Privacy
Back to homepage

Privacy Policy

This notice explains how personal data is processed on the portfolio website of Christoph Westenberger. The site is for self-presentation; no tracking or marketing functions are used. The contact form is active (AJAX submission via send.php, server-side validation, SMTP delivery with PHPMailer).

1. Controller

Christoph Westenberger
Steidlestraße 8
86551 Aichach
E-mail: kontakt@christoph-westenberger.de

2. Hosting and server log files

The website is hosted by the external provider IONOS SE. When accessed, server-side log files are created that may automatically contain the following data: IP address of the requesting device, date and time of access, time zone difference, requested URL or file, status code, data volume transferred, referrer URL, and browser/operating system information. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in secure and stable provision and in clarifying misuse). Log files are usually deleted or anonymised after 30 days; longer retention only occurs in the event of specific security incidents.

3. Access to the website / technical provision

Processing your IP address is technically necessary to deliver the website; without it, the site cannot be provided. The legal basis is Art. 6 (1) lit. f GDPR.

4. Fonts / Google Fonts

Fonts are embedded locally via @font-face. No connection is made to Google Fonts or other third-party servers; no font-related data is transmitted to third parties.

5. Contact via e-mail and contact form

When you contact me by e-mail or via the active contact form, the following data is processed: name, e-mail address, the content of your message, and technical transmission metadata (including IP address and timestamp/server timestamp). Processing is carried out exclusively to handle and respond to your enquiry. The form is submitted via AJAX to send.php, validated on the server, and delivered by SMTP (PHPMailer, IONOS mail server) to the controller's e-mail address.

Legal bases:

  • Art. 6 (1) lit. b GDPR for pre-contractual or contract-related enquiries,
  • Art. 6 (1) lit. f GDPR for other enquiries (legitimate interest in communication and response).

There is no disclosure to third parties. Processing is carried out solely for the purpose of answering your enquiry. Data is stored only as long as necessary to process your request and is then deleted unless statutory retention obligations apply.

6. Cookies and similar technologies

No cookies or similar technologies are used for analytics, marketing, or convenience. Technically necessary cookies would only be set if indispensable for operation.

7. No tracking / no web analytics

No tools for usage analysis, reach measurement, or profiling (e.g. Google Analytics, Matomo, social media pixels) are used.

8. Legal bases for processing

  • Art. 6 (1) lit. b GDPR for communication in the context of pre-contractual or contractual enquiries,
  • Art. 6 (1) lit. f GDPR for other enquiries and for secure technical provision of the website,
  • Art. 6 (1) lit. c GDPR where legal obligations (e.g. retention) apply.

9. Recipients of personal data / processors

Data is not passed on to third parties. Technical service providers (e.g. hosting or e-mail providers), in particular the hosting provider IONOS SE, are engaged as processors under Art. 28 GDPR. No additional recipients are involved.

10. Storage period and deletion

Log files are stored as described in section 2 and then deleted or anonymised. Contact data is stored until your enquiry has been fully processed and then deleted unless statutory retention obligations prevent this.

11. Rights of data subjects

You have the following rights regarding your personal data at any time:

  • Access (Art. 15 GDPR),
  • Rectification (Art. 16 GDPR),
  • Erasure (Art. 17 GDPR),
  • Restriction of processing (Art. 18 GDPR),
  • Data portability (Art. 20 GDPR),
  • Objection to processing (Art. 21 GDPR),
  • Withdrawal of consent given (Art. 7 (3) GDPR) with effect for the future.

To exercise your rights, please contact the controller named above using the e-mail address provided.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement. An example of a competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA).

13. Obligation to provide data

There is no obligation to provide personal data merely to visit the website. However, without providing your contact details, communication and processing of your enquiry will not be possible.

14. Status and updates

This privacy policy will be updated whenever data processing or legal requirements change. Status: January 2025