Privacy Policy
1. Data Controller
Anton Kopylow
Alte Kieler Landstraße 104
24768 Rendsburg
Germany
(postal address only / no residence)
Email: [email protected]
2. Hosting
This website is hosted on Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). In order to deliver the website, Cloudflare processes technically necessary connection metadata (including IP address, user agent, and timestamps). The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable operation of the website).
3. Comment Function
When utilizing the comment function, the following data is processed:
- Name: Mandatory, freely selectable, max. 60 characters.
- Comment text: Mandatory, max. 2000 characters.
- Email address: Voluntary. This is used exclusively for (a) transmitting a 6-digit verification code to secure your chosen name and (b) optionally receiving notifications for replies.
- Hashed IP address: (SHA-256 with a rotating salt). The IP address is not stored in plaintext. The purpose of this processing is spam and abuse prevention, as well as the enforcement of rate limits.
- Session cookie: (
cii_sid, HttpOnly, retention period: 1 year). This cookie is only set following successful email verification. It enables you to post further comments under the same name without re-entering the verification code. This cookie is strictly necessary for the feature you have actively requested (therefore, no cookie consent banner is required pursuant to the relevant ePrivacy directive exemptions).
The legal basis for this processing is Art. 6(1)(a) GDPR (consent provided by submitting the comment) and Art. 6(1)(f) GDPR (legitimate interest in spam protection).
4. Contact Form
When using the contact form, the following data is processed:
- Name: Mandatory, max. 60 characters.
- Message: Mandatory, max. 2000 characters.
- Email address: Voluntary. It is only needed if you would like a reply, in which case it serves as the reply address.
- Phone number: Voluntary, in case you prefer to be contacted by phone.
- Hashed IP address: (SHA-256 with a rotating salt) for spam and abuse prevention and for the enforcement of rate limits.
Your message is not stored in a database; it is delivered to the controller exclusively by email via the service provider Resend (see Section 6). If you provided an email address, it is set as the reply address (Reply-To). The legal basis is Art. 6(1)(a) GDPR (consent provided by submitting the message) and Art. 6(1)(f) GDPR (legitimate interest in processing your inquiry and in spam protection).
5. Cloudflare Turnstile
To protect against automated entries (bots), we employ Cloudflare Turnstile. The script is only loaded when you click into the comment or contact form. Turnstile evaluates browser signals to determine whether the user is human, without setting any tracking cookies.
6. Email Dispatch
The dispatch of verification codes, reply notifications, and contact-form messages is conducted via the service provider Resend (Resend.com, EU region). Email addresses stored as part of the comment function are hashed (SHA-256 with a stable salt) and additionally encrypted using AES-GCM prior to storage in our database.
7. Donations and Payment Methods
In the support area, we link to external payment services (including PayPal, Revolut, and Amazon). When you click one of these links or make a payment, you leave this website; the processing of your payment data (e.g. credit-card or bank-account details) is then carried out exclusively by the respective provider under its own privacy policy. On this website itself we do not collect or store any payment data.
Where personal data reaches us in the course of a contribution (such as your name, a contact detail you enter in the payment reference, and the date and amount of the payment as transmitted to us by the payment provider), we process this data to handle and document the contribution. Insofar as we are legally obliged to retain it, we store this data to comply with commercial and tax-law retention obligations (including § 147 of the German Fiscal Code (AO) and § 257 of the German Commercial Code (HGB)) on the basis of Art. 6(1)(c) GDPR, and we delete it once the statutory retention periods (generally 6 to 10 years) have expired.
8. Data Retention
- Pending verifications: 24 hours.
- Resolved reports: 90 days.
- Comments: Until revoked or upon your request for deletion.
- Bans (
bans): Indefinite (for the purpose of abuse prevention). - Contribution/payment records: Where statutory retention obligations apply, 6 to 10 years (including § 147 AO, § 257 HGB).
9. Data Subject Rights
You have the right to request access, rectification, erasure, restriction of processing, data portability, and the right to object (Art. 15–21 GDPR). In the event of a deletion request, the content and name of your comment will be replaced with the designation "[deleted]"; the thread structure remains intact. Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority.