1. Controller

The controller responsible for data processing on this website (within the meaning of the GDPR) is:

Marc Neumann

28209, Bremen

Germany

2. General Information on Data Processing

2.1 Scope of Processing of Personal Data

I only process personal data of my users to the extent necessary to provide a functioning website along with my content and services. Personal data is regularly only processed with the user's consent, or, where there is a legal basis permitting it, without separate consent.

2.2 Legal Basis for Processing

Where I obtain the consent of the data subject for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis. When processing data that is necessary for the performance of a pre-contractual measure (e.g. inquiries via the contact link), Art. 6(1)(b) GDPR serves as the legal basis. Insofar as processing is necessary to protect a legitimate interest of mine or of a third party, and the interests, fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.

2.3 Erasure of Data and Storage Period

Personal data is erased or blocked as soon as the purpose of storage no longer applies. Data may be stored beyond this point if required by statutory retention obligations.

3. Provision of the Website and Hosting (Framer)

This website is built and hosted using the website builder Framer, a service provided by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, the Netherlands.

When this website is accessed, Framer automatically collects information in the form of server log files transmitted by the browser. These typically include:

• IP address of the requesting device

• Date and time of access

• Name and URL of the file retrieved

• Website from which access occurred (referrer URL)

• Browser used and, where applicable, the operating system

This processing is based on Art. 6(1)(f) GDPR. I have a legitimate interest in the technically error-free presentation and optimization of my website. Framer processes this data as a processor within the meaning of Art. 28 GDPR on my instruction; a corresponding data processing agreement is in place.

Framer uses technical infrastructure to operate the website that, in part, runs via servers located in the USA (Content Delivery Network). A transfer of personal data to the USA cannot be ruled out. Framer has implemented appropriate safeguards for this, in particular the EU Standard Contractual Clauses (SCCs), to ensure an adequate level of data protection.

Further information can be found in Framer's privacy statement: https://www.framer.com/legal/privacy-statement/

4. Analytics with Framer Analytics

This website uses the analytics tool built into Framer, Framer Analytics, to evaluate website usage statistically (e.g. number of visitors, pages viewed, origin of visits).

Framer Analytics does not process the IP address and user agent in plain text; instead, it hashes them together with a randomly generated value (salt) that is regenerated daily and automatically deleted after 24 hours. This makes it impossible to trace the data back to an individual. Framer Analytics does not use cookies and does not store any persistent identifiers on the user's device.

Since this is a fully anonymized evaluation with no link to a specific person, no consent from the user is required. The legal basis is my legitimate interest in the needs-based design and optimization of my website (Art. 6(1)(f) GDPR).

5. Cookies

Beyond the anonymized analytics described above (Framer Analytics), I do not set any cookies on this website myself. However, embedding third-party content (see Section 7) may cause cookies to be set by the respective provider when that content is loaded. Further information can be found in the corresponding sections of this policy.

6. Contact via Email

This website includes a link that opens your device's default email program ("mailto" link). The link itself does not transmit any data to me or to third parties, nor is any data processed by the website through it; it merely opens a pre-filled email in your email program.

If you choose to send me an email this way, I process the data you provide (e.g. name, email address, content of the message) exclusively for the purpose of handling your inquiry. The legal basis is Art. 6(1)(b) GDPR (inquiry regarding a possible contract) or Art. 6(1)(f) GDPR (legitimate interest in responding to the inquiry).

7. Embedded Videos from Vimeo

This website embeds videos from the platform Vimeo, a service provided by Vimeo.com, Inc., 555 West 18th Street, New York, NY 10011, USA.

When a page with an embedded Vimeo video is loaded, a connection is established to Vimeo's servers, which informs Vimeo that this page has been accessed. In doing so, technical information such as your IP address, browser type and settings, and the date and time of access is transmitted. This occurs regardless of whether you actively play an embedded video. Vimeo may also set cookies on your device in this context.

It cannot be ruled out that data is transferred to the USA as a result. Vimeo states that it complies with the EU Standard Contractual Clauses to ensure an adequate level of data protection.

This embedding is based on my legitimate interest in presenting my projects in an engaging, multimedia format (Art. 6(1)(f) GDPR).

Further information on Vimeo's handling of user data can be found in Vimeo's privacy policy: https://vimeo.com/privacy

8. Links to Social Networks and Services (Spotify, LinkedIn, Instagram)

This website contains links to my profiles on Spotify, LinkedIn and Instagram. These are plain hyperlinks to the respective services, not embedded plug-ins, widgets, or buttons ("social plug-ins").

Simply visiting this website therefore does not transmit any data to Spotify, LinkedIn or Instagram. Only when you actively click one of these links will you be redirected to the respective external service. From that point on, the privacy policy of the respective provider applies, over whose content and data processing I have no influence:

• Spotify AB: https://www.spotify.com/legal/privacy-policy/

• LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy

• Instagram (Meta Platforms Ireland Limited): https://privacycenter.instagram.com/policy
  
  

9. Images and Videos on the Website

The images and videos embedded on this website are hosted directly on my website's hosting infrastructure (Framer, see Section 3) and are delivered without involving any additional third-party providers. No additional data transfer to third parties beyond the technical provision described in Section 3 takes place in this regard.

10. SSL/TLS Encryption

For security reasons, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock icon displayed in your browser's address bar.

11. Rights of the Data Subject

As a data subject, you have the following rights:

• Right of access (Art. 15 GDPR)

• Right to rectification (Art. 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Art. 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR) to processing of your data carried out on the basis of Art. 6(1)(f) GDPR

• Right to withdraw any data protection consent you may have given (Art. 7(3) GDPR)

• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You may lodge a complaint with a data protection supervisory authority at any time, in particular with the authority of your habitual residence, place of work, or the place of the alleged infringement.

12. Changes to this Privacy Policy

I reserve the right to amend this privacy policy so that it always complies with current legal requirements, or to reflect changes to my services in the privacy policy. The new privacy policy will then apply to your next visit.