Privacy Policy

Data Controller

Christoph Schepan
c/o Spaces
Willy-Brandt-Straße 23
20457 Hamburg, Germany

E-Mail: contact@schepan.com

Server Logs

Our hosting provider Vercel automatically collects technical information including IP addresses, request timestamps, and browser details. This data is processed on the basis of our legitimate interest in ensuring the security and operation of our website (GDPR Article 6(1)(f)).

Analytics

Google Analytics: Collects anonymized usage data with IP anonymization enabled. Processing is consent-based under GDPR Article 6(1)(a). Analytics data is retained for 14 months within Google Analytics.

Vercel Analytics: Gathers pseudonymized statistics without cookies on a consent basis (GDPR Article 6(1)(a)).

Vercel Speed Insights: Automatically collects performance metrics (Core Web Vitals) without cookies on the basis of our legitimate interest in maintaining website performance (GDPR Article 6(1)(f)).

Fonts

Web fonts are self-hosted via Next.js optimization. No data is transferred to external font providers.

International Data Transfers

Some of our service providers (Google, Vercel) are based in the United States. Data transfers to the US are covered by the EU–US Data Privacy Framework, under which the European Commission has issued an adequacy decision (GDPR Article 45). Where applicable, we additionally rely on standard contractual clauses (GDPR Article 46(2)(c)).

Consent Management

Your cookie preferences are stored locally. For accountability purposes under GDPR Article 5(2), consent decisions may be logged server-side with hashed IP addresses.

Your Rights

Under GDPR Articles 15–21, you have the right to access, rectification, erasure, restriction of processing, data portability, and objection. To exercise these rights, please contact us using the details provided above.

You also have the right to lodge a complaint with a supervisory authority (GDPR Article 77). The competent authority is the Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit ( datenschutz-hamburg.de).

Data Retention

Personal data is retained only as long as necessary for the purposes for which it was collected. Google Analytics data is retained for 14 months. Server logs are retained according to our hosting provider's standard retention periods.

Contact via Email

If you contact us by email, your data (email address, name, and message content) will be stored for the purpose of processing your inquiry on the basis of GDPR Article 6(1)(f) (legitimate interest) or Article 6(1)(b) (pre-contractual measures). We delete this data once the purpose of storage no longer applies.