I am committed to privacy, so I have designed my websites from the ground up to collect as little data as possible. Furthermore, my websites can only be accessed via a TLS-encrypted connection to ensure that your connection to my server cannot be compromised by third parties.
To exercise your privacy rights, I recommend a service such as datarequests.org which will help you generate the appropriate requests for free.
- benjamin-altpeter.de, my personal website
- docs.benjamin-altpeter.de, my personal docs archive
- cdn.baltpeter.io, the domain I use for hosting various static files and assets
Controller and contact information
The controller as defined in Art. 4(7) GDPR for the services mentioned under “Scope” is:
Do Not Track
I respect the Do Not Track (DNT) option that you can set in your browser. I don’t currently employ any tracking but if I ever do in the future, I will disable it if you have set the DNT header.
I also recommend that you install Privacy Badger, a free and open source browser extension that sets the DNT header for you and automatically blocks websites that do not adhere to it.
I do not use profiling or any other type of automated decision making.
To operate my website, I collect and process some personal data. My top priority is to minimise data collection and processing: I only collect personal data where it is necessary and only to the extent that it is necessary. In addition, data is always collected for a specific purpose and storage is limited to the necessary period of time.
In this section I would like to explain to you exactly under which circumstances I collect and process which data.
Data I collect automatically
Server log files
In addition to that, some parts of the websites are requested from servers run by Amazon Web Services EMEA SARL, 5 rue Plaetis, L-2338 Luxembourg, Luxembourg (the authorized representative of Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA in the European economic area). These servers may collect aggregated statistics on how the services are used. While I have access to these statistics, I cannot influence whether or how they are collected.
Amazon Web Services, Inc. is certified under the US-European “Privacy Shield” framework, which ensures that the EU data protection level is maintained, through Amazon.com, Inc. For more information on how Amazon Web Services processes your data, please refer to their data privacy FAQ.
- Affected data: the specific page you visited, the date and time of your visit, the origin of your request (the so-called “referrer”), information about your browser and operating system (the so-called “user-agent string”), your country and your IP address
- Lawful basis: The data is stored on the basis of my (and my hosting partners’) legitimate interest in improving the stability and functionality of the servers in use in accordance with Art. 6(1) lit. f GDPR.
- Duration of storage: 30 days for Netlify; 60 days for Amazon Web Services
Data you provide to me
If you contact me (e.g. by email), your message may contain personal data. I will use this data exclusively to answer your message.
You do not have to provide any data to contact me, so the disclosure of this data is completely voluntary for you.
- Affected data: the data you include in your message
- Lawful basis: The storage is based on my legitimate interest in replying to your message in accordance with Art. 6(1) lit. f GDPR.
- Duration of storage: as long as there are legal storage obligations
The GDPR grants you comprehensive rights with regard to data protection. I am strongly convinced that the right to data protection is a fundamental right and therefore I fully stand behind these rights. You can exercise these rights at any time in an informal manner using the contact details given in the “Controller and contact information” section.
You can also use a generator like datarequests.org which will assist you with writing requests.
Right to data access
According to Art. 15 GDPR, you first of all have the right to request confirmation as to whether I store personal data on you. If so, you may request a copy of this information and are furthermore entitled to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to data portability
In accordance with Art. 20 GDPR, you also have the right to receive the personal data concerning you that you have made available to me in a structured, commonly used and machine-readable format and to transmit this data to another controller without obstruction by me if the processing is based on consent pursuant to Art. 6(1) lit. a GDPR, Art. 9(2) lit. a GDPR or on a contract pursuant to Art. 6(1) lit. b GDPR and the processing is carried out using automated procedures.
Right to rectification
According to Art. 16 GDPR, you have the right to request me to correct any inaccurate personal data concerning you without undue delay. Furthermore, you have the right to request the completion of incomplete personal data—also by means of a supplementary declaration.
Right to erasure (“Right to be forgotten”)
According to Art. 17 GDPR, you have the right to demand that I delete personal data concerning you without undue delay.
This right is limited in particular when the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation or to assert, exercise or defend legal claims.
Right to revoke given consent
According to Art. 7(3) GDPR you have the right to revoke your consent given to me at any time.
Right to restriction of processing
According to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the personal data, if the processing is unlawful, if I no longer need the data for the purpose of processing or if you have filed an objection to the processing pursuant to Art. 21(1) GDPR, as long as it is not yet clear whether my legitimate interests outweigh yours.
Right to notification to recipients
If you request me to correct, delete or restrict the processing of your personal data in accordance with Articles 16, 17 and 18 respectively, I will notify all recipients to whom I have disclosed the relevant data in accordance with Art. 19 GDPR.
Right to object
According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is necessary for the performance of a task in the public interest or because of my legitimate interest on the basis of Article 6(1) lit. e or f respectively, for reasons arising from your particular situation. I will then no longer process the personal data, unless I can prove compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.
If I use your personal data for direct marketing, you have the right to object to such processing at any time. I will then no longer use your data for such purposes.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the member state of your usual place of residence, your workplace or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.
The following supervisory authority is responsible for me:
Die Landesbeauftragte für den Datenschutz Niedersachsen