Legal & Data Protection Notice
The Data Controller for this Website is:
Christopher Schmidt,
c/o Grosch Postflex #616, Emsdettener Straße 10,
48268 Greven, Germany
In the following you will find information about the collection, storage and other processing of personal data when visiting this website at www.christopherschmidt.net. The terms used are defined in
Art. 4 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter “GDPR”).
Processing of personal data
… when you contact me by email
When you contact me by email, the personal data you provide (i.e., your email address, your name, telephone number and other information, if applicable) will be stored by me to process and answer your enquiry. I will delete this data when storage is no longer necessary according to the circumstances (e.g., when I have been able to answer your enquiry conclusively). If there are any legal retention obligations, I will restrict the processing. The legal basis for such processing is
Art. 6(1), sentence 1, lit. f GDPR, unless your enquiry is intended to take steps prior to entering into a contract, to implement or to terminate a contract with me; in this case, the legal basis is
Art. 6(1), sentence 1, lit. b GDPR.
… when you visit this website
- When visiting my website for information purposes only, i.e., when accessing my website without sending any other personal data which is technically necessary for such access, your browser will automatically send information to the server of my website. The following set of personal data is collected without your intervention and temporarily stored until it is automatically deleted:
- Your IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Specific page URL requested;
- Access Status/HTTPS Status Code;
- Amount of data transmitted in each case;
- HTTP header fields (such as your operating system and its interface, browser type, language, version) and compatibility of your browser (so-called User-Agent, Accept, Accept-Language, Accept-Encoding), Do-Not-Track (DNT) command;
- Name of your Internet Service Provider (ISP).
- The aforementioned data is processed to ensure a smooth connection between the web server and your terminal device as well as to evaluate the system security and stability.
- The legal basis for such data processing is Art. 6(1), sentence 1, lit. f GDPR. I pursue a legitimate and overriding interest for the purposes stated above, as otherwise it is not possible to access this website correctly.
- I use a hosting provider as data processor (checkdomain GmbH, Große Burgstraße 27/29, 23552 Lübeck, Germany). I carefully selected this DIN ISO/IEC 27001 certified provider that is subject to my instructions. Data processing takes place within the EU on servers located in Germany. This data processor temporarily stores certain data categories mentioned in paragraph 1 in server log files (so-called access logs and error logs, see example below), which are automatically rotated after a predefined number of entries.
2020-02-06 19:01:05 - 85.202.70.xxx - - "GET / HTTP/1.1" 200 4516 "-" "Mozilla/5.0 (X11; Linux i686; rv:67.0) Gecko/20100101 Firefox/67.0"
Cookies
For the sake of the data minimisation principle (see,
Art. 5(1) lit. c GDPR), I refrain from using cookies on this website for visitors.
Security of processing
I use the common TLS (Transport Layer Security, version 1.2, formerly “SSL”) protocol over HTTP/2 together with one of the highest encryption levels supported by your browser. As a rule, this is a 128-bit v3 encryption (to be exact: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256). If your browser does not support this, a 256-bit technology (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) will be used instead.
You can tell whether an individual page of this website is being transmitted with encryption by the 🔑 or 🔒 symbol in the status or address bar of your browser.
Artt. 12-14 GDPR: Right to be informed about the processing of your personal data.
Art. 15 GDPR: Right to access your personal data. You have the right to ask me for access to, and copies of, your personal data. This right always applies. There are some exemptions, which means you may not always receive all personal data I process.
Art. 16 GDPR: Right to rectification of your personal data. You have the right to ask me to rectify information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete. This right always applies
Art. 17 GDPR: Right to erasure of your personal data. You have the right to ask me to erase your personal data under certain circumstances.
Art. 18 GDPR: Right to object to processing of your personal data. You have the right to object to processing, on grounds relating to your particular situation, if I process your personal data because the process is in my legitimate interests based on
lit. (f) of Article 6(1) GDPR. You may object to processing for direct marketing without giving reasons, but I will not process your personal data for that purpose.
Art. 20 GDPR: Right to data portability. This only applies to information you have given me. You have the right to ask that I transfer the information you gave me from one organisation to another, or give it to you. The right only applies if I am processing personal data (a) based on your consent (pursuant to
lit. (a) of Article 6(1) or
lit. (a) of Article 9(2) GDPR) or on a contract (pursuant to
lit. (b) of Article 6(1) GDPR), and (b) the processing is carried out by automated means.
Art. 21 GDPR: Right to restrict processing of your personal data. You have the right to ask me to restrict the processing of your personal data under certain circumstances.
Art. 22 GDPR: Rights in relation to automated decision making, including profiling.
Changes to this Notice
This Data Protection Notice is kept under regular review and subject to change.