Privacy Policy
Stand: 26.12.2025
PREAMBLE
I am pleased about your interest in my website and my activities.
The protection of personal data is not only a legal obligation for me but an integral part of my professional attitude. As a lawyer and computer scientist, I do not view data protection as a formal appendage but as a concrete technical and organizational task.
This website was therefore deliberately designed to avoid personal data as much as possible. Where processing is technically unavoidable, it is purpose-bound, minimized, and legally compliant.
FUNDAMENTALS
A use of this website is basically possible without providing personal data.
If individual functions or contact options are used, processing of personal data may become necessary. In these cases, processing is carried out exclusively on a legal basis or – if required – on the basis of explicit consent.
As the controller, I have implemented extensive technical and organizational measures (TOM) to ensure the highest possible protection of the processed data. This includes, in particular, that this website does not load external resources from third-party providers and does not use any tracking or analysis tools.
Regardless of this, I point out that internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed. You are therefore free to transmit personal data by alternative means (e.g., by telephone or email).
TECHNICAL DATA PROTECTION DECISIONS (TRANSPARENCY)
In order not only to explain data protection but to implement it practically, I have taken the following measures, among others:
No use of Google Fonts via external servers
All fonts (including Lato, Roboto, Roboto Slab) are delivered locally from the own server. No connection to Google servers takes place. A transmission of IP addresses to Google is technically excluded.No external Content Delivery Networks (CDNs)
Bootstrap, Font Awesome, Highlight.js, and other libraries are operated entirely locally.No tracking, no analytics, no profiling
Neither Google Analytics nor comparable services are used.No cookies for marketing or analysis purposes
This website does not use cookies that require consent.
These deliberate architectural decisions serve the goal of not “shifting” data protection through consent banners but ensuring it systemically.
DEFINITIONS
The following terms are used in the sense of the General Data Protection Regulation (GDPR).
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). |
| Data Subject | Any identified or identifiable natural person whose personal data is processed. |
| Processing | Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, or erasure (Art. 4 No. 2 GDPR). |
| Controller | The person who determines the purposes and means of the processing (Art. 4 No. 7 GDPR). |
| Restriction of Processing | The marking of stored personal data with the aim of limiting their future processing. |
| Profiling | Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. |
| Pseudonymization | The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. |
| Processor | A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. |
| Recipient | A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. |
| Third Party | A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. |
| Consent | Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. |
COOKIES
MY COOKIES
The easiest way to determine which cookies a website actually sets is to use technical analysis tools such as Webbkoll (https://webbkoll.dataskydd.net/de/).
Or, for those who are a little more tech-savvy, simply inspect the website = in Google Chrome, for example, click on “Inspect” and then on “Cookies” in the inspector.
This website has been deliberately designed so that no cookies requiring consent are used. In particular, no cookies are used for analysis, tracking, marketing or profiling purposes.
COOKIES NOT REQUIRING CONSENT
The following legal information is based primarily on Carlo Piltz / Jasmin Kühner, ZD 2021, 123 (beck-online).
According to Art. 5(3) sentence 2 var. 2 of the ePrivacy Directive, consent is not required for cookies if they are strictly necessary for the provider of a service expressly requested by the user to provide that service.
In order to fall under this exception, two conditions must be cumulatively fulfilled:
- The service must be expressly requested by the user
- The cookie must be strictly necessary for the provision of this service
The ePrivacy Directive does not provide a definitive definition of these conditions. Authoritative guidance on interpretation can be found in particular in Opinion 04/2012 of the Article 29 Data Protection Working Party on the exemption of cookies from the consent requirement.
EXPRESSLY REQUESTED
A service is considered to be expressly requested if the user actively requests a clearly defined range of functions. For this purpose, it is sufficient that a specific function is actually used (e.g. clicking on a shopping basket or login function).
The Article 29 Data Protection Working Party also considers registration for a service to be an explicit request. The authentication cookies used in this process are regarded as an integral part of the requested service, as meaningful use would not be possible without them.
In addition, the Article 29 Data Protection Working Party also recognises that, in the case of certain multimedia offerings, simply visiting a website can be considered an explicit request if text and multimedia content are inextricably linked. In such cases, corresponding session cookies can be classified as strictly necessary without any further positive action being required on the part of the user.
NECESSARY FOR THE PROVISION OF THE SERVICE
A cookie is only strictly necessary if the service or requested function would not work or would not work properly without it.
The storage period must also be taken into account here. As a rule, these are so-called session cookies, which lose their necessity when the browser is closed. However, under certain circumstances, persistent cookies may also be necessary, for example if this meets the legitimate expectations of an average user (e.g. shopping basket functions or deliberately selected “stay logged in” options).
SPECIFIC IMPLEMENTATION ON THIS WEBSITE
There are currently no functions on this website that would require the use of technically necessary cookies. In particular, there is:
- no login area
- no shopping basket or order functions
- no tracking
- no analysis or marketing cookies
Therefore, no cookies are currently set, neither those that do not require consent nor those that do.
COOKIES REQUIRING CONSENT
Cookies requiring consent within the meaning of Art. 5 (3) of the ePrivacy Directive are not used. A cookie banner is therefore not required.
Should this change in the future, consent will of course be obtained before such cookies are used.
CONCRETE DATA PROTECTION INFORMATION
CONTROLLER
Jens Henneberg
Holunderwinkel 1a
29339 Wathlingen
Germany
Email: jens@it-henneberg.com, jens.henneberg@ki-codex.ai
YOUR RIGHTS AS A DATA SUBJECT
You have the right at any time to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Objection (Art. 21 GDPR)
- Data portability (Art. 20 GDPR)
If processing is based on your consent, you can withdraw it at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority. A list of the competent authorities can be found at:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
SERVER LOG FILES
When you visit this website, technically necessary data is processed in so-called server log files by the hosting provider (e.g., IP address, date and time of access, requested resource).
The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR (legitimate interest in the technical provision and security of the website).
The log files are deleted or anonymized after 14 days at the latest.
CONTACTING ME
If you contact me by email or via a contact form, your details will be processed to handle the request.
Legal bases:
- Art. 6 Para. 1 lit. f GDPR (general inquiries)
- Art. 6 Para. 1 lit. b GDPR (pre-contractual measures)
The data will be deleted no later than 6 months after completion of the request, unless statutory retention obligations exist.
NEWSLETTER / COMMENTS
A newsletter or a comment function is currently not offered. Corresponding passages from previous versions are irrelevant.
THIRD COUNTRY TRANSFER
A transfer of personal data to third countries does not take place.
SSL ENCRYPTION
This website uses TLS/SSL encryption (HTTPS) to protect your data during transmission.
AUTOMATED DECISIONS / PROFILING
Automated decision-making or profiling does not take place.
CHANGES TO THIS PRIVACY POLICY
I reserve the right to adjust this privacy policy to adapt it to changed legal requirements or technical changes. The current version applies in each case.
Status: 2025-12-26