privacy statement

Every good (european) website needs a privacy statement? Ok, then prepare yourself for something.

preamble

Article 12 of the EU General Data Protection Regulation (GDPR) requires that I explain to you "in a precise, transparent, comprehensible and easily accessible form [and] in clear and simple language" what is happening here on this website. Since I cannot assume that you have studied computer science, law or rocket engineering for five years, I shall write plain text here. Yeah I'm happy to do that.

§1 hosting

This website is hosted by GitHub, Microsoft - Oh My God! Your access to this website will certainly be stored in the USA. I privately have not concluded a written order processing contract with this company for this domain [bennet.becker-dd.de]. Why? GitHub or Microsoft don't offer a standard contract for this hosting scenario and even if they did, it would be so long and opaque that you wouldn't have a chance to see through it without a lawyer. But since I have neither the financial means nor the time to employ a lawyer to draft such a contract, I will not do that. Since I neither sell products on this website nor intend to collect personal data in any other form, I think that is unnecessary.

And it gets even better: if I were to interpret the letters of the basic data protection regulation literally, e.g. Article 28(3)(h), I would have to personally visit my processors from time to time to check that they are doing all this correctly. So very practical: I drive to the Microsoft computer center, ring the bell at the gate and then say: "Hello, here's your contractor, Bennet from Dresden. I wanted to see if you were really doing everything right." All right?

§2 analytics and tracking

Since I run this blog mainly for myself, there are no trackers or anything else installed here. Why should I see how often I have checked if the layout is correct? So no Google Analytics, Piwik and what they are not all called. And GitHub Insigts which only has the option to be activated or to be activated works as far as I know not for GitHub Pages, which is why I only see when I updated my website.

§3 tools and features

You haven't had enough? Okay, then go on. This site uses a few tools and GitHub features. This stuff does a lot of things: GitHub with its CDN speeds up the website, some JavaScripts make for nice looks, footnotes, social sharing buttons, email alerts, photo gallery or especially nice sitemaps that make it possible for you to find this website at all. Be that as it may, many of these great features, at the long end, send your IP address to the servers you need to see a nice website here. Do I have a contract with each of these providers? Well, what do you think? I'll tell you: No! And why? Because that's complete nonsense, too. Or do you now seriously want to suggest to me that I should go on my private, self-paid (at least as far as domain and email are concerned) and completely ad-free website, which I fill in my spare time with a lot of love, now really go and with each provider of a function, which I want to use here an extensive contract processing contract? I'll tell you what: if you don't want my website to pass on your IP address, then just don't come here.

§4 contact

Now for contact: If you send me an e-mail, you have to live with the fact that I receive data from you. I will then see your e-mail address, possibly also your IP address, and if I make a good effort and evaluate the X-header of your e-mail manually, I may even be able to see the name of the computer from which you wrote the message. This is not magic or hacker art, but an Internet standard. If you can read it, you will get this data. This is due to technical reasons - and has been the case for many years. If you send me your data unsolicited, you can assume that I protect your e-mail just as well or badly as all my other e-mails. If at any time you decide that I should delete the e-mail you sent me without being asked, you may politely ask me to do so - but I promise nothing. Again, if you can't live with it, please don't send me an e-mail.

§5 cookies

You know what a cookie is? No? Ok, you can read about it here. Some people are afraid of cookies because they think you can tell if they (those people with the fear) were on a porn site last night or have a secret fetisch of some kind. That's why hardly anyone wants a website to store cookies. De facto, however, it is the case that websites hardly function today without cookies. And as long as only first party cookies are used, this is not possible with the tracking of fetisch porn sites. This website certainly also uses cookies - but only the "good" first-party cookies. Third party cookies have at least not been deliberately integrated into this website.

§6 adhortatory letters

Before you admonish me about any missing, incomplete or insufficiently penetrated aspects of the GDPR, please consider the words of the EU Justice Commissioner responsible for introducing the regulation Věra Jourová. In an interview with ZEIT she said literally: "The GDPR is about common sense and proportionality. If someone writes you an e-mail and allows you to use his data, it is clear that he gives you his consent. Incidentally, the data protection officers not only sanction, but also advise. My forecast is that the authorities will focus on those providers that can cause the most damage, those that process the most data." In addition, I would also like to refer here to a statement by the German "father" of the DSGVO, Jan Philipp Albrecht. He writes literally in his blog: "What will not happen, however, is that [...] the supervisory authorities and some warning lawyers will suddenly take a completely different approach to all the small businesses, sole proprietorships, associations and bloggers." You can assume that I will report this to both actors in the event of a warning.

§7 final provisions

Last but not least: As a computer science student and computer security and cryptography enthusiast, I have a positive attitude towards data protection. That's also why I built my own homecloud, looked for a way to deliver the website via TLS/SSL and used a German mail provider (for this website). I also have a basic mistrust of providers who promise the blue sky in Punctio IT security, such as VPN and password safe providers, which is why I built my own solution. The topic is really close to my heart. But when I then see the quality of the craftsmanship with which the basic data protection regulation was rolled out in Germany, I come to the conclusion as a rather less politically interested private person that the legislator has tolerated a lot of colertaral damage while shooting at sparrows with cannons and has made life more difficult for many unnecessarily. If you would like to read a proper privacy statement of mine, please visit my more businesslike websites - everything is according to the rules there.

 

This privacy statement is hugely inspired by ditze.net. So I won't claim it as my own and provide it under the same CC0 conditions he did. So you are free to modify, recycle or copy it - even without source reference, also commercially, I don't care.