Privacy Policy

The controller responsible for data processing on this website within the meaning of Art. 4(7) GDPR is:

Alexander Hilkert (private individual)
Schlossackerstr. 46
72379 Hechingen, Germany
Email: x9x3@pm.me

This Privacy Policy explains how we process personal data when you visit and use this website, including public pages, contact/submission forms, technical operation and security, and access to protected admin features.

We process personal data on the following legal bases:

• Art. 6(1)(b) GDPR - performance of a contract or pre-contractual measures.
• Art. 6(1)(c) GDPR - compliance with legal obligations.
• Art. 6(1)(f) GDPR - legitimate interests (secure, stable and user-friendly operation).
• Art. 6(1)(a) GDPR - consent, where legally required.

Depending on your use of the website, we may process:

• Technical connection data (e.g. IP address, request metadata, timestamps, user agent).
• Form and communication data you provide (e.g. name, email, message, submission content).
• Authentication and session data for admin access.
• Security-related data (e.g. CSRF and abuse-prevention context).
• Content management data entered by authorized admins.

This website is hosted on Vercel. Vercel processes technical data required for content delivery, request handling and platform security.

Purpose: hosting, delivery, stability and security.
Legal basis: Art. 6(1)(f) GDPR.

We use Supabase for database and authentication-related services (including protected admin access).

Configured region: Ireland (EU West).
Purpose: data storage, admin/auth backend functions.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

If you contact us or submit content, we process the information you provide to handle your request/submission.

Contact and submission data is processed in production through our database infrastructure (in particular Supabase) and used only for the respective purpose.

Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR.

We currently use technically necessary cookies/storage elements, in particular:

• NEXT_LOCALE (stores language preference).
• Supabase Auth Cookies (authentication and session handling).
• Admin CSRF Cookie (protection against cross-site request forgery).

Legal basis: Art. 6(1)(f) GDPR and, where applicable, Art. 6(1)(b) GDPR.

As of this policy version, no third-party analytics/behavioral tracking tools are intentionally operated in production, unless explicitly introduced and documented in a future update of this policy.

Access to admin functionality is restricted and protected with authentication and technical safeguards (including session validation and CSRF protection).

No simplified development bypass logins are intended for public production operation.

Personal data may be disclosed to processors only to the extent necessary for operation and security, in particular for hosting/infrastructure and database/auth backend services.

Where legally required, data processing agreements are concluded.

If personal data is transferred to recipients outside the EEA, we ensure an adequate level of data protection through appropriate safeguards, including EU Standard Contractual Clauses (SCCs), where required.

We retain personal data only as long as necessary for the respective purpose, or as required by statutory retention obligations. Data is deleted or anonymized after the purpose ceases and retention periods expire.

Subject to legal requirements, you have the right to:

• Access (Art. 15 GDPR).
• Rectification (Art. 16 GDPR).
• Erasure (Art. 17 GDPR).
• Restriction of processing (Art. 18 GDPR).
• Data portability (Art. 20 GDPR).
• Objection (Art. 21 GDPR).
• Withdraw consent at any time (Art. 7(3) GDPR), where consent is the legal basis.

You also have the right to lodge a complaint with a supervisory authority, especially in your EU Member State of residence, place of work, or place of the alleged infringement.

For requests concerning your rights, you can use the contact details listed above or our imprint page.

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

No solely automated decision-making, including profiling within the meaning of Art. 22 GDPR, is carried out.

We may update this Privacy Policy to reflect legal, technical or organizational changes. The current version is published on this page with its updated date.