Privacy Notice

The following privacy notice informs you about the type, scope, and purpose of the collection and use of personal data when using this website, as well as your rights.

1. Data Controller

Paul Julian Heise
Freelance Software Developer
Lohhofstraße 109
32108 Bad Salzuflen
Germany

Contact
Email: contact@pauljulianheise.com

Further details can be found in our legal notice.

II. Personal Data, Purpose of Processing, and Legal Basis

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: "data subject"). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

We only process personal data on our website when this is necessary for the following purposes:

• Based on your request and consent (Art. 6(1)(a) GDPR)
• To enable use of the website (Art. 6(1)(b) GDPR)
• To improve user experience, promote our services, and maintain website security (Art. 6(1)(f) GDPR)
• To provide services offered on the website and for pre-contractual measures (Art. 6(1)(a) and/or (b) GDPR)
• To conclude and fulfill a contract (Art. 6(1)(b) GDPR)
• To comply with legal obligations, such as tax regulations and recordkeeping duties (Art. 6(1)(c) GDPR)

Further details regarding data processing can be found under the respective headings below.

1. Access Data / Server Log Files

When visiting our website, our hosting provider’s servers automatically store information your browser transmits, known as server log files. This includes:

• Referrer (previously visited page)
• Requested URL or file
• Browser type and version
• Operating system used
• Device type used
• Time of access
• IP address (anonymized and only used to determine location of access)

Temporary processing of this data is necessary to deliver the website to your device. In particular, the IP address must be processed for this purpose. This data is not merged with other sources and is used exclusively to monitor website traffic, ensure technical operations of the server and hosting infrastructure, and to prevent abuse.

Legal basis: Art. 6(1)(f) GDPR

2. Contact via Email, Forms, or Other Means

If you contact us via email, web form, or other means, the personal data you provide (e.g., name, email address, message) as well as technical data (e.g., IP address, timestamp, privacy notice confirmation) will be processed to handle your inquiry and any follow-up questions.

Legal basis:

• Art. 6(1)(b) GDPR (for responding to inquiries)
• If consent is given: Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR
• In individual cases: Art. 6 in conjunction with Art. 9 GDPR for special categories of personal data

If you use our application form for collaboration, we collect the following data: name, email, phone number, date of birth, usernames on social media, previous experience, message content, IP address, timestamp, and any additional information you provide.

Legal basis: Art. 6(1)(b) and/or (a), and Art. 9(2)(a) GDPR

3. Third-Party Services and Content

We integrate or link to third-party content and services as follows:

Social Media

We use social media platforms in our legitimate interest to promote our services and presence. The respective providers' privacy policies apply:

• Twitter
  Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland
  Parent: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

  • Privacy Policy
  • Imprint
  • Data Transfer Clauses

• Instagram
  Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

  • Privacy Policy
  • Imprint

Clicking on a social media icon on our site will redirect you to that provider’s site in a new tab or window. Note that data may be processed outside the EU. This may pose risks, e.g., difficulty enforcing your rights. For effective enforcement, please contact the respective platform provider. You may also contact us regarding our profiles.

Google Fonts

We use Google Web Fonts to provide uniform font rendering across devices. When a page is loaded, your browser downloads the fonts from Google servers.

• Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• For EU/EEA users: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
• Google Fonts FAQ
• Google Privacy Policy

Legal basis: Art. 6(1)(a) GDPR (consent)

If your browser does not support Web Fonts, a default system font will be used instead.

III. Recipients of Personal Data and Transfers to Third Countries

Personal data may be disclosed to the following categories of recipients:

• Our employees
• Our data processors to the extent necessary, in particular our website and hosting provider:

Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
United States

• Any relevant sub-processors of Vercel
• Third-party service providers used on our website (see above under Section II.4)

Beyond these cases, we will not share your personal data with third parties without your explicit consent, unless we are legally obligated to do so or the data transfer is necessary to fulfill a contractual relationship with you.

We may process personal data in a third country (i.e., outside the European Union (EU) or European Economic Area (EEA)) if:

• it is required for the performance of our (pre-)contractual obligations,
• based on your consent,
• due to a legal obligation, or
• based on our legitimate interests.

This also applies to processing by third parties acting on our behalf, as well as disclosures or transfers of personal data to third parties.

Third-party service providers processing personal data on our behalf in third countries are only used if:

• an adequacy decision by the European Commission exists for the country (Article 45 GDPR), or
• appropriate safeguards (Article 46 GDPR), such as
  • Standard Contractual Clauses (SCCs) (Article 46(2)(c) GDPR), or
  • Binding Corporate Rules (BCRs) (Article 47 GDPR) are in place.

You can find general information here:

• Adequacy decisions
• Binding Corporate Rules
• Standard Contractual Clauses

For further information, you may contact us at any time.

IV. Duration of Data Storage

We delete personal data once the purpose for processing has been fulfilled and the legal basis for processing no longer applies, provided there is no statutory retention obligation.

• Server log files and IP addresses are automatically deleted no later than seven days after collection.
• Session cookies are automatically deleted at the end of your session.
• Other cookies with a set expiration date are stored on your device until that date. You also have full control over the use and deletion of cookies (see above).

Personal data submitted through email, contact forms, or other means will be processed until your inquiry has been completely handled. After that, the data will be deleted unless a legal retention obligation applies.

You may delete your customer account at any time. Please note, however, that in the context of a contractual relationship with you, certain commercial and tax-related retention obligations apply:

• Minimum 6 years under § 257 of the German Commercial Code (HGB)
• Minimum 10 years under § 147 of the German Fiscal Code (AO)

This may also apply to the content of contact requests and email communications.

In general, and in relation to all tools and services used as previously described, we review data annually to determine whether it can be deleted. This is the case when the purpose of processing and the legal basis no longer apply and no statutory retention obligation exists.

V. Provision of Personal Data and Rights of Data Subjects

You are not legally required to provide personal data. However, the provision of such data may be necessary to conclude a contract or use specific website features. Without the provision of required data, certain services or functionalities may not be available.

There is no automated decision-making on our website; profiling does not take place.

Your rights as a data subject

In accordance with Articles 15 to 23 and Article 77 of the General Data Protection Regulation (GDPR), and Sections 32 to 37 of the revised German Federal Data Protection Act (BDSG-neu), you have the following rights, provided the legal conditions are met:

• Right of access – Article 15 GDPR
• Right to rectification – Article 16 GDPR
• Right to erasure ("right to be forgotten") – Article 17 GDPR
• Right to restriction of processing – Article 18 GDPR
• Right to data portability – Article 20 GDPR

If you have given consent to the processing of personal data, you have the:

• Right to withdraw consent – Article 7 GDPR
  Withdrawal applies to future processing and does not affect the legality of processing based on consent before the withdrawal.

You also have the:

• Right to object – Article 21 GDPR
  (More details in Section VI below.)

Please send any requests, inquiries, or communications to us—see Section I for contact details.

Right to lodge a complaint

If you believe that the processing of your personal data violates data protection laws, you always have the:

• Right to lodge a complaint – Article 77 GDPR

This right can be exercised with the competent data protection authority, particularly in the member state of your residence, workplace, or the place of the alleged infringement.

A list of supervisory authorities in Germany and abroad can be found here:
List

VI. Information about the Right to Object under Article 21 GDPR

1. Right to object on grounds relating to your particular situation

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(f) GDPR (data processing based on a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

2. Right to object to direct marketing

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without any formal requirements and should preferably be directed to us using the contact details provided above under Section I.