Privacy Policy

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection legislation is:

Managing Directors:

Sebastian Fastner, Sebastian Werner

Email:

privacy@sebastian-consulting.com

A data protection officer has not been appointed, as the legal requirements for this do not apply. For data protection inquiries, you can contact the email address listed above.

Overview of Data Processing

This website does not process personal data beyond what is technically necessary. No cookies are set. For statistical analysis of website usage, we use Plausible Analytics, which operates entirely without cookies and does not permanently store any personal data (see section "Web Analytics"). There is no contact form – contact is made exclusively by email.

Hosting and Content Delivery Network

This website is operated via the infrastructure of Bunny.net (BunnyWay d.o.o., Slovenia, EU). Bunny.net provides the following services:

• CDN (Content Delivery Network) for delivering static files (HTML, JavaScript, CSS)
• Edge Scripting for server-side logic at Bunny.net nodes
• Storage for static files and assets

Processed Data

Each page request processes the following categories of technical connection data: network identification data (IP address), time-related metadata (timestamp), usage data (requested URL), and technical metadata (browser type, operating system, and device information). According to a contractual assurance by Bunny.net, this data is held exclusively in working memory (RAM) and automatically deleted after 20–30 seconds. According to this assurance, no persistent storage takes place.

Legal Basis

Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the availability, integrity and security of the website. This interest outweighs the data subjects' interest in non-processing, as, according to a contractual assurance by Bunny.net, connection data is processed exclusively transiently in working memory and automatically deleted after a few seconds. Insofar as information on the user's terminal device is accessed (e.g. through edge scripting), this is permissible without consent pursuant to Section 25(2)(2) TDDDG, as the access is strictly necessary to provide the service explicitly requested by the user.

Third-Country Data Transfer

Bunny.net is based in Slovenia (EU/EEA). However, in the course of CDN operations, data may temporarily be processed on servers outside the EEA. For these transfers to third countries, Bunny.net has entered into Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. In addition, a Transfer Impact Assessment (TIA) was conducted in accordance with the recommendations of the European Data Protection Board (EDPB), confirming the effectiveness of the safeguards in place. Bunny.net contractually commits that connection data on CDN nodes is only processed transiently and not stored permanently. Furthermore, a data processing agreement pursuant to Art. 28 GDPR is in place, in which Bunny.net ensures that sub-processors implement adequate data protection measures in accordance with the GDPR.

Obligation to Provide Data

The transmission of your IP address is technically necessary to access this website. Without this data transmission, no connection to the server can be established and the website cannot be displayed. There is no legal or contractual obligation to provide any further personal data.

Further information can be found in the Bunny.net privacy policy and on the Bunny.net GDPR page.

Web Analytics with Plausible Analytics

This website uses Plausible Analytics for statistical analysis of website usage. Plausible is self-hosted on our own server at the domain t.sebastian-software.de. Data is not shared with third parties.

How It Works

Plausible operates without cookies and without persistent identifiers. Plausible generates a daily hash from the IP address, user agent, and date, enabling pseudonymised counting of unique visitors. The IP address is only processed transiently in working memory for hash generation and is never permanently stored or logged. The resulting hash may theoretically constitute pseudonymous data within the meaning of the GDPR; however, daily automatic rotation prevents tracking across days.

Processed Data

The following data is collected and stored exclusively in aggregated form:

• Page views (URL, referrer)
• Device information (screen size, operating system, browser)
• Approximate geographic location (country level, derived from the IP address, which itself is not stored)

Legal Basis

The use of Plausible is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in analyzing website usage for the needs-based design and optimization of our website. This interest prevails because Plausible is designed in such a way that no personal data is permanently processed and no conclusions can be drawn about individual users. Since Plausible does not set cookies and does not access information already stored on the user's device, consent under § 25 TDDDG (German Telecommunications Digital Services Data Protection Act) is not required.

Hosting and Third-Country Transfer

Plausible is operated on our own server, hosted by Hetzner Online GmbH in Germany. No third-country transfer takes place. This does not constitute a data processor within the meaning of Art. 28 GDPR, as data processing takes place exclusively on our own infrastructure.

For more information on Plausible's privacy compliance, please visit the Plausible Analytics website.

Contact via Email

When you contact us by email, the data you provide (email address, name if applicable, and message content) will be processed to handle your inquiry. If your inquiry is aimed at concluding or performing a contract, the legal basis is Art. 6(1)(b) GDPR (pre-contractual or contractual measures). For general inquiries without a contractual context, the legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in the proper handling of incoming inquiries. This interest prevails, as processing is limited to what is necessary for responding and data is deleted upon completion. Your data will be deleted once the inquiry has been fully resolved. Where tax or commercial law retention obligations apply (§ 257 HGB, § 147 AO), the relevant data will be retained for up to 10 years.

Appointment Booking via Terminaro

For online appointment booking, we use our own service Terminaro. Terminaro is operated by the same controller (Sebastian Software GmbH) – this therefore does not constitute a transfer of data to a third party within the meaning of Art. 4(10) GDPR, but rather an internal processing operation by the same controller.

When you schedule an appointment via the booking link, the data you enter (name, email address, company if applicable, phone number and booking reason) will be processed by Terminaro.

Legal Basis and Retention Period

Processing is based on Art. 6(1)(b) GDPR for the initiation of a consulting engagement (pre-contractual measures). Booking data is automatically deleted 90 days after the appointment date. If a contractual relationship arises from the booking and tax or commercial law retention obligations apply (§ 257 HGB, § 147 AO), the relevant data will be retained for up to 10 years. Terminaro does not set any cookies on the public website and does not use tracking or web analytics.

Hosting and Sub-processors

User data is stored on servers of Hetzner Online GmbH in Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner. For the delivery of static content, Terminaro uses the CDN of Bunny.net (BunnyWay d.o.o., Slovenia), where data is processed exclusively transiently in working memory.

The information above covers all essential processing details regarding Terminaro. Since Terminaro is operated by the same controller, the data protection principles set out here apply equally. Additional technical details on data processing within Terminaro can be found in the Terminaro privacy notice, which specifies this policy for the booking service.

Processors

We use the following processors pursuant to Art. 28 GDPR, with each of whom a data processing agreement is in place:

BunnyWay d.o.o. (Bunny.net), Slovenia

CDN, hosting and edge scripting for this website

Hetzner Online GmbH, Germany

Hosting of the Terminaro application and the Plausible Analytics server

External Links

This website contains links to third-party websites. When you click on these links, you will be redirected to the respective third-party site. The respective operators are responsible for data processing on these external sites. We recommend that you read the privacy policies of the linked sites.

Automated Decision-Making

No automated decision-making, including profiling, pursuant to Art. 22 GDPR takes place.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Recht auf Datenübertragbarkeit (Art. 20 DSGVO) – gilt ausschließlich für Verarbeitungen auf Grundlage eines Vertrags (Art. 6 Abs. 1 lit. b DSGVO), d. h. bei Nutzung der Terminbuchung über Terminaro sowie bei vertragsbezogener E-Mail-Kommunikation
• Right to object (Art. 21 GDPR) – see separate section below

To exercise your rights, you may contact us at any time at: privacy@sebastian-consulting.com

Right to object (Art. 21 GDPR)

Where we process your personal data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time pursuant to Art. 21 GDPR. If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

To exercise your right to object, you may contact us at any time at: privacy@sebastian-consulting.com

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for us is: