Privacy Policy | GDPR Compliant

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

Daniel Samer
Am Alefskamp 50
47198 Duisburg
Germany

Email: mail@yixn.io
Phone: +49 15225669203

Data Protection Officer:
A Data Protection Officer is not appointed pursuant to Art. 37 GDPR in conjunction with Section 38 BDSG (German Federal Data Protection Act), as the legal requirements (at least 20 persons constantly engaged in automated data processing) are not met.

This Privacy Policy tells you what personal data I collect, why I collect it, and what I do with it. Personal data is anything that can identify you.

I only collect what I need to run this website and offer my services. Everything I do follows the rules in Art. 6 GDPR.

This is my portfolio site. It's mostly informational. I'm not trying to collect your data for marketing or anything like that.

Hosting:
This website is hosted on servers of Hetzner Online GmbH:

Hetzner Online GmbH
Industriestrasse 25
91710 Gunzenhausen
Germany

Hetzner is a German hosting provider with data centers in Germany and Finland. A data processing agreement (DPA) exists with Hetzner in accordance with Art. 28 GDPR.

Server Log Files:
Each time this website is accessed, information is automatically stored in so-called server log files, which your browser automatically transmits:

- IP address (anonymized after 7 days)
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred
- Referrer URL (previously visited page)
- Browser and browser version
- Operating system

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest). The legitimate interest lies in ensuring trouble-free operation of the website and improving our services.

Retention period: Log files are automatically deleted after 14 days. IP addresses are anonymized after 7 days.

When you contact us via the contact form, the following data is collected:

- Name
- Email address
- Subject (optional)
- Your message
- IP address (for abuse prevention)
- Time of submission
- Language setting

Purpose: Processing your inquiry and contacting you.

Legal basis: Art. 6 (1) lit. b GDPR (contract initiation) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).

Retention period: Contact requests are deleted after completion of communication and expiry of any statutory retention periods (max. 3 years), unless a contractual relationship arises.

Encryption: Data transmission is TLS-encrypted in accordance with Art. 32 GDPR.

You can subscribe to my newsletter to hear about new blog posts and relevant topics.

Data collected:
- Email address
- Time of registration
- IP address (proof of consent)
- Confirmation time (double opt-in)
- Language setting

Double Opt-In:
Registration takes place via double opt-in procedure. After entering your email address, you will receive a confirmation email. Your registration only becomes effective after clicking the confirmation link.

Legal basis: Art. 6 (1) lit. a GDPR (consent).

Withdrawal: You can withdraw your consent at any time. An unsubscribe link is included in every newsletter email.

Retention period: Your data will be stored until you withdraw your consent.

Email delivery:
The newsletter is sent via our own mail server (privateemail.com/Namecheap). A data processing agreement exists with the provider.

You can register on the website to access certain features (e.g., comment function for blog posts).

Data collected during registration:
- Name
- Username
- Email address
- Password (encrypted using bcrypt)
- Time of registration
- IP address at registration

Optional profile data:
- Profile picture
- First and last name
- Theme preference (light/dark/system)
- Notification settings

Legal basis: Art. 6 (1) lit. b GDPR (contract performance) for providing the user account.

Retention period: Account data is stored as long as your account is active. After account deletion, data is removed within 30 days, unless statutory retention obligations apply.

Security: Passwords are never stored in plain text but are hashed using bcrypt. Transmission is TLS-encrypted.

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). I only use it with your explicit consent.

Consent Mode v2:
I use Google Consent Mode v2. This means: Before you consent, no analytics cookies are set and no personal data is transmitted to Google.

Data collected (with consent):
- Anonymized IP address (IP anonymization is enabled by default)
- Pages visited and time spent
- Technical information (browser, operating system, screen resolution)
- Referrer (where you came from)
- Approximate location (city level)

Legal basis: Art. 6 (1) lit. a GDPR (consent).

Withdrawal: You can withdraw your consent at any time via our cookie banner or cookie settings.

Data transfer to the USA:
Google also processes data in the USA. Transfer is based on Standard Contractual Clauses (Art. 46 (2) lit. c GDPR) and the EU-US Data Privacy Framework.

Data processing agreement: A data processing agreement exists with Google.

Opt-Out: You can also prevent collection by Google Analytics by installing the browser add-on: https://tools.google.com/dlpage/gaoptout

More information: https://policies.google.com/privacy

To protect against spam and abuse, I use Google reCAPTCHA (version 3 with version 2 fallback) from Google Ireland Limited in the contact form.

How it works:
reCAPTCHA analyzes user behavior (e.g., mouse movements, time spent) to detect automated access (bots). If automated access is suspected, a visual CAPTCHA is displayed.

Data collected:
- IP address
- Referrer URL
- Information about operating system and browser
- Screen resolution
- Mouse and keyboard inputs (only during CAPTCHA interaction)
- Date and language settings

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in protection against spam and abuse).

Data transfer: Data is transmitted to Google in the USA. Transfer is based on Standard Contractual Clauses and the EU-US Data Privacy Framework.

Note: reCAPTCHA also loads Google Fonts, whereby your IP address is transmitted to Google.

Google Privacy Policy: https://policies.google.com/privacy

This website uses cookies. Cookies are small text files stored on your device.

Technically necessary cookies (without consent):
- Session cookie (_session_id): Managing your session
- Remember-me cookie (remember_user_token): Stores your login (14 days if enabled)
- Cookie consent (cookie_consent): Stores your cookie preferences (1 year)
- CSRF token: Security token against cross-site request forgery

Legal basis for technically necessary cookies: Art. 6 (1) lit. f GDPR (legitimate interest in secure website operation).

Analytics cookies (only with consent):
- _ga, _gid, _gat: Google Analytics (see section "Google Analytics 4")

Legal basis: Art. 6 (1) lit. a GDPR (consent) according to Section 25 TTDSG (German Telecommunications-Telemedia Data Protection Act).

Cookie banner:
On your first visit, you will be asked for your consent to optional cookies via a cookie banner. You can change your settings at any time via the link in our Cookie Policy.

Browser settings: You can also manage or block cookies via your browser settings.

Detailed information can be found in our Cookie Policy.

You have the following rights regarding your personal data processed by us:

1. Right of Access (Art. 15 GDPR):
You can request information about your personal data processed by us. This includes information about processing purposes, categories of data, recipients, and planned retention period.

2. Right to Rectification (Art. 16 GDPR):
You can request correction of inaccurate or completion of incomplete personal data.

3. Right to Erasure (Art. 17 GDPR):
You can request deletion of your personal data, unless statutory retention obligations or legitimate interests apply.

4. Right to Restriction of Processing (Art. 18 GDPR):
You can request restriction of processing of your personal data if the accuracy of the data is disputed or the processing is unlawful.

5. Right to Data Portability (Art. 20 GDPR):
You can receive your personal data in a structured, commonly used, and machine-readable format.

6. Right to Object (Art. 21 GDPR):
You can object at any time, on grounds relating to your particular situation, to processing based on Art. 6 (1) lit. f GDPR (legitimate interests).

7. Right to Withdraw Consent (Art. 7 (3) GDPR):
Where processing is based on your consent, you can withdraw it at any time with effect for the future. The lawfulness of processing based on consent before its withdrawal remains unaffected.

8. Right to Lodge a Complaint (Art. 77 GDPR):
You have the right to lodge a complaint with a data protection supervisory authority.

To exercise your rights, please contact us at: mail@yixn.io

The competent supervisory authority for data protection is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestrasse 2-4
40213 Düsseldorf
Germany

Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

You have the right to contact the supervisory authority with complaints about the processing of your personal data.

I take security seriously. Here's what I do to protect your data:

Technical stuff:
- TLS/SSL encryption for everything
- Passwords hashed with bcrypt (not stored in plain text)
- Regular security updates
- Firewall and access controls
- Regular backups

How I work:
- Only I access personal data, and only when needed
- Documented security processes

That said, no system is 100% secure. If you spot anything weird, let me know right away.

In principle, your data is processed in Germany or within the EU/EEA.

Transfer to third countries (in particular the USA) only occurs:
- With your explicit consent (e.g., when using Google Analytics)
- On the basis of an adequacy decision by the EU Commission (EU-US Data Privacy Framework)
- On the basis of Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR

Affected services:
- Google Analytics (USA) - only with consent
- Google reCAPTCHA (USA) - in contact form

I store your personal data only as long as necessary for the respective purpose or as required by statutory retention periods.

Specific periods:
- Server log files: 14 days (IP anonymization after 7 days)
- Contact requests: 3 years after completion of communication
- Newsletter data: Until withdrawal of consent
- User accounts: Until deletion by user + 30 days
- Cookie consents: 1 year

Statutory retention periods (German Commercial Code, Fiscal Code):
- Business letters and invoices: 10 years
- Accounting records: 10 years

After expiry of the periods, data is deleted or anonymized.

This Privacy Policy may be updated from time to time to reflect changes in my data processing practices or legal requirements.

The date of the last update can be found at the top of this page. For significant changes, I may inform you separately.

I recommend reviewing this Privacy Policy from time to time.

For questions about the processing of your personal data or to exercise your data subject rights, please contact:

Daniel Samer
Am Alefskamp 50
47198 Duisburg
Germany

Email: mail@yixn.io
Phone: +49 15225669203

I'll respond to your request as soon as possible, but no later than one month in accordance with Art. 12 (3) GDPR.