Legal: Imprint & Privacy Policy

Abstract

For legal reasons (GDPR) I am required to make a Privacy Policy and link it from every page. Per german law, I am also required to make an Imprint (Impressum). This document acts as both.

Imprint (in accordance with §5 TMG)

    Tom Wiesing
    Thomas (dash) Mann (dash) Str (dot) (space) Sixty-Four
    two eight two one three Bremen
    Germany
    Phone (colon) Zero Zero Four Nine (space) Four Two One (space) Two Two Three Four Nine Seven Four
    E (dash) Mail (colon) legal (at) tkw01536 (dot) de

Privacy Policy

Within this document, you (and your) refers to the data subject (in the sense of GDPR).

I (as well as me and my) refers to:

    Tom Wiesing
    Thomas (dash) Mann (dash) Str (dot) (space) Sixty-Four
    two eight two one three Bremen
    Germany
    Phone (colon) Zero Zero Four Nine (space) Four Two One (space) Two Two Three Four Nine Seven Four
    E (dash) Mail (colon) legal (at) tkw01536 (dot) de

Please only contact me at this address (digitally or physically) when it is legally required. See my homepage for other means of getting in touch with me.

This document defines how I handle personal data relating to you. This section of the document applies to all websites. Additional site-specific terms are found at the bottom of this document.

Within the scope of GDPR I act as a data controller. You can also consider me as the Data Protection Officer for my websites.

Except where explicitly mentioned otherwise, I am running my pages for personal, non-commercial reasons only. In particular, I don’t make any money from running them.

I process two kinds of data relating to you:

  1. I will process data about you that is required for my website(s) to function
  2. I will process anonymized data about you for statistical purposes about my websites.

You can read more details about both categories below.

Required Data For my Website(s) to Function

When you use my website, your browser must establish a connection with the server. When it does, it is required to transmit the following information:

Your browser might transmit additional information, including but not limited to:

Except where absolutely required, my server does not directly process this information. In some cases, as outlined in the next section, my server might store an anonymized version for statistical purposes. Otherwise, all information is destroyed as soon as it is no longer needed.

I do not have any control over the extra information your browser submits. If you do not wish to transmit this extra information please configure your browser appropriately.

None of the categories in this section allow me to identify you without additional information. By the time you could provide me with additional information that would allow me to identify you, any non-anonymized data about you would already be deleted. Therefore as per GDPR Article 11, Paragraph 2, Articles 15 - 20 of GDPR do not apply to data collected in this category.

Furthermore, when you decide to opt-out of statistical data collection (see section below) I store the information that you opted out inside your browser using a system called Local Storage. I need to process this information so that I know you have opted out of collecting data.

In addition to this data I might process additional data on a site-specific basis. Site-specific terms can be found at the bottom of this page.

Anonymized data for statistical purposes

For statistical purposes, I may collect the following data:

The basis for this processing is GDPR Art. 6 1(f) which says:

1. Processing shall be lawful only if and to the extent that at least one of the following applies:

[…]

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller […], except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject […].

I am collecting this data to gain insight into how my website(s) are used, so that I can optimize them accordingly. All categories are collected independently, and no creation of unique user profiles takes place. No cookie(s) are set for collecting this data. I do not believe I am violating your fundamental rights or freedoms.

I am using a software called Ackee to collect this data. If you wish to learn the details of how this collection works, you can inspect the source code of the software by clicking the link above.

Furthermore, if you wish to opt-out of the statistical data collection, you can click the Opt-out of Stats link on every page. I store the fact that you have opted out using a system called Local Storage. When I detect that your browser does not support Local Storage (meaning you would not have the option to opt-out), I turn off statistics collection and you will not see an Opt-out link. Once you reload the page after clicking this link, you will no longer be included for the statistics for this page. However, this has two caveats:

I am using Local Storage, as opposed to (cross-domain) cookies, because Browsers frequently block cross-domain cookies as they believe those are used only for tracking users. Advanced users that wish to opt-out globally may do so by preventing the https://track.everyone.wtf/tracker.js script from loading using a content blocker such as uBlock.

Some of my websites use cookies for essential purposes to allow persistent user sessions. Wikipedia says that

A […] cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.

I will use cookies only where necessary. In particular as described above cookies are not used for tracking purposes. Unless mentioned otherwise, I do not have direct access to those cookie(s), because they are stored on your machine and not on my server.

Not all my sites use cookies. In principle only sites not intended for the general public (such as those that require a login) use cookies. However there are some exceptions. If a site uses cookies, the link to this document will contain the text This site makes use of cookies for essential features.

Your Rights as a Website User

The majority of data I collect is fully anonymous. For instance, I might store that someone visited my website using an Android device. I do not know who this person is, or any other information about them.

GDPR subject rights (for the most part) do not apply to this anonymous information. GDPR Recital 26 states “the principles of data protection should [...] not apply to anonymous information”.

You, as the website user, are nonetheless awarded the following rights under GDPR.

Right of Access (Art. 15 of the GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; where this is the case, you have a right of access to this personal data and to the information specified in Article 15 of the GDPR.

As described above, I process anonymous data for statistical purposes. With the exception of site-specific terms below, I am not able to reconstruct which data comes from which data subject. Hence I can not provide you with a copy of that data.

Right to Rectification and Right to Erasure (Art. 16 and 17 of the GDPR):

You have the right to immediately request the rectification of incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.

You also have the right to request that personal data concerning you be erased immediately if one of the reasons listed in Art. 17 of the GDPR applies in detail, e.g. if the data is no longer required for the purposes for which it was collected.

Right to Restriction of Processing (Art. 18 of the GDPR):

You have the right to request a restriction of processing for the duration of a review if any of the conditions specified in Art. 18 of the GDPR have been met, e.g. if you have lodged an objection to the processing.

Right to Data Portability (Art. 20 of the GDPR):

In certain cases (which are outlined in detail in Article 20 of the GDPR), you have the right to obtain from us your personal data in a structured, standard, machine-readable format or to request the transfer of such data to a third party.

As data collected is anonymous, I can not give you a copy of your information. Additionally, the site-specific terms below might apply.

Right to Object (Art. 21 of the GDPR):

If data is collected on the basis of Art. 6(1)(f) of the GDPR (data processing on the grounds of legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. If you make such an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

You can opt-out of the statistics collection at any time by clicking the Opt-Out of Stats link. See the section above for more details. Additional ways to exercise your objection might be described in the site-specific terms.

Right to Lodge a Complaint with a Supervisory Authority:

In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations. This right to lodge a complaint may particularly be exercised before a supervisory authority in the EU member state where you reside, work, or where you suspect that your rights have been infringed.

Site-specific Terms

‘t.hw.is’

In order for the t.hw.is website to function, I store and process the following information:

This information is linked with a unique user id. I store this information separately from all other data collected on my website(s). In particular, I do not link this user id with any data collected when visiting any of my other websites. You can delete this data at any time by clicking the Start over link at the bottom of the page. In this case you will be assigned a new unique user id and your points will be reset.

‘k.hw.is’

The k.hw.is in principle only collects the same information as listed above.

Additionally, I offer certain specific users the possibility to upload their own SSH Keys and make them available publically. The following only applies to these users.

When you decide to upload a key I need to temporarily store any key(s) you upload in server memory and process them to make them available to others. These keys are only stored as long as you permit it. You can either delete them by clicking the Stop button, or by navigating away from the page. Keys are never retained in any log files.