Hello, World!
I'm Paul Kleinlercher, an information scientist based in Austria. This website features some of my latest projects and my thoughts on anything IT related.
You can find me on Codeberg and Reddit.
Wanna talk? Send me a message.
In short, no personal data is collected, processed or passed on to third parties by the site owner. The site owner is not responsible for the content of linked websites and assumes no liability whether and how personal data is collected and processed there.
Brief summary of links that are probably most important to you:
We have written this privacy statement (version 11.12.2022-112357606) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller - and the processors (e.g. providers) commissioned by us - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we inform you comprehensively about data that we process about you.
Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible party named in the imprint, to follow the available links and to look at further information on third-party sites.
This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:
In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we should need to make any changes outside of these channels enter into legal relations with you, we will inform you separately if necessary.
In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e1374-1-1.
We will only process your data if at least one of the following conditions applies:
Other conditions, such as the performance of recordings in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally arise for us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person in the imprint below.
The fact that we store personal data only as long as it is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.
Rights according to the General Data Protection Regulation
Pursuant to Articles 13, 14 GDPR, we inform you about the following rights you are entitled to in order to ensure fair and transparent processing of data:
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.
To protect personal data, we have implemented both technical and organizational measures. Where we are able to do so, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third-parties to infer personal information from our data.
Article 25 of the GDPR refers to "data protection through technical design and data protection-friendly default settings" and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind and that appropriate measures should be taken. In the following, we will go into more detail on specific measures, if necessary.
TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data over the Internet in a tap-proof manner. This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".
In this way, we have introduced an additional layer of security and comply with data protection by design of technology (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this protection of data transmission by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g., beispielseite.de) and the use of the scheme https (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.
When you visit websites these days, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By the way, with website we mean the entirety of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain we mean, for example, example.de or example.com.
When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We say browser or web browser for short.
To display the website, the browser needs to connect to another computer where the website's code is stored: the web server. Running a web server is a complicated and costly task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it gets better!
When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.
The purposes of data processing are:
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as
As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.
In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without your consent!
The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 (1) lit. f GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.
Between us and the hosting provider there is usually a contract on commissioned processing pursuant to Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
We use the web hosting provider hosttech for our website. The service provider is the Swiss company hosttech GmbH, Seestrasse 15a, 8805 Richterswil, Switzerland. You can learn more about data processed through the use of hosttech in the privacy policy at https://www.hosttech.ch/datenschutz.
In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.
For years, social media platforms have been the place where people communicate and connect online. Our social media presences allow us to promote our products and services to prospective customers. The social media elements embedded on our website help you to be able to switch to our social media content quickly and without complications.
The data that is stored and processed through your use of a social media channel is primarily for the purpose of being able to perform web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.
We generally assume that we remain responsible under data protection law, even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Insofar as this is the case, we point out separately to this and work on the basis of an agreement to this effect. The essence of the agreement is then reflected below with the platform concerned.
Please note that when using the social media platforms or our built-in elements, data from you may also be processed outside the European Union, as many social media channels, for example Facebook or Twitter, are American companies. As a result, you may no longer be able to claim or enforce your rights with regard to your personal data as easily.
Exactly what data is stored and processed depends on the respective provider of the social media platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile at the visited social media channel and are logged in, data can be linked to your profile.
All data collected via a social media platform is also stored on the servers of the providers. Thus, only the providers also have access to the data and can give you the appropriate information or make changes.
If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Also, if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.
We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, as in the case of accounting, for example, this storage period may be exceeded.
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.
Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
You can find information about specific social media platforms - if available - in the following sections.
We use the social news aggregator Reddit for our website. The service provider is the American company Reddit Inc., 548 Market St. #16093, San Francisco, California 94104, USA.
Reddit also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA.
This may be associated with various risks to the lawfulness and security of data processing. As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Reddit uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR). These clauses oblige Reddit to comply with the EU level of data protection when processing relevant data also outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://germany.representation.ec.europa.eu/index_de?etrans=en.
You can learn more about the data processed by using Reddit in the Privacy Policy at https://www.reddit.com/policies/privacy-policy.
We use a so-called content delivery network on our website. In most cases, such a network is simply called a CDN. A CDN helps us to load our website quickly and smoothly, regardless of your location. In the process, your personal data is also stored, managed and processed on the servers of the CDN provider used. In the following, we will go into more detail about the service and its data processing. You will find detailed information on how your data is handled in the respective provider's privacy policy.
Each Content Delivery Network (CDN) is a network of regionally distributed servers that are all connected via the Internet. Via this network, website content (especially very large files) can be delivered quickly and smoothly even during large load peaks. The CDN creates a copy of our website on your servers for this purpose. Since these servers are distributed worldwide, the website can be delivered quickly. Consequently, the data transfer to your browser is significantly shortened by the CDN.
A fast loading website is part of our service. Of course, we know how annoying it is when a website loads at a snail's pace. Most of the time, people even lose patience and look for the distance before the website is fully loaded. Of course, we want to avoid that. That's why a fast-loading website is a natural part of our website offering. With a Content Delivery Network our website will load much faster in your browser. The use of the CDN is especially helpful if you are abroad, because the website is delivered from a server near you.
When you request a website or the content of a website and it is cached in a CDN, the CDN routes the request to the server closest to you and the server delivers the content. Content delivery networks are built so that JavaScript libraries can be downloaded and hosted on npm and Github servers. Alternatively, most CDNs allow WordPress plugins to be loaded if they are hosted on WordPress.org. Your browser may send personal data to the content delivery network we use. This is data such as IP address, browser type, browser version, which web page is loaded or time and date of the page visit. This data is collected and also stored by the CDN. Whether cookies are used for data storage depends on the network used. Please read the data protection texts of the respective service.
If you wish to completely prevent this data transfer, you can install a JavaScript blocker (see for example https://noscript.net/) on your PC. Of course, our website will then no longer be able to offer the usual service (such as fast loading speed).
If you have consented to the use of a content delivery network, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data as may occur during the collection by a content delivery network.
From our side, there is also a legitimate interest in using a content delivery network to optimize our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use the tool if you have given your consent.
You will find information on specific Content Delivery Network - if available - in the following sections.
In order to deliver all of our individual web pages (sub-pages of our website) to you quickly and securely on all devices, we use the Content Delivery Network (CDN) BootstrapCDN, an open source service provided by jsdelivr.com of the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland. A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet. Through this network, content, especially very large files, can be delivered quickly even during large load peaks.
Of course, we want to offer you a comprehensive and well-functioning service with our website. This also includes a fast website. With jsdelivr.com-CDN our website can load much faster at your end. The use of jsdelivr.com-CDN will be especially helpful for users from abroad, because here the site can be delivered from a server nearby.
BootstrapCDN works in a way that so-called JavaScript libraries are delivered to your browser. If your browser now downloads a file from BootstrapCDN, your IP address is transmitted during the connection to the Bootstrap CDN server. So personal data can be sent and stored as well. BootstrapCDN can thus collect and store user data such as IP address, browser type, browser version, which web page is loaded or time and date of the page visit. The privacy policy of BootstrapCDN or jsdelivr.com explicitly states that the company does not use cookies or other tracking services.
BootstrapCDN has servers distributed in different countries and your data may be stored outside the European Economic Area. BootstrapCDN retains personal data processed on our behalf for as long as necessary to provide services offered, as necessary to comply with legal obligations, resolve disputes and enforce agreements.
You always have the right to access, rectify and delete your personal data. If you have any questions, you can also contact BootstrapCDN responsible persons at any time.
If you want to prevent this data transfer, you can install a JavaScript blocker (see, for example, https://noscript.net/) or disable the execution of JavaScript codes in your browser. Please note, however, that this will prevent the website from providing the usual service (such as fast loading speed).
If you have consented that BootstrapCDN may be used, the legal basis of the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by BootstrapCDN.
From our side, there is also a legitimate interest in using BootstrapCDN to optimize our online service and make it more secure. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate Interests). Nevertheless, we only use BootstrapCDN insofar as you have given your consent.
We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. The data processing is essentially carried out by BootstrapCDN. This may result in data not being processed and stored anonymously, if applicable. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from possible other BootstrapCDN services where you have a user account.
For more information about BootstrapCDN's privacy practices, please visit https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.
We always try to write our privacy policy as clear and understandable as possible. However, especially with technical and legal topics this is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will now find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations if necessary.
Definition under Article 4 of the GDPR.
For the purposes of this Regulation, the term:
"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data;
Explanation: The GDPR basically only explains here what a "third party" is not. In practice, a "third party" is anyone who also has an interest in the personal data, but is not one of the persons, authorities or entities mentioned above. For example, a parent company may act as a "third party." In this case, the subsidiary group is the controller and the parent group is a "third party." However, this does not mean that the parent company may automatically view, collect or store the subsidiary company's personal data.
Definition according to Article 4 of the GDPR.
For the purposes of this Regulation, the term:
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: personal data are therefore all those data that can identify you as a person. This is usually data such as:
According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the connection owner. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also still so-called "special categories" of personal data that also require special protection. These include:
Definition under Article 4 of the GDPR.
For the purposes of this Regulation, the term:
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law;
Explanation: in our case, we are responsible for the processing of your personal data and consequently the "controller". If we transfer collected data to other service providers for processing, they are "processors". For this purpose, a "processing order contract (AVV)" must be signed.
All texts are protected by copyright.
Source: Created with the data protection generator by AdSimple
Information regarding the limited disclosure obligation according to §25 (5) MedienG:
Hello, World!
I'm Paul Kleinlercher, an information scientist based in Austria. This website features some of my latest projects and my thoughts on anything IT related.
You can find me on Codeberg and Reddit.
Wanna talk? Send me a message.