Privacy Policy (GDPR)
Last updated: 2026-02-05
1) Controller (Data Controller)
Controller (within the meaning of the GDPR / DSGVO):
Felix Heilingbrunner
c/o CODE Education GmbH
Donaustr. 44
12043 Berlin
Germany
2) Privacy at a glance
This is a personal website and is built to be privacy-friendly:
- No accounts, no registration, no contact forms (i.e., we do not actively ask you to provide personal data).
- No advertising tracking.
- No sale of data.
- We use privacy-friendly analytics (see Section 4) to understand basic, aggregated usage of the site.
3) General/technical processing when you visit the website
When you access a website, your browser necessarily transmits technical information to deliver the requested pages (e.g., to load the site content securely and reliably). Depending on the hosting setup, this can include technical log data (for example to prevent abuse and troubleshoot errors).
We use such technical processing only as necessary for:
- delivering the website,
- ensuring security and stability, and
- preventing misuse.
4) Analytics (Umami Cloud)
We use Umami Cloud for basic website analytics to understand how the site is used and to improve it.
Cookie use:
According to Umami, the Umami tracking code does not use cookies.
No personal identification / no cross-site tracking:
Umami states it does not collect personally identifiable information, anonymizes data, visitors cannot be identified, and visitors are never tracked across websites.
Default configuration:
We use Umami in its default configuration and do not intentionally configure it to collect personal identifiers.
No sharing:
The analytics information we collect for this website is not shared with third parties for advertising or marketing purposes.
Who processes analytics data:
Because we use the hosted/cloud version, analytics data is processed via Umami Cloud. The Umami Cloud login page identifies the provider as Umami Software, Inc.
Legal basis:
Where analytics processing qualifies as processing of personal data under the GDPR, we rely on Art. 6(1)(f) GDPR (legitimate interests) (legitimate interest in understanding basic site usage and improving the website in a privacy-friendly way).
5) Encryption (SSL/TLS)
To protect data in transit, this website uses modern encryption (TLS/SSL) via HTTPS.
6) Your rights as a data subject (GDPR)
You can exercise the following rights at any time by contacting the controller at the address above:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR), where applicable
- Right to object (Art. 21 GDPR)
Withdrawal of consent
If we process personal data based on your consent, you can withdraw consent at any time with effect for the future.
7) Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, for example in your place of habitual residence, place of work, or the place of the alleged infringement.
8) Information about your right to object (Art. 21 GDPR)
Case-by-case right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Art. 6(1)(f) GDPR (processing based on legitimate interests). This also applies to profiling based on that provision.
If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.
9) Changes to this Privacy Policy
We may update this Privacy Policy to ensure ongoing compliance with legal requirements or to reflect changes to this website (e.g., if features are added). The version in effect at the time of your visit applies.