Back

Privacy Policy

Last updated: 2 June 2026

1. Introduction

This website is operated by: Johannes Homeier.

It is very important to me to handle my website visitors’ data confidentially and to protect it in the best possible way. For this reason, I make every effort to comply with the requirements of the GDPR.

Below I explain how I process your data on my website. I use language that is as clear and transparent as possible so that you really understand what happens to your data.

2. General information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified. This is, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently sitting in front of. Such data is processed when ‘something happens to it’. Here, for example, the IP is transmitted from the browser to my provider and automatically stored there. This is then a processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable regulations/laws - GDPR, BDSG and TDDDG

The scope of data protection is regulated by law. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

In addition, the TDDDG governs the storing of information on, and access to information already stored in, your terminal equipment (for example cookies or local storage).

2.3 The person responsible

The controller within the meaning of the GDPR is responsible for data processing on this website. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the person responsible at:

Johannes Homeier
Brahmsstraße 14
93053 Regensburg

2.4 How data is generally processed on this website

As I have already established, there is data (e.g. IP address) that is collected automatically. This data is mainly required for the technical provision of the website. If I also use personal data or collect other data, I will inform you of this or ask for your consent.

You consciously provide me with other personal data.

You will find detailed information on this below.

2.5 Your rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipient and purpose of your stored personal data. You can also request the rectification, blocking or erasure of this data or lodge a complaint with the competent data protection supervisory authority. You can revoke your consent at any time.

You can find out what these rights look like in detail and how to exercise them in the last section of this Privacy Policy.

2.6 Data protection - My view

Data protection is more than just a chore for me! Personal data has great value and careful handling of this data should be a matter of course in today’s digitalized world. As a website visitor, you should also be able to decide for yourself what “happens” to your data, when and by whom. That is why I am committed to complying with all legal regulations, only collect the data I need and, of course, treat it confidentially.

2.7 Forwarding and deletion

The transfer and deletion of data are also important and sensitive issues. I would therefore like to briefly inform you in advance about my general approach to this.

Data will only be passed on on the basis of a legal basis and only if this is unavoidable. This may be the case in particular if it is a so-called Data Processor and a Data Processing Agreement has been concluded in accordance with Art. 28 GDPR.

I delete your data when the purpose and legal basis for processing no longer apply and the deletion does not conflict with any other legal obligations. Art. 17 GDPR also provides a ‘good’ overview of this.

For further information, please refer to this Privacy Policy and contact the person responsible if you have any specific questions.

2.8 Hosting

Vercel

The Vercel service of Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA, is used to host this website. Vercel is a cloud platform for the provision and operation of web applications and static websites via a global edge network. Each time this website is accessed, technical connection data is automatically recorded in so-called server log files, including IP address, date and time of access, page accessed, HTTP status code and amount of data transferred. Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and functional operation of the website). As Vercel Inc. is based in the USA and the website is delivered via a global edge network, personal data is transferred to a third country. Vercel is certified according to the EU-US Data Privacy Framework (DPF); in addition, standard contractual clauses (SCC) pursuant to Art. 46 para. 2 lit. c GDPR are used. Further information can be found in Vercel’s Privacy Policy: https://vercel.com/legal/privacy-policy

2.9 Legal basis

The processing of personal data always requires a legal basis. The GDPR provides the following possibilities in Art. 6 para. 1 sentence 1:

  1. The data subject has given their consent to the processing of their personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. The processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, I will provide you with the specific legal basis for the respective processing.

3. What happens on my website

When you visit my website, I process your personal data.

I use SSL or TLS encryption to protect this data in the best possible way against unauthorized access by third parties. You can recognize this encrypted connection by the https:// or lock symbol in the address bar of your browser.

Below you can find out what data is collected when you visit my website, for what purpose this is done and on what legal basis.

3.1 Data collection when accessing the website

When you visit the website, information is automatically stored in so-called server log files. This is the following information:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is temporarily required in order to be able to display my website to you permanently and without any problems. In particular, this data is used for the following purposes:

  • System security of the website
  • System stability of the website
  • Troubleshooting on the website
  • Establishing a connection to the website
  • Presentation of the website

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on my legitimate interest in the processing of this data, in particular my interest in the functionality of the website and its security.

Where possible, this data is stored in pseudonymized form and deleted once the respective purpose has been achieved.

If the server log files make it possible to identify the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event has been resolved and finally clarified.

Otherwise, no merging with other data takes place.

3.2 Cookies and local storage

This website does not use cookies.

I store a single entry in your browser’s local storage to remember the colour theme (light/dark) you select. This information stays on your device, is not transmitted to me or to any third party, and is used solely to provide that functionality. The legal basis is § 25 (2) no. 2 TDDDG (storage strictly necessary to provide a service you have explicitly requested), in conjunction with Art. 6 (1) (f) GDPR (legitimate interest in a consistent presentation). You can delete this entry at any time via your browser settings.

3.3 Data processing through user input

3.3.1 Contact me

Contact form (own development)

A self-developed contact form is provided on my website to enable direct contact. The form is used to enter and transmit personal inquiries and I, the website operator, am solely responsible for its technical content. The contact form is generally used to process the communication content entered (such as name, email address and message text), technical metadata (e.g. IP address, time of transmission, browser used) and any other information provided by users. This data is processed for the purpose of processing and responding to inquiries and initiating or processing contractual relationships. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR for the implementation of (pre-)contractual measures or Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in efficient and user-friendly communication. No cookies are set as part of the contact form. The submitted data is stored in my database (see 3.3.2 below) and delivered to me by email through my processor Resend (see 3.4 below); delivery via Resend involves a transfer to the USA, for which appropriate safeguards are in place. The data is deleted as soon as it is no longer required to fulfill the purpose, consent is revoked or statutory retention obligations have expired. Further information can be found in this Privacy Policy.

3.3.2 Storage of contact requests

Messages submitted through the contact form (your message, your email address if you provide one, and the time of submission) are stored in a PostgreSQL database provided by Neon (Neon, Inc.). The database is hosted within the European Union on Amazon Web Services infrastructure in Frankfurt, Germany (eu-central-1); the stored message content therefore remains in the EU and is not transferred to a third country for storage. I use this provider on the basis of a data processing agreement pursuant to Art. 28 GDPR; in so far as the provider is established outside the EU, standard contractual clauses (Art. 46 GDPR) serve as an additional safeguard against access from a third country. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in receiving, organising and being able to respond to enquiries) and Art. 6 para. 1 lit. b GDPR where the enquiry concerns (pre-)contractual matters. The data is deleted as soon as it is no longer required for this purpose.

3.4 Mailing service

Resend

I use the email service Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA, solely to deliver messages submitted through my contact form to my own inbox. When you submit the form, the data you enter (your message and, if provided, your email address) and technical metadata are transmitted to and processed by Resend for the sole purpose of delivering that message to me. I do not use Resend for newsletters or marketing. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in receiving and responding to enquiries), and Art. 6 (1) (b) GDPR where the enquiry concerns (pre-)contractual matters. Personal data is transferred to the USA; Resend is certified under the EU-U.S. Data Privacy Framework, and standard contractual clauses (Art. 46 GDPR) serve as additional safeguards. Data is stored only as long as necessary to deliver and process the message. Further information: resend.com/legal/dpa

3.5 Analysis and tracking tools

Vercel Analytics

This website uses the analytics service Vercel Analytics from Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel Analytics is a privacy-friendly web analysis tool that evaluates user behavior on the website without setting cookies and without permanently storing IP addresses. Each time a page is accessed, technical usage data is collected, including pages accessed, length of visit, referrer, device type, operating system, browser type and country of access (derived from the IP address, which is subsequently discarded). The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in optimizing the website). Since no cookies are set and no IP addresses are stored, no consent is required in accordance with Section 25 TDDDG. As Vercel Inc. is based in the USA, personal data is transferred to a third country. Vercel is certified according to the EU-US Data Privacy Framework (DPF); in addition, standard contractual clauses (SCC) pursuant to Art. 46 para. 2 lit. c GDPR are used. Further information can be found in Vercel’s Privacy Policy: https://vercel.com/legal/privacy-policy

Vercel Speed Insights

This website uses the performance analysis service Vercel Speed Insights from Vercel Inc, 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel Speed Insights is a technical monitoring tool that measures the loading speed and quality of use of the website using Core Web Vitals without setting cookies and without permanently storing IP addresses. Technical performance data is recorded each time a page is accessed, including loading times (LCP, FCP, TTFB), interaction values (INP), visual stability (CLS), device type, operating system, browser type and country of access (derived from the IP address, which is subsequently discarded). Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical optimization and quality assurance of the website). Since no cookies are set and no IP addresses are stored, no consent is required in accordance with Section 25 TDDDG. As Vercel Inc. is based in the USA, personal data is transferred to a third country. Vercel is certified according to the EU-US Data Privacy Framework (DPF); in addition, standard contractual clauses (SCC) pursuant to Art. 46 para. 2 lit. c GDPR are used. Further information can be found in Vercel’s Privacy Policy: https://vercel.com/legal/privacy-policy

3.6 Third-party content

Friendly Captcha

This website uses the Friendly Captcha service to protect against bots and automated attacks. Friendly Captcha is operated by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. The service integrates invisible cryptographic puzzles into forms, such as contact, registration or login forms, to protect them from spam and misuse. A proof-of-work puzzle is solved locally on the device of the person visiting the website. Friendly Captcha states that it does not process any personal data during use. No cookies or other tracking technologies are used, and the IP address is immediately anonymized via one-way hashing. The purpose of data processing is to protect the website and its forms from automated misuse by bots and malicious software. The legal basis is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in ensuring the secure operation and integrity of the website. Friendly Captcha does not use cookies. Personal data is not transferred to third countries; all data processing takes place within the EU. Friendly Captcha does not store personal data; it is not possible to assign it to specific persons, so no specific deletion periods apply. Further information can be found in Friendly Captcha’s Privacy Policy: https://friendlycaptcha.com/legal/privacy-end-users/

3.7 Cloud backups

Vercel

I use the Vercel cloud hosting and provisioning service on my website, operated by Vercel Inc, San Francisco, California, United States. Vercel enables the hosting and automated provision of web applications as well as serverless functions and analysis services in real time. During use, Vercel processes, among other things, IP addresses, the approximate location (city and country, derived from the IP address), information on the end device used (device type, browser, operating system), the page URLs accessed (without query parameters), referrer information, host names, traffic data (page views, clicks, timestamps), UTM parameters (for Plus/Enterprise use), a daily, pseudonymized visitor hash, web performance metrics and other system-related information. Data processing is carried out for the purpose of secure and high-performance hosting, monitoring website performance and ensuring the functionality of the websites provided. The legal basis is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in the secure and efficient provision and analysis of the website. Vercel does not set any cookies that require consent, but processes the aforementioned data for the purpose of technical provision and statistical evaluation on the basis of legitimate interest. Personal data may be transferred to the USA as a third country. The EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are used as a suitable guarantee. The storage period depends on the respective processing purpose; personal data is deleted as soon as it is no longer required to achieve the respective purpose or a statutory retention period expires. Further information on data protection at Vercel can be found at: https://vercel.com/legal/privacy-policy

4. What else is important

Finally, I would like to inform you in detail about your rights and how you will be informed about changes to data protection requirements.

4.1 Your rights in detail

4.1.1 Right to information in accordance with Art. 15 GDPR

You can request information about whether your personal data is being processed. If this is the case, you can request further information on the type and manner of processing. A detailed list can be found in Art. 15 para. 1 lit. a to h GDPR.

4.1.2 Right to rectification in accordance with Art. 16 GDPR

This right includes the correction of incorrect data and the completion of incomplete personal data.

4.1.3 Right to erasure in accordance with Art. 17 GDPR

This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to request the deletion of personal data by the controller. This is generally the case if the purpose of the data processing no longer applies, if consent has been withdrawn or the initial processing took place without a legal basis. A detailed list of reasons can be found in Art. 17 para. 1 lit. a to f GDPR. This “right to be forgotten” also corresponds to the controller’s obligation under Art. 17 para. 2 GDPR to take reasonable steps to ensure that the data is generally erased.

4.1.4 Right to restriction of processing in accordance with Art. 18 GDPR

This right is subject to the conditions set out in Art. 18 para. 1 lit. a to d.

4.1.5 Right to data portability in accordance with Art. 20 GDPR

This regulates the basic right to receive your own data in a commonly used form and to transfer it to another controller. However, this only applies to data processed on the basis of consent or a contract in accordance with Art. 20 (1) (a) and (b) and insofar as this is technically feasible.

4.1.6 Right to object pursuant to Art. 21 GDPR

In principle, you can object to the processing of your personal data. This applies in particular if your interest in objecting outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

4.1.7 Right to “individual decision-making” pursuant to Art. 22 GDPR

In principle, you have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. However, this right is also restricted and supplemented by Art. 22 (2) and (4) GDPR.

4.1.8 Further rights

The GDPR contains comprehensive rights to inform third parties about whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, this only applies insofar as this is possible or feasible with reasonable effort.

I would like to take this opportunity to draw your attention once again to your right to withdraw your consent in accordance with Art. 7 (3) GDPR. However, this does not affect the lawfulness of the processing carried out up to that point.

I would also like to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are largely congruent with the rights just described.

4.1.9 Right to lodge a complaint pursuant to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes this Regulation.

5. What if the GDPR is abolished tomorrow or other changes take place?

The current status of this Privacy Policy is 2 June 2026. From time to time it is necessary to adapt the content of the Privacy Policy in order to react to actual and legal changes. I therefore reserve the right to amend this Privacy Policy at any time. I will publish the amended version in the same place and recommend that you read the Privacy Policy regularly.

Created with the kind support of Dieter macht den Datenschutz.