Legal

Privacy Policy

Privacy policy under the GDPR for dennisheinz.com — controller, processing activities, hosting (Hetzner, Cloudflare), contact (Cloudflare Email Routing, Brevo) and data subject rights.

Last updated: 9 May 2026

Contents

Controller

Dennis Heinz
Eltropweg 30
48155 Münster, Germany

Email: [email protected]

Imprint: /en/imprint/

Processing overview

The following overview summarizes the types of data processed and the purposes of their processing.

Types of data processed

  • Master data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication and procedural data
  • Log data

Categories of data subjects

  • Users
  • Communication partners

Purposes of processing

  • Provision of the online offer and usability
  • Information technology infrastructure
  • Security measures
  • Communication

We process personal data on the following legal bases under the GDPR:

  • Consent (Art. 6 (1)(a) GDPR) — when explicit consent has been given.
  • Legal obligation (Art. 6 (1)(c) GDPR) — when processing is necessary to comply with a legal obligation.
  • Legitimate interests (Art. 6 (1)(f) GDPR) — when processing is necessary to protect legitimate interests and your interests do not override.

In Germany, the BDSG and any applicable state data protection laws supplement the GDPR.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk — including access controls, securing transmissions via TLS/SSL (HTTPS) and applying privacy-by-design principles when choosing our tools.

International transfers

For transfers to third countries (outside the EU/EEA) we rely on the EU-US Data Privacy Framework (DPF) and on Standard Contractual Clauses pursuant to the GDPR. More information on the DPF: dataprivacyframework.gov.

Storage and deletion

We delete personal data as soon as the legal basis for processing ceases and no statutory retention obligations require longer storage (in particular German commercial and tax law retention periods of up to 10 years under § 147 AO and § 257 HGB).

Data subject rights

Under Articles 15 to 21 GDPR, you have in particular the following rights:

  • Access to the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure or restriction of processing.
  • Data portability — receiving your data in a structured format.
  • Objection to processing, in particular based on legitimate interests or direct marketing.
  • Withdrawal of consent, with effect for the future.
  • Complaint to the competent supervisory authority.

Hosting

When you visit the site, technically necessary data is processed (IP address, timestamp, user agent, referrer, requested paths) in order to deliver content and ensure server stability. Log files are stored for a maximum of 30 days.

Hetzner

Server hosting by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Privacy: hetzner.com/datenschutz.

Cloudflare

Added by us

CDN and security services by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Processes IP addresses and connection data for DDoS protection and delivery. Privacy: cloudflare.com/privacypolicy. Legal basis for third-country transfer: DPF and Standard Contractual Clauses.

Contact

When you contact me by email, the information you provide (name, email, content) is processed solely to respond to your inquiry.

Cloudflare Email Routing

Added by us

Email forwarding via Cloudflare, Inc. Privacy: cloudflare.com/privacypolicy.

Brevo

Added by us

SMTP delivery and email authentication via Sendinblue GmbH (Brevo), Köpenicker Straße 126, 10179 Berlin. Privacy: brevo.com/legal/privacypolicy.

Blog

Blog posts are served statically. There are no comments, no tracking and no newsletter.

Changes

We update this privacy policy whenever the underlying processing changes. The current version is always available at this URL.