Adapted and translated from https://ditze.net/datenschutzerklaerung/ because it’s a read.
Article 12 of the EU’s General Data Protection Regulation (DSGVO for short) requires that I explain to you “in a precise, transparent, comprehensible and easily accessible form [and] in clear and simple language” what is happening here on this website. Since I am not allowed to assume that you have studied computer science, law or rocket engineering for five years, I am supposed to write plain text here. I’m happy to do that.
This website is officially hosted by me as a private-person. However, I have outsourced the hosting, to a large American hosting provider (AWS). I privately have not (yet) signed a written order processing contract for this domain stevetec.de, but I have verbally assured myself internally that I will always treat my hosting data very conscientiously.
the site does not use external tracking systems like “Google Analytics” and does not collect any data about its visitors outside of the data actively transmitted by your browser (or scraper, whatever i don’t judge as long as you don’t do it too much). “Active” data includes UserAgent, URL, Cookies, all that fun stuff that sounds so wonderfully evil and scarry.
Now for contacting me: If you send me an email, you have to live with the fact that I receive data from you. I will see your email address, possibly also your IP address and if I really try hard and evaluate the X header of your email manually, I may even be able to see what the computer is called from which you wrote the message. This is not magic or hacker art, but an Internet standard. Anyone who can read it can access this data. This is technical - and has been the case for many years. If you send me your data without being asked, you may assume that I will protect your e-mail just as well or badly as all my other e-mails. If you should ever think that I should delete the e-mail you sent me without being asked, you may politely ask me to do so - but I won’t promise anything. Again, if you can’t live with that, please don’t send me an email.
Before you warn me because of possibly missing, incomplete or not sufficiently penetrated aspects of the GDPR, please consider the words of the EU Justice Commissioner Věra Jourová, who is responsible for the introduction of the regulation. In an interview with DIE ZEIT, she literally said: “It’s about common sense and proportionality [with the GDPR]. If someone writes you an e-mail and grants you permission to use their data, it is clear that they are giving you consent. Incidentally, data protection officers not only sanction, but also advise. My prediction is that the authorities will focus on the providers who can cause the most harm, those who process the most data.” (original quote in german, translated).
In addition, I also like to refer here to a statement by the German “father” of the GDPR, Jan Philipp Albrecht. He literally writes in his blog,
What will not happen, on the other hand, is that [...] the supervisory authorities and any warning lawyers will suddenly take a completely different tack towards all the small companies, sole proprietors, associations and bloggers. (original quote in german, translated) You may assume that I will report this to both actors in the event of a warning letter.
Last but not least: I see myself as part of the hacker scene and have a positive attitude towards data protection. That’s one of the reasons why I built my own page and didn’t just use a cheesy template, converted the website to TLS/SSL, no longer use Gmail and try to avoid tracking myself. I generally (try to) go by
Do not do to others what you do not want done to you. This topic is really close to my heart. However, when I see the quality of workmanship that has gone into rolling out the General Data Protection Regulation in Germany, I come to the conclusion as a politically interested private person that I don’t want to and can’t jump over every little stick that the legislator holds out to me here.