Skip to content
TAA

Privacy Policy

Last updated: May 2026.

1. Controller

Berger & Rosenstock GbR
Dieselstraße 22e
61231 Bad Nauheim
Germany

Authorised representatives: Marcel R. G. Berger · Jasmin Rosenstock
Data protection contact: data-protection@digitalfreedom.co.za

2. Hosting (GitHub Pages)

This site is served by GitHub Pages (GitHub Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA). Technical connection data (IP, user agent, timestamp, requested URL) is processed when the site is requested. GitHub is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure provision of the website). Retention: per GitHub's policies, typically a few weeks.

3. Cookies and analytics (Google Analytics 4)

This site uses Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to measure aggregated, anonymised usage of the site (pages viewed, traffic sources, device categories). Google Analytics sets cookies and transfers data to Google. The connection is configured with anonymize_ip so your IP is truncated before processing.

We use Google Consent Mode v2 (Advanced) with all storage categories (analytics_storage, ad_storage, ad_user_data, ad_personalization) defaulting to denied. Before you consent, Google Analytics only sends cookieless pings (no cookies, no client ID, no precise location) which Google uses for aggregated modelling. Cookies and personalised measurement are only set once you actively accept via the cookie banner. Legal basis: Art. 6 (1) (a) GDPR (consent) and § 25 (1) TTDSG for cookies; Art. 6 (1) (f) GDPR (legitimate interest in aggregated reach measurement) for cookieless pings. You can withdraw consent at any time via "Cookie settings" in the footer; the lawfulness of processing before the withdrawal remains unaffected.

Apart from Google Analytics this site sets no cookies. Theme preference (light/dark) and your consent decision are stored only in your browser's localStorage and never transmitted to a server.

4. Newsletter and contact form (MailerLite)

We use MailerLite (UAB MailerLite, Paupio g. 46, LT-11341 Vilnius, Lithuania) to process newsletter sign-ups and contact requests. Data processed: email address (mandatory), optionally name and reason, technical metadata (timestamp, IP for spam protection). The MailerLite Universal JS library is loaded from MailerLite's CDN — legal basis: Art. 6 (1) (f) GDPR (legitimate interest in lead capture) and Art. 6 (1) (a) GDPR (consent) once you submit the form.

Consent is obtained via double opt-in (confirmation email). You can unsubscribe at any time via the link in every email. Retention: until withdrawal or three years of inactivity, whichever comes first. A data processing agreement is in place with MailerLite.

5. Fonts

We use the "Geist" font hosted locally. No data is sent to third-party font providers (e.g. Google Fonts).

6. Embedded third-party content

Apple iTunes / App Store: App icons and metadata (name, description, version, ratings) are fetched at build time from the public iTunes Lookup API and embedded statically. Icons are loaded from Apple's CDN (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA) when the page is rendered, so your browser transmits technical connection data (IP, user agent) to Apple. Legal basis: Art. 6 (1) (f) GDPR. Apple is certified under the EU-US Data Privacy Framework.

GitHub: The open-source section is fetched at build time from the public GitHub API and embedded statically. In normal operation no live data is pulled from GitHub when you load the site. Clicking a GitHub link forwards you to github.com, where GitHub's privacy notice applies.

7. Server logs

GitHub Pages logs technical connection data on every request (IP, timestamp, URL, user agent, referrer). We have no direct access to these logs; GitHub keeps them for security and operations purposes. Legal basis: Art. 6 (1) (f) GDPR.

8. International transfers

Transfers to the United States (GitHub, Apple, Google) take place under the EU-US Data Privacy Framework (Commission decision of 10 July 2023). Transfers within the EU (MailerLite, Lithuania; Google Ireland) take place without restrictions.

9. Retention (summary)

  • Server logs (GitHub): per GitHub's policies, typically a few weeks
  • Newsletter data (MailerLite): until withdrawal or three years of inactivity
  • Contact requests: until the request is handled, then six months for follow-up
  • Google Analytics: 14 months (default retention period for user and event data)
  • Theme preference and consent decision (localStorage): until you delete it; lives only in your browser

10. Your rights

You have the right to information (Art. 15 GDPR), rectification (Art. 16), deletion (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). You can withdraw any consent at any time — the lawfulness of processing before the withdrawal remains unaffected.

Requests to: data-protection@digitalfreedom.co.za

11. Right to complain

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, Germany.

12. Data Protection Officer

A DPO has not been appointed — the controller does not meet the threshold criteria for mandatory appointment under Art. 37 GDPR / § 38 BDSG.