Privacy
Back to homepage

Privacy Policy

The following information informs you about how personal data is processed on this private portfolio website of Christoph Westenberger. The site is used for self-presentation and does not use tracking or marketing functions.

1. Controller

Christoph Westenberger
Steidlestraße 8
86551 Aichach
E-mail: kontakt@christoph-westenberger.de

2. Hosting and server log files

The website is hosted privately (self-hosted without external hosting providers). When the site is accessed, server-side log files are created which may automatically contain the following data:

  • IP address of the requesting device,
  • date and time of access, time difference to GMT,
  • requested URL or file, status code and amount of data transferred,
  • referrer URL (previously visited page) as well as browser and operating system information.

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of the legitimate interest in secure and stable provision of the website and in clarifying misuse or fraud. Log files are usually deleted or anonymised after 30 days; longer retention is only necessary in the event of specific security incidents.

3. Access to the website / technical provision

Even when you simply access the site, data must be exchanged between your browser and the server for technical reasons. This includes, in particular, your IP address, without which the content cannot be delivered. This processing is absolutely necessary for the operation of the website (Art. 6 (1) lit. f GDPR).

4. Fonts / Google Fonts

The fonts used are embedded locally via @font-face. No connection is established to servers of Google Fonts or other third parties. Consequently, no font-related data (such as your IP address) is transmitted to third parties when the site is accessed.

5. Contact via e-mail and via the contact form

If you contact me by e-mail or, in the future, via a contact form, the data you provide (e.g. name, e-mail address, message, voluntary additional information) will be processed in order to respond to your enquiry. The form is currently only a design placeholder; for productive use, the same principles apply.

The legal basis depends on the content:

  • Art. 6 (1) lit. b GDPR if the enquiry is aimed at concluding or performing a contract.
  • Art. 6 (1) lit. f GDPR for other enquiries (legitimate interest in communication and responding).

The data will only be stored for as long as is necessary to process your enquiry and will then be deleted, provided that no statutory retention obligations conflict with this.

6. Cookies and similar technologies

No cookies or similar technologies are currently set on this website for analytics, marketing or comfort purposes. Technically necessary cookies are only used if they are indispensable for operation; information on this would be updated here.

7. No tracking / no web analytics

No tools for usage analysis, reach measurement or profiling (e.g. Google Analytics, Matomo, social media pixels) are used.

8. Legal bases for processing

  • Art. 6 (1) lit. a GDPR, if express consent is obtained in the future.
  • Art. 6 (1) lit. b GDPR for communication regarding pre-contractual or contractual purposes.
  • Art. 6 (1) lit. c GDPR, where legal obligations (e.g. retention obligations) exist.
  • Art. 6 (1) lit. f GDPR for technical provision processes, security and general communication.

9. Recipients of personal data / processors

Personal data is generally not passed on to third parties. Technical service providers, in particular a hosting provider, would act as processors in accordance with Art. 28 GDPR. Data processing agreements would be concluded with such service providers. Other recipients (e.g. IT maintenance) are only involved if this is necessary for contract fulfilment or required by law.

10. Storage period and deletion

Personal data is only stored for as long as is necessary for the respective purposes or as required by statutory retention periods. After the purpose has ceased or the periods have expired, the data will be deleted or anonymised. Specific deletion periods result from the processing situations described above.

11. Rights of data subjects

You have the following rights at any time with regard to your personal data:

  • Right of access according to Art. 15 GDPR,
  • Right to rectification according to Art. 16 GDPR,
  • Right to erasure according to Art. 17 GDPR,
  • Right to restriction of processing according to Art. 18 GDPR,
  • Right to data portability according to Art. 20 GDPR,
  • Right to object to processing according to Art. 21 GDPR,
  • Right to withdraw consent given according to Art. 7 (3) GDPR with effect for the future.

To exercise your rights, please contact the controller named above using the e-mail address provided.

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement. An example of a competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA).

13. Obligation to provide data

You are not obliged to provide personal data merely for visiting the website. However, without providing your contact details, communication and processing of your enquiry will not be possible.

14. Status and updates

This privacy policy will be updated as necessary if data processing or legal requirements change. Status: November 2025