Privacy Policy
Last updated: October 29, 2025
1. Introduction
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and its contact forms. We are committed to protecting your privacy and complying with applicable data protection laws, including:
- GDPR (General Data Protection Regulation) - European Union
- CCPA (California Consumer Privacy Act) - United States
- Law 18.331 - Uruguay Data Protection Law
2. Data Controller
The data controller responsible for your personal information is:
Maximilian Alberth
Email: malbe17@web.de
3. What Data We Collect
3.1 Contact Forms (Message & Contact Info)
When you submit a contact form, we collect:
- Name: To address you in our response
- Email Address: To respond to your inquiry
- Message Content: Your question, comment, or inquiry
- Subject: (Optional) Topic of your message
- Timestamp: When you submitted the form
Legal Basis: Legitimate interest (responding to inquiries) and consent (by submitting the form)
3.2 Blog Subscription
When you subscribe to blog updates, we collect:
- Email Address: To send you notifications about new blog posts
- Subscription Date: When you signed up
Legal Basis: Consent (by subscribing to the newsletter)
3.3 Blog Comments
When you comment on a blog post, we collect:
- Name: To display with your comment
- Comment Text: Your comment content
- Timestamp: When you submitted the comment
Note: We do NOT collect your email address for blog comments. Comments are stored in our Strapi CMS database and are subject to moderation.
Legal Basis: Legitimate interest (enabling public discussion) and consent (by submitting the comment)
3.4 Blog Post Likes
When you like a blog post, we store:
- Like count: Anonymous count of likes per post
- Post ID: Which post was liked
Note: Likes are anonymous and not linked to any personal information.
3.5 Cookies and Technical Data
This website uses minimal cookies for functionality:
- Language Preference: To remember your selected language (EN/DE/ES)
- Blog Filter Preferences: To remember your selected blog category
We do not use tracking cookies or analytics that collect personal information.
4. How We Use Your Data
4.1 Contact Form Submissions
- To respond to your inquiries, questions, or messages
- To provide information you requested
- To maintain records of our correspondence
4.2 Blog Subscriptions
- To send you notifications when new blog posts are published
- To send updates about blog content in categories you're interested in
- We will never sell, rent, or share your email address with third parties
4.3 Blog Comments
- To display your comment publicly on the blog post
- To foster discussion and community engagement
- To moderate comments for inappropriate content
- Comments are publicly visible to all website visitors
5. Third-Party Services
5.1 Formspree (Form Processing)
We use Formspree to process contact form submissions. Formspree is a GDPR-compliant third-party service that:
- Receives form submissions securely via HTTPS encryption
- Stores submissions temporarily on their servers
- Forwards submissions to our email
- Complies with GDPR, CCPA, and international privacy standards
Formspree's privacy policy: https://formspree.io/legal/privacy-policy
5.2 Strapi CMS (Content Management & Blog Comments)
We use Strapi as our content management system for:
- Website content (blog posts, publications, CV information, etc.)
- Blog comments: When you submit a comment on a blog post, Strapi stores your name and comment text
- Blog post likes: Anonymous like counts for blog posts
Strapi is self-hosted on our servers. All comment data is stored securely and only accessible to the website administrator for moderation purposes. Your email address is NOT stored with blog comments - only your name and the comment text you provide.
6. Data Retention
6.1 Contact Form Submissions
Retention Period: Maximum 30 days
- Contact form submissions are retained for up to 30 days to allow us time to respond to your inquiry
- After 30 days, submissions are manually deleted from the Formspree dashboard
- If your inquiry requires longer correspondence, we may retain your information in our email system only for the duration necessary to complete our communication
- You can request immediate deletion at any time (see "Your Rights" below)
6.2 Blog Subscriptions
Retention Period: Duration of subscription
- Your email address is stored for the duration of your subscription
- You can unsubscribe at any time using the "Unsubscribe" link in any blog notification email
- Upon unsubscription, your email address is automatically deleted from our mailing list
- No blog subscription data is retained after unsubscription
6.3 Blog Comments
Retention Period: Indefinite (unless deletion requested)
- Blog comments are stored indefinitely to maintain the historical discussion on blog posts
- You can request deletion of your comment at any time (see "Your Rights" below)
- Upon deletion request, your comment will be removed within 7 days
- If you request deletion, we will either remove the comment entirely or replace it with "[Comment removed by user request]" to maintain thread continuity
6.4 Blog Post Likes
Retention Period: Indefinite
- Like counts are anonymous statistics and are retained indefinitely
- No personal data is associated with likes
6.5 Language & Preference Cookies
Retention Period: Until you clear browser cookies
- Language preference cookies remain in your browser until you manually clear them
- These cookies contain no personal information (only "en", "de", or "es")
7. Data Security
We take appropriate security measures to protect your personal information:
- Encryption in Transit: All form submissions and comments use HTTPS/TLS encryption
- Secure Storage: Data stored by Formspree is encrypted and secured on their servers; Strapi data is stored on our secure self-hosted servers
- Limited Access: Only authorized personnel can access form submissions and moderate comments
- Regular Deletion: We manually delete old form submissions every 30 days
- Comment Moderation: All blog comments are subject to moderation before public display to prevent spam and inappropriate content
- No Public Access to Personal Data: Form submissions are never publicly displayed; only comment names and text are public
8. Your Rights
Under GDPR, CCPA, and Uruguay Law 18.331, you have the following rights:
8.1 Right to Access
You can request a copy of the personal data we hold about you. We will provide this information within 7 days of your request.
8.2 Right to Rectification
If any information we hold about you is inaccurate or incomplete, you can request that we correct it.
8.3 Right to Deletion ("Right to be Forgotten")
You can request immediate deletion of your personal data at any time. We will delete your information within 7 days of your request.
8.4 Right to Unsubscribe
You can unsubscribe from blog notifications at any time by:
- Clicking the "Unsubscribe" link in any blog notification email (instant removal)
- Contacting us directly at malbe17@web.de
8.5 Right to Data Portability
You can request a copy of your data in a machine-readable format (JSON or CSV).
8.6 Right to Object
You can object to our processing of your personal data at any time.
8.7 Right to Withdraw Consent
If you previously gave consent (e.g., for blog subscription), you can withdraw it at any time.
9. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us:
- Email: malbe17@web.de
- Subject Line: "Privacy Request - [Your Request Type]"
- Include: Your name and email address used on the website
We will respond to all requests within 7 days.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence:
- Formspree: Uses Amazon Web Services (AWS) with data centers in the US and EU
- Blog Subscriptions: Managed from the US
All international transfers comply with GDPR adequacy requirements and use appropriate safeguards (Standard Contractual Clauses).
11. Children's Privacy
This website is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided personal information, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated to blog subscribers via email.
13. Contact & Complaints
13.1 Contact Us
For any privacy-related questions, concerns, or requests:
- Email: malbe17@web.de
- Response Time: Within 7 days
13.2 File a Complaint
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:
πͺπΊ European Union (Germany)
German Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Website: www.bfdi.bund.de
Email: poststelle@bfdi.bund.de
πΊπΈ United States (California)
California Attorney General's Office
Website: oag.ca.gov/privacy
Privacy Enforcement: privacyenforcement@doj.ca.gov
πΊπΎ Uruguay
Unidad Reguladora y de Control de Datos Personales (URCDP)
Website: www.gub.uy/urcdp
Email: urcdp@agesic.gub.uy
14. Summary of Key Points
- β Contact forms: Data deleted after 30 days maximum
- β Blog subscriptions: Email stored until you unsubscribe, then automatically deleted
- β Blog comments: Name and comment stored indefinitely; can request deletion anytime
- β Blog likes: Anonymous statistics, no personal data
- β Your rights: Access, deletion, correction within 7 days
- β No tracking: We don't use analytics or tracking cookies
- β No sharing: Your data is never sold or shared with third parties
- β GDPR compliant: Full compliance with EU, US, and Uruguay privacy laws
- β Secure: HTTPS encryption, secure storage, limited access, comment moderation
This privacy policy is effective as of October 29, 2025. If you have any questions about how we handle your personal information, please don't hesitate to contact us at malbe17@web.de.