1. Introduction
This Privacy Policy explains how I collect, use, and protect your personal data when you subscribe to my newsletter or interact with my site. I am dedicated to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (GDPR).
2. Data Controller Information
Niklas Gadermann
c/o Online-Impressum.de
Europaring 90
53757 Sankt Augustin
E-Mail: privacy (at) nik.digital
If you have any questions regarding this policy or my data practices, please feel free to contact me using the details provided above.
3. Information I Collect
When you subscribe to my newsletter, I collect the following information:
- Email Address (Required): Used solely for sending you the newsletter.
- First Name (Optional): Used for personalizing communications.
I also collect anonymized data regarding website interactions via Umami Analytics. This includes information on page views, referring websites, and general location data. This anonymized data is not linked to any personal identifiers and is used exclusively to improve your experience on the site.
4. Legal Basis for Data Processing
I process your data based on the following legal grounds:
- Consent: Your subscription to the newsletter signifies your explicit consent to use your data for sending updates and related communications.
- Legitimate Interests: I process anonymized website data to analyze usage patterns and enhance the overall user experience.
No other legal basis is used for processing your data.
5. How I Use Your Data
Your data is used for the following purposes:
- Newsletter Delivery: To provide you with updates, including blog posts, curated links, and occasional references to my products or services. All promotional content is included in the newsletter, and no separate marketing emails are sent.
- Website Enhancement: To analyze anonymized data regarding website interactions, which helps me improve the design and functionality of the site.
6. Data Storage, Retention, and International Transfers
-
Storage and Processing: Your data is stored and processed by the following providers. Each provider operates under a Data Processing Agreement (DPA) that meets GDPR standards.
- Resend (email) is used for audience management and sending out newsletters
- Vercel (hoster) is used for hosting the website
- Neon (database) is used as a database provider
-
Data Retention:
- Personal Data: Retained for the duration of your subscription. Once you unsubscribe, your personal data is deleted.
- Anonymized Data: Retained only as long as needed to analyze website usage and improve the site.
-
International Transfers: Your personal data may be transferred to and stored in the United States. In addition to DPAs, I have implemented appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure your data is protected during international transfers in compliance with GDPR requirements.
7. Your Rights Under GDPR
Under the GDPR, you are entitled to the following rights:
- Access: You may request a copy of the personal data I hold about you.
- Rectification: You may ask for corrections to any inaccurate or incomplete information.
- Erasure: You may request the deletion of your personal data.
- Objection: You may object to the processing of your data for direct marketing purposes.
- Data Portability: You may request a transfer of your data in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact me at the details provided in section 2.
8. Withdrawing Your Consent
You have the right to withdraw your consent at any time. If you wish to do so, you can unsubscribe by clicking the link provided in every newsletter email or by contacting me directly using the details provided in section 2.
9. Sharing Data With Third Parties
I do not share your personal data with external parties except with the following service providers, who process your data on my behalf under GDPR-compliant Data Processing Agreements:
- Resend, used for managing my newsletter audience and sending out emails (DPA, GDPR)
- Vercel, where this website is hosted (DPA, Security)
- Umami Analytics, where I track website usage in an anonymous way (FAQ)
- Neon (DPA), where newsletter signups are temporarily stored in an encrypted form. The encryption key is sent out in the confirmation email to the user, and not stored anywhere else, so if a signup goes unconfirmed, no plaintext emails end up in the database.
10. Data Security Measures
I take reasonable measures to secure your personal data against unauthorized access, loss, or misuse. While I strive to protect your information, please note that no electronic storage or transmission method can be completely secure.
11. How to Make a Complaint
If you believe your data protection rights have been violated, you have the right to file a complaint with your local data protection supervisory authority. Please refer to your national data protection authority for further details.
12. Updates to This Policy
I may update this Privacy Policy from time to time. Significant changes will be indicated by an updated "Last Updated" date at the top of this page. I encourage you to review this policy periodically to stay informed about how your data is protected.
13. Provision of Personal Data
Providing your email address and, if you choose, your first name is entirely voluntary. Without your email address, you will not receive the newsletter. If you opt not to provide your first name, your subscription will remain active, but I will be unable to personalize communications using your name.
14. Automated Decision-Making
I do not engage in automated decision-making or profiling regarding your personal data.