Privacy
Information pursuant to Art. 13 GDPR
Controller
Pixzl
Walid D. Rieken
Marienstraße 9
48683 Ahaus, Germany
Email: [email protected]
Phone: +49 (0) 152 598 383 11
Server log files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser transmits to us automatically. The following are recorded: browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not merged with other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in error-free presentation and optimisation). The storage period follows the requirements of the hosting provider (see the "Hosting" section).
Hosting
This website is hosted with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The origin server is located in a German data centre. In front of the origin sits the Cloudflare CDN described in the next section as a reverse proxy. That means: pages are delivered to your browser via Cloudflare's edge network, while processing on the origin server takes place exclusively in Germany.
We have concluded a data processing agreement with Hetzner pursuant to Art. 28 GDPR. Legal basis: Art. 6(1)(f) GDPR. Provider's privacy policy: hetzner.com/de/rechtliches/datenschutz.
Cloudflare (CDN, DNS, and reverse proxy)
The domain drieken.com is operated through Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare acts as DNS provider, CDN, and reverse proxy: every request to the website is first routed to Cloudflare's global edge network, processed there, and only then forwarded to the origin server at Hetzner. Cloudflare processes your IP address, technical browser information, request timestamp, and the requested resources.
Cloudflare uses a technically necessary cookie called __cf_bm (Cloudflare Bot Management) for bot detection and abuse prevention. This cookie has a lifetime of approximately 30 minutes, serves security purposes only, and contains no personally identifiable data for advertising.
Where activated, Cloudflare may additionally use automatic email obfuscation. Visible mailto: addresses on the page are then protected client-side by a small script loaded from Cloudflare. This script is loaded only when the page is opened, from the Cloudflare CDN, and does not transmit any personal data about you as a visitor beyond what is already described above.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure, performant, and reliable delivery of the website) and § 25(2) no. 2 TDDDG for the technically necessary security cookie. We have concluded a data processing agreement with Cloudflare under Art. 28 GDPR. As Cloudflare is based in the USA, personal data may be transferred to the USA. Cloudflare is certified under the EU-US Data Privacy Framework; additionally, Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place. Cloudflare privacy policy: cloudflare.com/en-gb/privacypolicy.
SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the browser's address bar switches from "http://" to "https://" and by the lock symbol in your browser bar.
Newsletter (Brevo)
If you would like to subscribe to the newsletter offered on this website, we require your first and last name as well as your email address. Subscription works on a double opt-in basis: after submitting your details, you receive a confirmation email through which you must actively confirm your subscription. Only then are you added to the distribution list.
To protect against automated submissions, the form contains a "honeypot" field invisible to humans. If this invisible field is filled in, the server silently rejects the submission. Because the field stays empty unless a bot fills it, no personal data is collected or stored through it. In addition, the number of sign-up attempts per connection and per email address is limited (rate limiting) to prevent misuse of the form.
Sending and management are handled by Sendinblue GmbH (Brevo), Köpenicker Str. 126, 10179 Berlin, Germany. Brevo stores the data on servers in Germany and France. Statistical evaluation (open and click rates) is technically possible; we use it to improve the newsletter. We have concluded a data processing agreement with Brevo under Art. 28 GDPR.
Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw this consent at any time via the unsubscribe link in any newsletter message or by emailing [email protected]. Confirmed email addresses are stored until you unsubscribe from the list. Brevo privacy policy: brevo.com/legal/privacypolicy.
Cloudflare Turnstile
To protect the newsletter form from automated abuse, we use Cloudflare Turnstile, a CAPTCHA service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When the homepage is loaded, the Turnstile script is fetched from challenges.cloudflare.com. For bot detection, Cloudflare processes your IP address and technical browser information (user agent, language settings, screen size, time zone, mouse and keyboard interaction events). Turnstile is designed not to set classic tracking cookies. We run Turnstile in managed mode: the widget is visible next to the newsletter form and Cloudflare decides, based on traffic risk, whether additional interaction is required.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting our newsletter form from spam and bot submissions). As Cloudflare is based in the USA, personal data may be transferred to the USA. Cloudflare is certified under the EU-US Data Privacy Framework; additionally, Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place. The relevant policies are Cloudflare's privacy policy and the supplementary Turnstile privacy addendum: cloudflare.com/en-gb/privacypolicy, cloudflare.com/en-gb/turnstile-privacy-policy.
GitHub activity display
The homepage shows an activity grid of the public GitHub contributions of the profile github.com/drieken. The data is fetched exclusively server-side from github.com and cached hourly. There is no connection from your browser to GitHub; no visitor data is transmitted to GitHub.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in displaying our own public project activity).
Fonts
This website uses the Geist Sans and Geist Mono font families. The font files are embedded locally into the delivered assets during the build process and are served from the same hosting. There is no external connection to Google Fonts or any other third party when loading the fonts.
Web analytics (Umami)
This website uses Umami, a privacy-friendly, cookieless web analytics tool. Umami is self-hosted on our own infrastructure in a German data centre; no analytics data is transmitted to third parties. Recorded are, among other things, pages visited, referrer, browser and device type, country of origin, and screen size. The data is anonymised and aggregated; Umami does not store your IP address and does not build visitor profiles. It is not possible for us to identify individual visitors.
Umami sets no cookies and does not store or read any information on your device, so no consent under § 25 TDDDG is required. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly, anonymous reach measurement). Visitors whose browser sends the "Do Not Track" signal are excluded from measurement. More about Umami: umami.is/privacy.
Cookies
This website itself sets no cookies and uses no consent-requiring tracking technologies — which is why you don't see a cookie banner. The only cookie that may occur is the technically necessary Cloudflare security cookie __cf_bm described in the Cloudflare section above.
Rights of data subjects
You have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing. You also have the right to correction, erasure, restriction of processing, withdrawal of consent given, and data portability.
Where data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object, on grounds relating to your particular situation, to the processing of your personal data. In the event of violations of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace, or the place of the alleged violation.
Please direct any requests to [email protected].
Storage period
Unless a more specific storage period is mentioned within this privacy policy, your personal data remains with us until the purpose of data processing no longer applies. If you make a legitimate request for erasure or withdraw consent for data processing, your data will be deleted unless we have other legally permissible reasons for storage.
Last updated
9 June 2026