Privacy Policy
Last updated: June 2026
1. Data Controller
The data controller within the meaning of the General Data Protection Regulation (GDPR) is:
Sebastian Taatz Consulting UG (haftungsbeschränkt)
Raiffeisenstraße 2
97209 Veitshöchheim
Germany
2. Overview of Data Processing
The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects.
Types of data processed:
- Usage data (e.g., pages visited, access times)
- Meta/communication data (e.g., IP address, browser type)
- Content data (e.g., information in contact requests)
- Contact data (e.g., email address when contacting us)
Categories of data subjects:
- Users (e.g., website visitors)
3. Legal Basis
The processing of personal data is based on the following legal grounds:
- Contract fulfillment / pre-contractual measures (Art. 6(1)(b) GDPR)
- Legitimate interests (Art. 6(1)(f) GDPR), particularly in the secure, stable, and user-friendly provision of the website
4. Security Measures
We implement appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk.
These include measures to ensure the confidentiality, integrity, and availability of data, as well as protection against unauthorized access.
The entire website is transmitted encrypted using SSL/TLS technology (HTTPS).
5. Website Hosting
This website is hosted and delivered through Netlify, Inc. as hosting and CDN provider.
- Delivery: via Netlify's global CDN
- Data transfers to third countries may occur as part of the Netlify services; Netlify refers to appropriate transfer mechanisms such as Standard Contractual Clauses.
Data collected when accessing the website (server log files)
- IP address or shortened/anonymized IP address, where provided by the Netlify configuration
- Date and time of access
- Name and URL of the accessed file
- Referrer URL
- Browser type and operating system
- Name of the access provider
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision, security, and stability of the website)
7. External Services
Web analytics, marketing, and session replay services
This website uses Netlify Web Analytics for server-side, aggregated reach measurement based on CDN/server log data. In addition, Simple Analytics is used for cookieless, anonymous reach measurement without a consent prompt according to the provider's position. Marketing, advertising, retargeting, and session replay services are not used.
Data currently processed:
- Netlify Web Analytics: aggregated evaluations from CDN/server log data, especially pageviews, top pages, referrers or traffic sources, approximate locations, status codes, 404 resources, bandwidth, and unique visitors based on different IP addresses per period
- Simple Analytics: visited pages or paths, referrer, timestamp, browser/device information, approximate location information, and automatically collected events such as outbound links, downloads, and email links; does not set its own analytics cookies, no IP storage, no fingerprinting, and no user, browser, or device IDs
- Providers: Netlify, Inc. and Simple Analytics B.V.
- Server location: processing may take place within and outside the EU as part of the providers' infrastructure; the providers refer to appropriate safeguards such as Standard Contractual Clauses.
- Legal basis: For Netlify Web Analytics and Simple Analytics, Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly reach measurement, website improvement, and technical operation)
Netlify Web Analytics is a server-side Netlify evaluation based on CDN/server log data and cannot be controlled client-side per visitor. Activation and detailed views are managed in the Netlify dashboard. Simple Analytics does not set its own analytics cookies, is loaded without opt-in, respects an enabled Do Not Track signal, and is embedded without full event URLs or custom metadata.
Fonts
This website uses native system fonts from the visitor's device.
No external font provider is contacted and no font files are loaded from this website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a consistent presentation of the online offering)
Services not used
This website does not use:
- Session replay services
- Social media pixels
- Newsletter or email marketing services on this website
- Advertising or retargeting services
8. Contact
When contacting us (e.g., by email), the following data is processed:
- Email address
- Message content
- any additional information you voluntarily provide
Purpose: Processing of the inquiry
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR
Storage duration: until the inquiry is fully processed and in accordance with statutory retention periods
9. Data Retention
Unless a more specific storage duration is stated in this privacy policy, we only process and store personal data for as long as necessary to achieve the respective purposes or as required by statutory retention periods.
10. Obligation to Provide Data
The provision of personal data is neither legally nor contractually required.
However, without the provision of certain data (e.g., email address when contacting us), requests cannot be processed.
11. Automated Decision-Making
Automated decision-making, including profiling pursuant to Art. 22 GDPR, does not take place.
12. Your Rights
Data subjects have the following rights in particular:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Revocation of given consents
- Complaint to a supervisory authority
13. Supervisory Authority
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Germany
14. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy to comply with legal or technical changes. The current version is always available on this website.
Questions about data protection?
If you have any questions about the processing of personal data or wish to exercise your rights, please contact:
privacy@sebastiantaatz.de