Privacy Policy

The Short Version

This blog is hosted on a server in Germany provided by netcup GmbH. No cookies. No third-party scripts. No Google Analytics, no Facebook pixel, no ad networks, nothing of the sort. The only data I collect is what your browser sends to any web server when you visit a page, plus privacy-friendly visitor statistics through a self-hosted analytics tool that doesn’t track you.

This isn’t accidental. I run this blog precisely because I don’t want to feed the surveillance machine. No external fonts pulled from Google, no CDN that gets to log every visitor, no embedded YouTube videos that drop tracking cookies before you’ve even pressed play. If a feature needs me to share your data with someone else to work, I don’t add the feature.

If you just wanted the gist, that’s it. The rest is the legally required detail.

Applicable Law

Processing of personal data on this site is governed by the GDPR (Regulation (EU) 2016/679) and the law of the Federal Republic of Germany, including the BDSG and the TDDDG.

Who’s Responsible

The controller for data processing under the GDPR is:

hmmr – Alexander Hammer
c/o Online-Impressum #8062
Europaring 90
53757 St. Augustin
Germany

Email: blog@hmmr.online

If you have any questions about your data, this is who you talk to.

A designated data protection officer is not required (§ 38 BDSG — fewer than 20 persons engaged in automated processing of personal data).

Hosting

This website is hosted by netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany. When you visit this site, netcup processes connection data (including your IP address) as part of delivering the website to you.

For more information, see netcup’s privacy policy:
https://www.netcup.de/kontakt/datenschutzerklaerung.html

A data processing agreement under Article 28 GDPR has been concluded with netcup GmbH.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in reliable and secure hosting of this website.

TLS Encryption

This site uses HTTPS/TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the “https://” prefix and the lock icon in your browser’s address bar.

When TLS encryption is active, the data you transmit to this site cannot be read by third parties.

What Happens When You Visit a Page

Server Log Files

Every web server logs incoming requests. Mine does too. For each page view, the following gets written to a log file:

• Your IP address
• Date and time of the request
• The URL you requested
• HTTP status code and amount of data transferred
• Your browser’s user agent string
• The referring URL, if your browser sent one

Why: These logs are technically necessary to deliver the website, ensure system security, and troubleshoot errors.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in operating a working, secure website.

How long: Log files are kept for 7 days, then automatically deleted.

I don’t combine these logs with any other data. I don’t try to identify you from them.

Analytics with Umami

I use Umami, a privacy-focused analytics tool I run on my own server hosted by netcup GmbH in Germany. No analytics data leaves my infrastructure.

Umami doesn’t set cookies and no persistent identifiers are stored on your device. Your IP address is processed only transiently to derive your approximate geographic region, then immediately discarded. It is not stored. A daily-rotating hash is derived from your IP, user agent, and the current date — this hash is discarded after 24 hours.

The analytics setup is intentionally configured in a privacy-preserving way and is not used to identify or track individual users across sessions or across different websites.

What Umami records:

• The page you visited
• Approximate country and region (derived from IP, then discarded)
• Your browser and operating system
• Screen size
• Referring page

Why: I want to know which posts people actually read. That’s it.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in understanding which content works.

How long: Aggregated statistics are stored indefinitely. The analytics data is processed in a privacy-preserving manner and is not used to identify individual visitors.

You don’t need to consent to anything because no information is being stored on or read from your device beyond what is technically required to load the page (§ 25(2) Nr. 2 TDDDG).

Contact Form

This website includes a contact form that allows you to send me a message directly. When you use the contact form, the following data is collected:

• Your name
• Your email address
• Your message

This data is processed on my server and forwarded to me via my email server, both hosted by netcup GmbH in Germany. The transmission is encrypted via TLS. The data is used exclusively to respond to your inquiry.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in providing a way to get in touch, or Article 6(1)(b) GDPR if your inquiry relates to a contractual matter.

How long: Contact form submissions are deleted within 3 months after the conversation has concluded, unless a longer retention period is required by law.

I don’t share your contact form data with third parties.

What I Don’t Do

• I don’t use cookies
• I don’t load fonts, scripts, or images from Google, Cloudflare CDN, or any other third party
• I don’t have ads
• I don’t have social media share buttons that track you
• I don’t have a newsletter
• I don’t transfer your data to countries outside the EU/EEA
• I don’t do automated decision-making or profiling (Art. 22 GDPR)

Your Rights

Under the GDPR, you have the following rights regarding your personal data. To exercise any of them, email me at blog@hmmr.online — no formal request needed, just send a message.

• Right of access (Art. 15 GDPR) — you can ask me whether I process data about you, and if so, get a copy of that data along with information on what I do with it.
• Right to rectification (Art. 16 GDPR) — if any data I hold about you is wrong or incomplete, you can ask me to correct or complete it.
• Right to erasure (Art. 17 GDPR) — also known as the “right to be forgotten.” You can ask me to delete your data, and I will, unless I’m legally required to keep it.
• Right to restriction of processing (Art. 18 GDPR) — instead of deletion, you can ask me to just stop using the data while we sort something out (e.g. while you contest its accuracy).
• Right to data portability (Art. 20 GDPR) — you can ask for a copy of your data in a structured, machine-readable format, so you can take it elsewhere.
• Right to object (Art. 21 GDPR) — you can object to processing based on legitimate interest (which is most of what happens here: logs, analytics, contact form replies). See the notice below.

Right to Object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interest (Article 6(1)(f) GDPR). If you object, I will no longer process the personal data unless I can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

To object, email blog@hmmr.online with a brief description of your situation.

Right to Lodge a Complaint

Under Art. 77 GDPR, you also have the right to lodge a complaint with a supervisory authority. The authority responsible for me is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2-4
40213 Düsseldorf
Germany

Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Web: https://www.ldi.nrw.de

External Links

This blog may contain links to external websites. When you follow such a link, you leave this website and the privacy policy of the respective external site applies instead.

I have no control over how external websites process personal data and cannot continuously monitor their content or privacy practices. If you notice problematic or unlawful content on a linked site, feel free to contact me.

Changes to This Policy

If I add features that change how data gets processed (comments, additional forms, etc.), I’ll update this page accordingly. The current version published here always applies.