Privacy Policy

Preamble

I hereby inform you about which personal data are processed when using my website and for what purposes this is done.

Last updated: November 12, 2025

Table of Contents

• • Preamble
• • Data Controller
• • Data Processed
• • Legal Basis
• • Security Measures
• • Transfer of Personal Data
• • Hosting at Vercel
• • Server Log Files
• • Local Provision of Google Fonts
• • Rights of Data Subjects

Data Controller

Daniel Klimann
Spitzwegstraße 10
91126 Schwabach, Germany

Email: daniel@klimann.net

Legal Notice: klimann.net/legal

Data Processed

Automatically Processed Data When Visiting the Website:

• • IP address
• • Browser type and version
• • Operating system
• • Date and time of access
• • Accessed URL
• • Referrer URL

These data are technically required for providing the website.

No Cookies:

This website does not use cookies or any tracking technologies.

Legal Basis

Data processing is carried out pursuant to Art. 6 (1) lit. f GDPR based on my legitimate interest in the secure and efficient provision of my website.

Security Measures

I implement appropriate technical and organizational measures to protect users’ data. This includes, in particular, encrypting data transmission using TLS/HTTPS and measures to secure the server infrastructure and log files.

This ensures that personal data is protected from unauthorized access, loss, or manipulation.

Hosting at Vercel

My website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA.
Vercel processes the access data mentioned above (e.g., IP addresses, log files) to technically provide the website and ensure security features.

USA Transfer:

Vercel is certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection.
More information: https://vercel.com/legal/privacy-policy
Legal basis: Art. 6 (1) lit. f GDPR

Server Log Files

Vercel stores server log files, which may contain the following data:

• • IP address
• • Accessed pages
• • Browser information
• • Date and time
• • Referrer URL

Retention period: max. 30 days, then deleted or anonymized.
Legal basis: Art. 6 (1) lit. f GDPR

Local Provision of Google Fonts

This website uses fonts via next/font/google.
The fonts are served locally from my own server. No connection to Google servers is made and no data is transmitted to Google.
Legal basis: Art. 6 (1) lit. f GDPR

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights according to the GDPR, particularly from Art. 15 to 21 GDPR:

• Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling, insofar as it is related to such direct marketing.


• Right of Access: You have the right to obtain confirmation as to whether personal data concerning you are being processed and to request access to such data as well as additional information and a copy of the data in accordance with legal requirements.


• Right to Rectification: You have the right, in accordance with legal requirements, to request the completion or correction of inaccurate personal data concerning you.


• Right to Erasure and Restriction of Processing: You have the right, according to the legal provisions, to request that personal data concerning you be deleted without delay, or alternatively, to request a restriction of processing of your data.


• Right to Data Portability: You have the right to receive personal data you have provided to me in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.


• Complaint to Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, especially in the member state of your habitual residence, your workplace, or the place of the alleged infringement, if you consider that the processing of your personal data violates the GDPR. The competent authority is the Bavarian Data Protection Authority (https://www.lda.bayern.de/).

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke