Skip to content
·
DE · EN

Privacy Policy

Translation notice

This is an automatic translation. The legally binding version is the German original.

Preamble

With the following privacy policy, I would like to inform you about the types of your personal data (hereinafter also referred to as "data") that I process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by me, both in the context of providing my services and in particular on my websites and in mobile applications (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

As of: 1 April 2026

Table of contents

Controller

Marcel Kraus
Bonner Straße 88
50374 Erftstadt
Germany

Contact options: See Imprint

Overview of processing activities

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and procedural data.

Categories of data subjects

  • Communication partners.
  • Users.

Purposes of processing

  • Contact enquiries and communication.
  • Security measures.
  • Reach measurement.
  • Management and response to enquiries.
  • Feedback.
  • Profiles with user-related information.
  • Provision of my online services and user-friendliness.
  • Information technology infrastructure.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which I process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or my country of residence or domicile may apply. Should more specific legal bases be relevant in individual cases, I will inform you of these in the privacy policy.

  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Security measures

I take appropriate technical and organisational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of processing as well as the different likelihood and severity of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, assurance of availability and separation of data. Furthermore, I have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data threats. I also take the protection of personal data into account during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.

IP address truncation: Where IP addresses are processed by me or by the service providers and technologies used, and the processing of a complete IP address is not necessary, the IP address is truncated (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a dot is removed or replaced by placeholders. The truncation of the IP address is intended to prevent or significantly impede the identification of a person by their IP address.

TLS/SSL encryption (https): To protect the data of users transmitted via my online services, I use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Deletion of data

The data processed by me will be deleted in accordance with legal requirements as soon as the consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to exist or the data is not necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data is locked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person. My privacy notices may also contain further information on the retention and deletion of data that takes priority for the respective processing operations.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw any consent given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain information about such data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without undue delay, or alternatively to request restriction of processing of the data in accordance with legal requirements.
  • Right to data portability: You have the right to receive the data concerning you, which you have provided to me, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Provision of online services and web hosting

I process your data in order to provide you with my online services. For this purpose, I process your IP address, which is necessary to transmit the content and functions of my online services to your browser or device.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status); content data (e.g. entries in online forms).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of my online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods and services:

  • Provision of online services on rented storage space: For the provision of my online services, I use storage space, computing capacity and software that I rent or otherwise obtain from a corresponding server provider (also known as a "web host"); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Collection of access data and log files: Access to my online services is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, notification of successful access, browser type and version, your operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilisation of the servers and their stability; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymised. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
  • Email sending and hosting: The web hosting services I use also include the sending, receiving and storage of emails. For these purposes, the addresses of recipients and senders as well as further information regarding email sending (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. I can therefore not accept any responsibility for the transmission path of emails between the sender and reception on my server; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Contact and enquiry management

When contacting me (e.g. by post, contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the enquiring persons is processed insofar as this is necessary to respond to the contact enquiries and any requested measures.

  • Types of data processed: Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact enquiries and communication; management and response to enquiries; feedback (e.g. collecting feedback via online forms). Provision of my online services and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods and services:

  • Contact form: When you contact me via my contact form, email or other means of communication, I process the data communicated to me in this context for the purpose of handling the communicated matter; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Web analytics, monitoring and optimisation

Web analytics (also referred to as "reach measurement") is used to evaluate visitor flows to my online services and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, I can, for example, identify when my online services or their functions or content are most frequently used or invite re-use. I can also identify which areas require optimisation.

In addition to web analytics, I may also use testing procedures to test and optimise, for example, different versions of my online services or their components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, may be created for these purposes and information may be stored in a browser or device and read from it. The information collected includes, in particular, websites visited and elements used therein, as well as technical information such as the browser used, the computer system used and information on usage times. If you have consented to the collection of your location data to me or to the providers of the services I use, location data may also be processed.

IP addresses are also stored. However, I use an IP masking procedure (i.e. pseudonymisation by truncating the IP address) to protect you. In general, no clear data (such as email addresses or names) is stored in the context of web analytics, A/B testing and optimisation, but rather pseudonyms. This means that neither I nor the providers of the software used know your actual identity, but only the information stored in profiles for the purposes of the respective procedures.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, detection of returning visitors). Profiles with user-related information (creation of user profiles).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods and services:

  • Matomo (without cookies): Matomo is a privacy-friendly web analytics software that is used without cookies and where the detection of returning visitors is carried out using a so-called "digital fingerprint" that is stored anonymously and changed every 24 hours. With the "digital fingerprint", movements within my online services are recorded using pseudonymised IP addresses in combination with browser-side settings in such a way that conclusions about the identity of individual persons are not possible. The data collected through the use of Matomo is processed only by me and is not shared with third parties; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR). Website: https://matomo.org/.

Mobile application (Tacho – Wie schnell bin ich)

I offer the mobile application "Tacho – Wie schnell bin ich" (English: "Speedometer – How fast am I?", hereinafter "App") for iOS. The app displays the current GPS speed and is available through the Apple App Store.

No collection of personal data by me: The app does not collect, store or transmit any personal data to me. No analytics, tracking or advertising services are used.

In-app purchases via RevenueCat: The app offers optional in-app purchases (e.g. unlocking additional themes). The purchase processing and entitlements management is handled by the third-party provider RevenueCat, Inc. RevenueCat processes purchase-related data such as purchase history and device identifiers. The privacy policy of RevenueCat applies: https://www.revenuecat.com/privacy. The actual payment processing is carried out by Apple via the App Store.

  • Types of data processed: No personal data by me; purchase-related data by RevenueCat (purchase history, device identifiers).
  • Data subjects: Users of the app.
  • Legal bases: The data processing by RevenueCat in the context of in-app purchase processing and by Apple in the context of the App Store is governed by the respective privacy policies of the providers.

Mobile application (BootTrackr)

I offer the mobile application "BootTrackr" for iOS. The app is used for tracking daily footwear and is available through the Apple App Store.

Stored data: The app stores shoe information (name, photo, size, purchase date) and a daily wearing history on your device and in your private iCloud database via Apple's CloudKit. Synchronisation via iCloud is an integral part of the app and cannot be disabled. The data is protected by Apple's iCloud security mechanisms and is not accessible to me.

Device permissions: The app optionally requests access to the camera (for photographing shoes), the photo library (for importing images) and notifications (for an optional daily reminder). These permissions are only requested when using the respective function.

No collection of personal data by me: The app does not collect, store or transmit any personal data to me. No analytics, tracking or advertising services are used. No third-party SDKs are used.

In-app purchases via Apple StoreKit: The app offers an optional in-app purchase (PLUS). The purchase processing is handled exclusively via Apple's StoreKit 2. Apple processes the payment information. The app only sees the transaction status, not any payment data.

  • Types of data processed: No personal data by me; purchase-related data by Apple (purchase history, transaction status).
  • Data subjects: Users of the app.
  • Legal bases: The data processing by Apple in the context of in-app purchase processing and the App Store as well as iCloud synchronisation is governed by Apple's privacy policy.

Map integration (OpenStreetMap)

On my website, I embed an interactive map that uses map material from OpenStreetMap (OSM). The display is provided using the JavaScript library Leaflet, which is loaded via the content delivery network unpkg.com. When accessing the page, map tiles are loaded from the servers of the OpenStreetMap Foundation (OSMF) and the Leaflet library is loaded from unpkg.com. In each case, your IP address is transmitted to these services.

Via a link on the page, you can access route planning through Apple Maps. Clicking this link opens Apple Maps in a new window. Data processing is then carried out by Apple Inc. in accordance with their privacy policy.

The integration is based on my legitimate interest in an appealing presentation of my location pursuant to Art. 6(1)(f) GDPR.

  • Types of data processed: IP address, usage data.
  • Data subjects: Users of the website.
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Service providers: OpenStreetMap Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom; Privacy policy. unpkg.com (operated via Cloudflare); Cloudflare privacy policy. Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; Apple privacy policy.

Changes and updates to the privacy policy

I ask you to regularly inform yourself about the contents of my privacy policy. I adapt the privacy policy as soon as the changes in the data processing carried out by me make this necessary. I will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Where I provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please verify the information before contacting them.

Created with the free privacy policy generator by Dr. Thomas Schwenke, adapted by the operator.