”)

Legal Basis

The legal basis for this type of data processing is provided by Art. 6 (1) (f) GDPR.

Purpose of Data Processing

The information is necessary for basic operation of this website. It is being used to identify and troubleshoot technical problems, as well as to detect security incidents.

Retention Period

The information will be deleted after 14 days from the server. An off-site backup of this information will be deleted after 3 months.

Objection and Elimination

This type of data collection is a standard setup of webservers in the Internet. If you do not agree with this data collection, please abstain from visiting this website. There is no possibility to object.

If you would like to delete your data, either:
a) contact me to request deletion. Please provide technical parameters how to identify your data (e.g. your IP address and time of request) and proof that it is your data.
b) wait until the retention period expires to automatically delete your data.

Email Contact

When contacting me via email or using my mailserver as a relay, my mailserver automatically stores temporary connection data. This information includes:

1. Unique message-id
2. Sender email address
3. Destination email address

Furthermore, my mailserver will store messages sent to me indefinitely, which contain the following information:

1. Unique message-id
2. Sender name and email address
3. Destination name and email address
4. The message content and references
5. Date and time of the message
6. Sender IP address and mailserver (email provider) used by the sender

Legal Basis

The legal basis for this type of data processing is provided by Art. 6 (1) (f) GDPR.

Purpose of Data Processing

The information stored temporarily is necessary for basic operation of my mailserver. It is being used to identify and troubleshoot technical problems, as well as to detect security incidents.

The information stored indefinitely is necessary for handling my personal email communication.

Retention Period

The information stored temporarily will be deleted after 14 days from the server. An off-site backup of this information will be deleted after 3 months.

The information stored indefinitely is not scheduled for deletion.

Objection and Elimination

This type of data collection is a standard setup of mailservers in the Internet. If you do not agree with this data collection, please abstain from sending emails to me. There is no possibility to object.

If you would like to delete your data, contact me to request deletion. Please provide technical parameters how to identify your data (e.g. your email address and date of message) and proof that it is your data.

Rights of the Data Subject

You as the data subject have the right to obtain a confirmation from me whether or not I process your personal data. My answer will be “yes”, if you have visited my website or have sent me an email within the last 3 months. Consequently, my answer will be always “yes” if you ask me via email.

You have the right to obtain the following information:

1. The purposes of the processing
2. The categories of personal data concerned
3. The recipients or categories of recipients to whom the personal data have been or will be disclosed
4. The envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
5. The existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of your personal data, or to object to such processing
6. The existence of the right to lodge a complaint with a supervisory authority
7. Any available information as to the source of the data, where the personal data are not collected from the data subject
8. The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

You have the right to obtain information as to whether your personal data is transferred to third countries or international organisations. You have the right to be informed about appropriate safeguards of such a transfer.

Right to Rectification

You have the right to obtain from the controller the rectification and/or completion, where your personal data is inaccurate or incomplete. The controller must undertake the rectification without undue delay.

Right to Restriction of Processing

Under the following conditions you may demand a restriction of the processing of your personal data:

1. You contest the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data.
2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
3. The controller no longer needs the personal data for the purposes of the processing, but you still require them for the establishment, exercise or defence of legal claims.
4. You have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your interest.

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where restriction of processing has been obtained under the conditions above, you will be informed by the controller before the restriction of processing is lifted.

Right to Erase

You have the right to obtain from the controller the erasure of your personal data without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

1. Your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based according to Art. 6 (1) (a), or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
4. Your personal data has been unlawfully processed.
5. Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
6. Your personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

Right to Data Portability

You have the right to receive your personal data, which you provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and The processing is carried out by automated means. In exercising this right you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others may not be affected adversely hereby.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

The controller will no longer process your personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purposes of establishing, exercising or defending legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data is no longer processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You also have the right, on grounds relating to your particular situation, to object to processing of your personal data, where these are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR.

Right to Withdraw Consent Given Under Data Protection Law

You have the right to withdraw consent given under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, including Profiling

I am not employing profiling. I might employ individual decision-making based on connection data (e.g. IP address) for the purposes of rate-limiting or blocking connections to my servers.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.