top of page

Privacy Policy

Last updated: 06.10.2025

1. Controller

Thomas Kettner, Artist
Hartwicusstrasse 3, 22087 Hamburg, Germany
Phone: +49 170 2774725
Email: thomaskettner@me.com

(If a data protection officer has been appointed:)
Data Protection Officer: [Name/Company], [Address], [Email], [Phone]
 

2. General Information on Data Processing

We process personal data only to the extent necessary to provide a functional website and our content and services. The legal bases arise in particular from Art. 6(1)(a–f) GDPR.
Where we use processors, data processing agreements (Art. 28 GDPR) are in place.
 

3. Hosting & Content Delivery

This website is hosted by [Hosting Provider] located in [Country]. For secure and performant delivery we may use a CDN ([CDN provider]).
Data processed: IP address, timestamp, requested resources, user agent, referrer.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
Processing on our behalf: Agreement with [Host]/[CDN] in place.
 

4. Server Log Files

The provider automatically collects and stores information in so-called server log files. These data are not merged with other sources; logs are used for error analysis, security, and stability.
Retention period: usually [e.g., 7–30 days], then deletion/anonymization.
 

5. Cookies & Consent Management

We use cookies and similar technologies. Necessary cookies are required for operation. For comfort/statistics/marketing we obtain your prior consent.
Consent tool: [Consent tool, e.g., Borlabs/Cookiebot]
You can withdraw your choice at any time via “Cookie Settings.”
Legal bases:

  • Necessary: Art. 6(1)(f) GDPR in conjunction with § 25(2) TTDSG

  • Consent-based: Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG

     

6. Contact (Email / Contact Form)

When you contact us by email or via a contact form, we process your details to handle the inquiry.
Data processed: name, contact details, message, metadata.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual inquiries) and Art. 6(1)(f) GDPR (general communications).
Retention: until the request is completed; thereafter in line with statutory retention periods.
 

7. Newsletter (optional)

If you subscribe to our newsletter, we use [tool/provider] with a double opt-in procedure.
Legal basis: Art. 6(1)(a) GDPR; you may withdraw consent at any time via the unsubscribe link.
Processing on our behalf: data processing agreement with [tool/provider] in place.
 

8. Web Analytics (optional)

We use [Matomo self-hosted / Google Analytics / other] for reach and usage measurement.

Matomo (self-hosted): IP anonymisation enabled; no transmission to third parties.
Legal basis: Art. 6(1)(a) GDPR (if consented) or Art. 6(1)(f) GDPR (legitimate interest, if run without tracking cookies).
 

Google Analytics: Provider: Google Ireland Ltd. Data may be transferred to third countries (USA). IP anonymisation is enabled.
Legal basis: Art. 6(1)(a) GDPR.

Opt-out/withdrawal: at any time via Cookie Settings.
 

9. Integration of External Content
 

9.1 Fonts (Web Fonts)

We use [e.g., locally hosted web fonts / Adobe Fonts / Google Fonts via local hosting].

  • Recommended: local hosting → no transmission to third-party providers.

  • If CDN/external is used: provider [name], potential transmission of IP address/browser data; legal basis: Art. 6(1)(a) GDPR (consent).
     

9.2 Maps/Video/Other Services

Embedded content from [Vimeo / YouTube / Google Maps, etc.] is loaded only after consent.
Legal basis: Art. 6(1)(a) GDPR.
Third-country transfer: possible (USA); provider Standard Contractual Clauses (SCCs) apply.

 

10. Processors & Recipients 
We engage carefully selected service providers (hosting, email, newsletter, analytics, maintenance).
Recipients: [hosting provider], [CDN], [mail provider], [newsletter tool], [analytics tool], [maintenance/agency].
Data processing agreements in accordance with Art. 28 GDPR are in place with all processors.
 

11. Data Transfers to Third Countries 
Where services located outside the EU/EEA (e.g., the USA) are used, transfers are based on appropriate safeguards pursuant to Art. 46 GDPR, in particular Standard Contractual Clauses (SCCs). Details can be found in the respective provider’s privacy notices.
 

12. Retention Periods 
We process and store personal data only for as long as necessary for the respective purpose or as required by statutory obligations. Thereafter, data are deleted or anonymised.
 

13. Your Rights (Data Subject Rights) 
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability(Art. 20) and objection to processing (Art. 21 GDPR).
You may withdraw consents at any time with effect for the future (Art. 7(3) GDPR).
 

14. Right to Lodge a Complaint 
You have the right to lodge a complaint with a supervisory authority, e.g.:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 20459 Hamburg – https://datenschutz-hamburg.de
 

15. Data Security 
We use TLS encryption (HTTPS) and appropriate technical and organisational measures (access controls, updates, backups).
 

16. Changes to this Privacy Policy 
We will update this policy when services or legal requirements change. The current version is available on this page.

bottom of page