Legal
Privacy Policy
This privacy policy explains how personal data is processed when you visit finnthieme.de and speaker.finnthieme.de, in accordance with the EU General Data Protection Regulation (GDPR / Datenschutz-Grundverordnung).
1. Controller (Art. 4 (7) GDPR)
2. General principles
These are static websites. They use no cookies, no analytics, no tracking, and no advertising. No user accounts exist and no personal data is collected through forms on finnthieme.de. Fonts and all other assets are served from this website itself — no third-party font or CDN services are embedded.
3. Hosting and server log files
Both websites are hosted by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA (Cloudflare Pages). When you visit the websites, Cloudflare technically processes connection data — in particular your IP address, date and time of the request, requested URL, browser type, and operating system — to deliver the pages, ensure stability, and defend against attacks.
The legal basis is Art. 6 (1) (f) GDPR; the legitimate interest lies in the secure and reliable provision of the websites. Cloudflare acts as a processor; data transfers to the USA are based on the EU–US Data Privacy Framework and EU standard contractual clauses. Details: Cloudflare privacy policy.
4. Contact by email
If you contact me by email, the data you provide (your email address, name, and the content of your message) is processed solely to handle your enquiry. The legal basis is Art. 6 (1) (b) GDPR if your enquiry relates to a contract (for example a speaking engagement), otherwise Art. 6 (1) (f) GDPR. The data is deleted once the enquiry has been resolved, unless statutory retention periods apply.
5. External links
The websites link to external services such as LinkedIn. These links are plain hyperlinks — no social media plugins or embeds are used, and no data is transferred to these providers unless you click a link. After clicking, the privacy policy of the respective provider applies.
6. Your rights (Art. 15–21 GDPR)
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection to processing based on legitimate interests (Art. 21). To exercise these rights, contact the controller named above.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for the controller is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), www.ldi.nrw.de.
7. No automated decision-making
No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place. See also the imprint.