1. Introduction
  2. Responsible
  3. Overview of the data processing
  4. Categories of affected persons
  5. Purposes of data processing
  6. Significant legal basis
  7. Security measures
  8. Providing website and web hosting
  9. Blogs and publication media
  10. Presences on social networks (social media)
    1. Further information on processing processes, procedures and services


With the following privacy policy, I would like to enlighten you what types of your personal data (hereinafter also referred to as “data”) I process for which purposes and to what extent processes. The privacy policy applies to all of the processing of personal data carried out by me, both in the context of the provision of my services as well as in particular on my websites, in mobile applications and within external online presences, such as my social media profiles (hereinafter referred to as “online offer”).

The terms used are not gender-specifically.

Status: July, 10th 2022


Stefan Thierolf
Rudolf-Marburg Str. 24
64720 Michelstadt

hello [AT] thierolf [DOT] org


Overview of the data processing

The following overview summarizes the types of processed data and the purposes of their processing together and refers to the persons concerned.

  • Contact details (e.g. e-mail, telephone numbers)

  • Content data

  • Usage data

  • Meta / communication data (e.g., device information, IP addresses)

Categories of affected persons

  • Web site visitors

Purposes of data processing

  • Contact requests and communication

Significant legal basis

Below you will find an overview of the legal basis of the GDPR (General Data Protection Regulation), on the basis of which I process personal data. Please take note, that in addition to the regulations of the GDPR national privacy requirements in your or can apply to my residential or seat. Should also be in individual cases more specific legal bases, I share these in the Privacy Policy with.

Permitted interests (Art. 6 para. 1 p. 1 lit. f. GDPR)
The processing is for the preservation of the legitimate interests of the responsible or requires a third party, unless the Interests or fundamental rights and fundamental freedoms of the person concerned, which require the protection of personal data.

National privacy regulations in Germany
In addition to the data protection regulations of the Data Protection Basic Regulation, national regulations for data protection apply in Germany. This includes in particular the law for protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains In particular, special regulations on the right to information, the right to deletion, the right of objection, for the processing of special categories of personal data, for processing for other purposes and for transmission and automated decision-making in individual cases including profiling. Furthermore, it regulates the data processing for purposes of Employment relationship (§ 26 BDSG), in particular with regard to the grounds, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can apply.

Security measures

In accordance with the statutory requirements, taking into account the prior art, the implementation costs and the nature, the scope, the circumstances and the purposes of processing and the different occurrence probabilities and the extent of the threat of the rights and freedoms of natural persons, suitable technical and organizational measures to ensure a risk reasonable level of protection. Measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and separation. Furthermore, I have set up procedures that ensure perception of affected rights, the deletion of data and responses to the endangerment of the data. Furthermore, I take into account the protection of personal data in the development of or selecting hardware, software and methods according to the principle of data protection, technology design and privacy-friendly presets.

Reduction of the IP address (ip-masking)
If IP addresses are processed by me or by the technologies used and the processing of a full IP address is not required, the IP address is shortened (also referred to as “IP masking”). Here, the last two digits, or the last part of the IP address are replaced by a point, or replaced by wildcards. With the reduction of the IP address, the identification of a person should be prevented or much more difficult on the basis of your IP address.

TLS encryption (https)
To protect your data transmitted via my wbsite, I use a TLS encryption. You recognize such Encrypted connections to the prefix https: // in the address bar of your browser.

Email encryption (pgp)
To protect your communication with me by email, I offer Public-PGP Key on my website on or the public PGP key will be sent to any email.

Content Security Policy (csp)
To protect your data transmitted via my online offer, I set Content Security Policy (CSP). The CSP is an additional safety layer that helps to recognize and mitigate certain types of attacks. These attacks are used for all data theft, up to site defacment, malicious program distribution.

Providing website and web hosting

In order to provide my online offer safely and efficiently, I use the services of one or more web hosting providers, of whose servers (or servers you manage) can be accessed online. For these purposes, I can use infrastructure and platform services, computing capacity, storage and database services as well as security services and technical maintenance services.

For the data processed under the provision of host intake, all information relating to my online offer, which are incurred in the context of the use and communication. This regularly includes the IP address necessary to deliver the contents of online offers to browsers, and all entries made within my online offer or websites.

Processed data types
Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta / communication data (e.g., device information, IP addresses).

Affected persons
Users (e.g., website visitors, users of online services).

Purposes of data processing
Provision of my website and user-friendliness.

Legal basis
Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further information on processing processes, procedures and services

E-mail and hosting
The web hosting benefits used by me also include shipping, reception and storage of e-mails. For these purposes, the addresses of the beneficiaries and senders as well as further information concerning e-mail delivery (e.g., the providers involved) and the contents of the respective e-mails are processed. The aforementioned data is further processed for purposes of detection of SPAM. I am, please note that e-mails on the Internet are generally not sent encrypted. As a rule, although e-mails are encrypted on the transport route, but (unless used so-called end-to-end encryption method) are not on the servers from which they are sent and received. Therefore, I can not assume any responsibility for the transmission path of the e-mails between the sender and the reception on my server. Therefore, I offer the end-to-end encryption method Pretty Good Privacy. My public keys can be found in About.

Collection of access data and log files
I myself (or my web hosting provider) rises data for any access to the server (so-called server log files). To the server log files, the address and name of the retrieved web pages and files, date and time of the retrieval, transmitted data sets, message about successful retrieval, browser type along with version, the user’s operating system, Referrer URL (the previously visited page) and usually visited Addresses and the inquiring providers belong. The server log files can be used for safety purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDOs attacks) and, on the other, to ensure the utilization of the servers and their stability; Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is needed for evidence purposes are exempted from the deletion until the final clarification of the respective incident.

Blogs and publication media

I use blogs or similar means of online communication and publication (hereinafter “publication medium”). The data of the readers are processed only insofar for the purposes of the publication medium than it is necessary for its presentation and communication between authors and readers or for safety reasons. Incidentally, we refer to the information on the processing of the visitors of my publication medium in the context of this privacy policy.

Processed data types
Inventory data (e.g., names, addresses); Contact details (e.g. e-mail, Phone numbers); Content data (e.g., entries in online forms); Usage data (e.g. visited websites, interest in content, Access times); Meta / communication data (e.g., device information, IP addresses).

Affected persons
Users (e.g., website visitors, users of online services).

Purposes of data processing
Providing contractual services and customer service; Feedback (e.g. Collect Feedback via Online Form). Legal basis: contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. GDPR); Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Presences on social networks (social media)

I maintain online presences within social networks and process data from users in this context to communicate with the users active there or to offer information about me.

I point out that data from users outside the room of the European Union can be processed. This may result for the users risks, as e.g. the enforcement of the rights of users could be made more difficult.

Furthermore, the data of the users within social networks are usually processed for market research and advertising purposes. Thus, e.g. on the basis of the usage behavior and the resulting interests of the user use profiles are created. The usage profiles can be used in turn, e.g. to switch advertisements within and outside the networks that allocate the interests of the users. For these purposes, cookies are usually stored on the computers of users in which the usage behavior and the interests of the users are stored. Furthermore, data can also be stored in the use profiles even independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in with them).

For a detailed presentation of the respective processing forms and the opposition possibilities (opt-out) I refer to the privacy statements and information of the operators of the respective networks.

Also in the case of information requests and the assertion of those affected, I point out that they can be asserted most effectively at the providers. Only the providers have access to users of users and can directly take appropriate measures and provide information. You still need help, then you can turn to me.

Processed data types
Contact details (e.g. e-mail, telephone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, content, access times); Meta / communication data (e.g., device information, IP addresses).

Affected persons
Users (e.g., website visitors, users of online services).

Purposes of data processing
Contact requests and communication; Feedback (e.g., collect feedback via online form); Marketing.

Legal basis
Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

Further information on processing processes, procedures and services

Modified by the website owner. Created with the free von Dr. Thomas Schwenke