Privacy Policy

Effective date: July 22, 2025

Table of Contents

Controller

See Legal Notice (Impressum)

Email address: stuxfeed@proton.me

Overview of Processing Activities

The following overview summarizes the types of data processed, the purposes of processing, and the categories of data subjects.

Types of Data Processed

  • Inventory data
  • Contact data
  • Content data
  • Usage data
  • Meta, communication and procedural data
  • Log data

Categories of Data Subjects

  • Communication partners
  • Users

Purposes of Processing

  • Communication
  • Security measures
  • Organizational and administrative procedures
  • Feedback
  • Provision of our online services and user-friendliness
  • IT infrastructure
  • Public relations

Relevant Legal Bases

Legal bases under the GDPR: The following outlines the legal bases of the GDPR on which we process personal data. Please note that in addition to the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If specific legal bases are relevant in individual cases, we will inform you of them in the privacy policy.

  • Legitimate Interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection laws in Germany: In addition to the GDPR, national regulations, such as the Federal Data Protection Act (BDSG), apply. These include specific rules on data subject rights, the processing of special categories of personal data, and automated decision-making.

Applicability of GDPR and Swiss DPA: This privacy policy serves both as information under the Swiss Data Protection Act (DSG) and the GDPR. For consistency, GDPR terminology is used. However, definitions under the Swiss DPA remain applicable for Swiss users.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, and the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as input, disclosure, availability, and separation of data. We also have procedures in place to ensure the exercise of data subject rights, data deletion, and response to data breaches. Furthermore, we consider data protection by design and by default in the development or selection of hardware, software, and procedures.

Securing online connections via TLS/SSL encryption (HTTPS): We use TLS/SSL encryption technology to protect user data transmitted via our online services from unauthorized access. TLS (Transport Layer Security) is the successor to SSL and ensures that data transfers meet the highest security standards. Encrypted connections are indicated by the “HTTPS” in the address bar.

General Information on Data Retention and Deletion

We delete personal data in accordance with legal requirements once the consent is revoked or there are no further legal bases for processing. This includes cases where the processing purpose no longer applies, or the data is no longer needed. Exceptions may apply due to legal obligations or legitimate interests requiring longer storage.

This includes commercial and tax-related data retention or data required for legal defense or the rights of others. Where multiple retention periods apply, the longest period shall prevail.

Data retention under German law:

  • 10 years – for accounting records, annual financial statements, inventories, and related documents (§ 147 AO, § 14b UStG, § 257 HGB).
  • 8 years – for supporting documents such as invoices (§ 147 AO, § 257 HGB).
  • 6 years – for business correspondence and other tax-relevant documents (§ 147 AO, § 257 HGB).
  • 3 years – for data required for warranty or damage claims (§§ 195, 199 BGB).

Data Subject Rights

As a data subject, you have the following rights under the GDPR (Art. 15–21):

  • Right to object: You may object at any time to the processing of your data based on Art. 6(1)(e or f) GDPR, including profiling based on those provisions. If your data is processed for direct marketing, you may object at any time.
  • Right to withdraw consent: You may withdraw consent at any time with future effect.
  • Right of access: You have the right to obtain confirmation and access to your data and further related information.
  • Right to rectification: You may request correction or completion of your data.
  • Right to erasure and restriction: You may request the deletion or restriction of processing, subject to legal conditions.
  • Right to data portability: You may request your data in a structured, commonly used, and machine-readable format or have it transmitted to another controller.
  • Right to lodge a complaint: You have the right to file a complaint with a supervisory authority, particularly in your habitual residence, place of work, or place of alleged infringement.

Third-party Services and Providers

Clark as Identity Provider

We use "Clark" as an identity provider for authentication and identity management. Personal data such as email address, name, login timestamps, and IP address are processed. Processing is carried out pursuant to Art. 6(1)(b) GDPR for the performance of a contract or pre-contractual measures.

Clark may act as an independent controller or processor under Art. 28 GDPR. Data may be transferred to third countries only if adequate safeguards (e.g., EU adequacy decision or standard contractual clauses) are in place.

For more information, see Clark’s privacy policy: https://www.clark.de/datenschutz

Cookiebot (Consent Management Platform)

We use “Cookiebot” by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and document your consent for the use of cookies in a GDPR-compliant manner.

When visiting our website, your IP address (anonymized), browser type, language, date and time, and consent choice are processed. This is done under Art. 6(1)(c) GDPR as we are legally required to document your consent (Art. 7(1) GDPR).

More information: https://www.cookiebot.com/en/privacy-policy/

Stripe as Payment Processor (coming soon)

We will use “Stripe” (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) for future payment processing. Data such as name, billing address, payment details (e.g., credit card number), IP address, and transaction data will be processed.

The legal basis is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (fraud prevention). Stripe may transfer data to the USA under the EU Standard Contractual Clauses (SCCs) according to Art. 46(2)(c) GDPR.

More info: https://stripe.com/en/privacy

Provision of Online Services and Web Hosting

We process user data to provide our online services. The user's IP address is necessary for delivering content to their browser or device.

  • Data processed: Usage data (page views, duration, device type, interactions), metadata and communication data (IP addresses, timestamps, IDs), log data (e.g. login events).
  • Data subjects: Users
  • Purposes: Online services provision, IT infrastructure, and security.
  • Retention: See section "General Information on Data Retention and Deletion".
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Additional details:

  • Hosted infrastructure: We use third-party hosting for rented infrastructure; Legal basis: Art. 6(1)(f) GDPR
  • Access logs: Our servers log requests (IP, time, URL, browser, referrer, etc.) for up to 30 days to ensure stability and security (e.g. DDoS protection). Longer retention applies only if required for incident investigation; Legal basis: Art. 6(1)(f) GDPR
  • CDN: We use a content delivery network (CDN) to distribute large media files more efficiently and securely via regional servers; Legal basis: Art. 6(1)(f) GDPR

Blogs and Publishing Media

We use blogs or similar platforms to publish content and interact with users. Data is processed only for display, communication, and security purposes.

  • Data processed: Inventory, contact, content, usage, and metadata.
  • Data subjects: Users
  • Purpose: Feedback, online service provision
  • Retention: See section "General Information on Data Retention and Deletion"
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Contact and Request Management

When contacting us (e.g., via mail, form, email, phone, or social media), we process personal data to handle the request and provide necessary responses.

  • Data processed: Inventory, contact, and content data
  • Data subjects: Communication partners
  • Purpose: Communication, feedback, administration
  • Retention: See section "General Information on Data Retention and Deletion"
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Social Media Presence

We maintain presences on social networks to communicate and share information. User data may be processed outside the EU, potentially limiting user rights enforcement.

User data may also be used for advertising and profiling purposes. These platforms typically use cookies and can track users across devices.

Please refer to the privacy policies of the respective platforms for detailed information and opt-out options. For data subject rights, contact the platform provider directly.

  • Data processed: Contact, content, and usage data
  • Data subjects: Users
  • Purpose: Communication, public relations, feedback
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)

Further information:

Changes and Updates

We encourage you to check this privacy policy regularly. We will update it whenever processing changes require it. You will be informed if such changes require your cooperation (e.g., consent).

Please verify contact details of external organizations listed here, as they may change over time.

Use of Vercel Analytics

We use privacy-friendly analytics from Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). No cookies or personal tracking is used. Only aggregated, anonymized data (e.g., page views, device type, referrer) is collected.

Processing is based on Art. 6(1)(f) GDPR due to our legitimate interest in statistical analysis for website optimization. No personal data is evaluated.

More information: https://vercel.com/legal/privacy-policy

© 2025 StuxFeed. All rights reserved.