Legal Information

Imprint & Privacy

Information according to § 5 DDG and privacy notice under the GDPR.

Responsible for content

Privacy Notice

This notice explains which data is processed when using the website, comments, and login functions.

Controller

The controller is Tony Brüser, Hemmoor-Ring 17, 15562 Rüdersdorf bei Berlin, Germany. Contact: tonybrueser.1995@gmail.com.

Server Access

When the website is accessed, technically necessary access data may be processed, such as IP address, time, requested URL, browser/device information, and referrer. The purpose is delivery, security, and error analysis. The legal basis is Art. 6(1)(f) GDPR.

Comments

Comments can be submitted without login. The processed data includes display name, comment text, language, page key, page URL, time, and approval status. Comments are published only after admin approval. Publication is based on consent under Art. 6(1)(a) GDPR; abuse prevention and moderation rely on legitimate interests under Art. 6(1)(f) GDPR.

Captcha, Rate Limit, and Honeypot

The comment form uses a self-hosted arithmetic captcha, a honeypot, and rate limiting to prevent spam. Session tokens and a hash of the IP address with timestamps are processed in a local cache file. Old timestamps are ignored for rate-limit checks.

Footer Login

The admin login uses a technically necessary session cookie. The user login does not include registration yet; the display name is stored only in your browser's local storage and is not automatically sent to the server.

Cookies and Local Storage

A technically necessary session cookie named alt_r_session may be set for admin sessions, CSRF protection, and captcha handling. The local user display name is stored in the browser under ar_user. These storage operations serve requested functions and do not provide tracking.

Storage Period

Approved comments remain visible until they are deleted or deletion is requested. Rejected or deleted comments are removed from the comment database. Session data expires at the end of the session; rate-limit data is used only for abuse prevention.

Data Subject Rights

Subject to the GDPR, you have rights of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with a data protection supervisory authority.