Controller
The controller within the meaning of the GDPR is: Anton Antonsen Kanalstraße 63 24159 Kiel Deutschland / Germany Email: mail@andreasgoertzen.eu
Types of Data Collected
We collect and process the following personal data: - Account data: name, email address - Authentication data: hashed passwords, one-time codes (OTP) - Usage data: IP address, browser type, access times - Communication data: email correspondence content
Purposes and Legal Basis
We process your data based on the following legal grounds (Art. 6(1) GDPR): - Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent - Contract performance (Art. 6(1)(b) GDPR): To fulfill our contractual obligations - Legal obligation (Art. 6(1)(c) GDPR): To comply with legal requirements - Legitimate interests (Art. 6(1)(f) GDPR): For our legitimate business interests, unless overridden by your rights
Authentication
We use email/password and email-based one-time password (OTP) authentication. Password data is stored in hashed form only. OTP codes are temporary and expire after use. Authentication sessions are managed via secure HTTP-only cookies.
Cookies
This website uses technically necessary cookies for authentication and session management in accordance with § 25 TTDSG. These cookies are essential for the functionality of the service and do not require consent. No tracking or analytics cookies are used.
Server Logs and Hosting
Our hosting provider automatically collects and stores information in server log files that your browser transmits. This includes IP address, browser type and version, operating system, referrer URL, and time of access. This data is processed based on Art. 6(1)(f) GDPR for ensuring the security and stability of our service.
Email Communication
We use Amazon Web Services Simple Email Service (AWS SES) for sending transactional emails (authentication codes, password resets). AWS processes data in accordance with their Data Processing Addendum. Data may be transferred to AWS data centers. The legal basis is Art. 6(1)(b) GDPR (contract performance).
Third-Party Services and Data Transfers
We use the following third-party services: - Neon (database hosting): Your account data is stored in Neon's PostgreSQL database infrastructure - AWS SES (email delivery): Used for transactional emails Data transfers to third countries are secured by appropriate safeguards (Standard Contractual Clauses, Art. 46 GDPR).
Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of the contractual relationship. After account deletion, data is removed within 30 days, unless longer retention is required by law.
Your Rights
Under the GDPR, you have the following rights: - Right of access (Art. 15 GDPR) - Right to rectification (Art. 16 GDPR) - Right to erasure (Art. 17 GDPR) - Right to restriction of processing (Art. 18 GDPR) - Right to data portability (Art. 20 GDPR) - Right to object (Art. 21 GDPR) To exercise these rights, contact us at: mail@andreasgoertzen.eu
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is the data protection authority of the federal state in which our company is based.
Automated Decision-Making
We do not use automated decision-making, including profiling, pursuant to Art. 22 GDPR.