We keep this website intentionally lean and collect as little personal data as possible. This page explains what is processed when you visit us, why, and which rights you have under the GDPR.
The controller responsible for the processing of personal data on this website is:
David Badura
Schorlemerstr. 88
40547 Düsseldorf
Germany
Phone: +49 1763 4306 156
E-Mail: info@patchlevel.de
The controller is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (such as names or email addresses).
The website is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. When you open a page, your browser necessarily exchanges technical data with that infrastructure so the site can be delivered to you. Hetzner acts as our processor under a data processing agreement and handles this data on our behalf. You can review Hetzner's own privacy information at hetzner.com/legal/privacy-policy.
The legal basis for hosting is our legitimate interest in providing this website reliably and securely (Art. 6 (1)(f) GDPR).
Like virtually every website, our hosting environment automatically records standard access information for each request. This typically includes the requested page, the date and time, the amount of data transferred, your browser type and version, your operating system, the referring page, and your IP address. We use this information only to deliver the site, keep it stable, and protect it against misuse or attacks. We do not combine it with other data, and we do not use it to identify individual visitors.
The legal basis is our legitimate interest in the secure and stable operation of the website (Art. 6 (1)(f) GDPR). Log data is kept only for as long as needed for these purposes and then deleted.
To keep the site fast and to protect it against attacks such as denial-of-service attempts, traffic to this website is routed through Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare necessarily processes connection data - including your IP address - to deliver content and filter malicious requests. This is essential to operating the site, so it runs on the basis of our legitimate interest in a secure and reliable service (Art. 6 (1)(f) GDPR). Where data is transferred to the USA, Cloudflare relies on the EU Standard Contractual Clauses. You can find more in Cloudflare's privacy policy at cloudflare.com/privacypolicy.
To understand which pages are useful and how to improve them, we use Matomo, an open-source analytics tool that we host ourselves on our own infrastructure. No analytics data is sent to third parties or shared with anyone else - it stays with us. We always run Matomo with IP anonymization, so your IP address is shortened before it is stored and cannot be traced back to you.
By default, Matomo measures usage without storing cookies or other identifiers on your device. This cookieless measurement runs on the basis of our legitimate interest in evaluating and improving our website (Art. 6 (1)(f) GDPR).
You can additionally allow cookie-based analytics through the consent banner. If you agree, Matomo stores first-party cookies on your device so that your visits can be recognized across pages, which produces more accurate statistics. This cookie-based measurement takes place only on the basis of your consent (Art. 6 (1)(a) GDPR, § 25 (1) TDDDG). You can withdraw your consent at any time with effect for the future via the "Cookie settings" link in the footer; declining keeps analytics fully cookieless.
In addition to Matomo, we currently evaluate Umami, an open-source analytics tool that we also host ourselves on our own infrastructure. Umami works entirely without cookies and does not store any identifiers on your device. It collects anonymized usage statistics that cannot be traced back to you, and no data is sent to third parties or shared with anyone else. This cookieless measurement runs on the basis of our legitimate interest in evaluating and improving our website (Art. 6 (1)(f) GDPR).
This website does not use cookies for advertising or cross-site tracking. We store a small cookie to remember the choice you make in the consent banner, so we don't have to ask again on every visit. Beyond that, cookies are only set for the Matomo analytics described above, and only if you actively consent to them - by default the site runs without them. You can review or withdraw your consent at any time via the "Cookie settings" link in the footer, and you can configure your browser to refuse or delete stored data; none of this affects your ability to use the site.
Under the GDPR you have the following rights regarding your personal data:
To exercise any of these rights, simply contact us using the details above. Where processing relies on your consent, you may withdraw it at any time with effect for the future; this does not affect the lawfulness of processing carried out beforehand.
You also have the right to lodge a complaint with a data protection supervisory authority - for example, in the EU member state where you live, work, or where you believe an infringement occurred.
For security, this website is served exclusively over an encrypted TLS connection (recognizable by the "https://" prefix and the lock icon in your browser). This protects the data exchanged between your browser and our servers from being read by third parties in transit.
If you reach out to us by email, the details you provide - such as your name, your address, and the content of your message - are processed solely to handle your request and any follow-up. We base this on our legitimate interest in responding to enquiries, or, where your message concerns a contract, on the steps needed to enter into or perform that contract (Art. 6 (1)(b) and (f) GDPR). We retain such correspondence only as long as necessary and subject to any statutory retention obligations.
We may update this privacy policy when our website or the applicable legal requirements change. The version published here always applies to your current visit.