Privacy Policy - André Herling

Privacy Policy

Information about data protection and the processing of your personal data.

Call Now

Introduction

I place great importance on the protection of your personal data. On my websites, I only process data that is technically necessary and consciously refrain from using analysis and tracking tools. Additionally, no third-party providers are integrated to ensure the confidentiality of your data. My websites are based on open-source software to enable transparency, security, and control. Below, I inform you about how I handle your data on andreherling.de (Genie Framework) and cloud.andreherling.de (NextCloud).

Responsible Party

André Herling
André Herling (Freelance)
Ursula-von-Reibnitz-Str. 2
42287 Wuppertal, Germany

Email: kontakt@andreherling.de
Phone: +49 202 29993910

Hosting and Data Processing Agreement

Strato AG
Pascalstraße 10
10587 Berlin, Germany

I host my websites on servers of Strato AG. A data processing agreement (DPA) according to Art. 28 GDPR exists with Strato, which ensures that your data is processed in accordance with applicable data protection regulations. Strato does not act as a third party but as a data processor on my behalf.

Common Aspects for andreherling.de and cloud.andreherling.de

SSL/TLS Encryption

To protect the security of your data during transmission, both websites use SSL/TLS encryption. You can recognize an encrypted connection by the prefix https:// in the address bar of your browser.

Cookies

Both websites use technically necessary cookies, which are required for the operation of the websites. These cookies do not store personal data for marketing or tracking purposes. They mainly serve session management and authentication.

Server Log Files

For the purpose of monitoring technical functionality and increasing operational security, connection data is stored in so-called server log files on both websites. This data includes:

  • IP address of the device accessing the site
  • Date and time of access
  • Retrieved file or page
  • Browser type and version
  • Operating system

The server log files are stored for 42 days and then deleted or anonymized. Longer storage only occurs if necessary to fulfill legal obligations or to protect legitimate interests, such as investigating security incidents.

No Analysis or Tracking Tools

No analysis or tracking tools are used on either website. The pages are optimized without processing personal data.

Rights of Data Subjects

You have the right to:

  • Access to the personal data I process about you in accordance with Art. 15 GDPR.
  • Rectification of incorrect or incomplete data in accordance with Art. 16 GDPR.
  • Erasure of your data in accordance with Art. 17 GDPR, provided there are no legal retention obligations.
  • Restriction of processing of your data in accordance with Art. 18 GDPR.
  • Data portability in accordance with Art. 20 GDPR, insofar as the processing is based on your consent or a contract.
  • Objection to the processing of your data in accordance with Art. 21 GDPR, insofar as this is based on a legitimate interest.

To exercise your rights, you can contact me at any time:

Email: kontakt@andreherling.de
Phone: +49 202 29993910

Website andreherling.de (Genie Framework)

Purpose and Legal Basis of Data Processing

On andreherling.de, only technically necessary data is processed to provide the website securely and functionally. This data includes:

  • IP address
  • Date and time of access
  • Type of browser and operating system

The legal basis for this data processing is my legitimate interest according to Art. 6 para. 1 lit. f GDPR, as this data is technically required for providing the website.

Note on Genie Framework

The website is based on the open-source software Genie Framework. Genie can set technically necessary cookies and process data required for the operation of the website. No additional plugins are used that process personal data for marketing or analysis purposes. Should this be the case in the future, relevant information will be provided here.

Contact

If a contact form is available on andreherling.de, the data you enter will be used exclusively to process your inquiry. The legal basis for this is Art. 6 para. 1 lit. b GDPR (contract initiation) and Art. 6 para. 1 lit. f GDPR (legitimate interest in processing inquiries).

Website cloud.andreherling.de (NextCloud)

Purpose and Legal Basis of Data Processing

cloud.andreherling.de is based on the open-source software NextCloud and serves secure communication and file sharing with my clients. By operating the cloud solution independently, I have full control over data security and confidentiality.

In the context of using the cloud, I process the following data:

  • User data: Username, email address, and any additional information required for using the cloud.
  • Connection data: IP address, access times, and browser used.
  • Files: All files uploaded by you or stored in the cloud.

The processing of this data is based on contractual obligations according to Art. 6 para. 1 lit. b GDPR as well as my legitimate interest in secure and smooth communication with clients according to Art. 6 para. 1 lit. f GDPR.

Note on Private Use of the Cloud

The cloud at cloud.andreherling.de can also be used for private purposes. This private use does not affect the processing of your personal data.

Security Measures and Retention Periods

To ensure the confidentiality and security of your data, I use modern encryption and security procedures. Access to the data is protected by strict access restrictions. All data is stored on servers in Germany that meet high security standards.

Your data is stored in accordance with legal retention periods, for example, according to § 257 HGB and § 147 AO, which provide for retention of up to 10 years. The legal basis for this is the fulfillment of legal obligations according to Art. 6 para. 1 lit. c GDPR.

Open-Source Software and No Third Parties

I consciously rely on open-source software like Genie Framework and NextCloud to ensure transparency and security. Open-source solutions allow me to review the source code at any time and ensure that there are no hidden mechanisms for collecting or processing personal data. This gives me control over the essential aspects of data processing.

For the functionality of the websites, some additional plugins or packages are used. These are configured to process only technically necessary data and not to transmit personal data to third parties.

This software does not constitute a third-party solution, as I host it myself and no personal data is passed on to third parties. Processing by my hosting provider Strato takes place exclusively within the framework of a data processing agreement according to Art. 28 GDPR.

Contact

If you contact me by email or phone, your transmitted personal data will be automatically stored to process your inquiry and for possible follow-up questions. I do not pass on this data without your consent.

The legal basis for processing the data is the fulfillment of a contract or pre-contractual measures according to Art. 6 para. 1 lit. b GDPR as well as my legitimate interest in communicating with interested parties and customers according to Art. 6 para. 1 lit. f GDPR.

Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data is not lawful, you have the right to lodge a complaint with the competent data protection supervisory authority.

Changes to the Privacy Policy

I reserve the right to update this privacy policy in the event of changes to the websites, technologies used, or adjustments to the legal framework. The current version is always available on my websites.

Date: February 25, 2025

Final Remark

Data protection is an important concern for me. If you have any questions or concerns regarding data protection, I am happy to assist you.