Privacy policy

Controller within the meaning of Art. 4 No. 7 GDPR:
Dominik Opwis
Kirchplatz 19, 41844 Wegberg, Germany
Email: arena@opwis.dev
Phone: +49 1523 1709353

The legal requirements for appointing a data protection officer under Art. 37 GDPR and § 38 BDSG are not met. For data protection questions please contact the controller directly.

Each time this website is accessed, our hosting provider automatically collects information that your browser transmits: IP address, date and time of the request, time zone difference to Greenwich Mean Time, content of the request (specific page), HTTP status code, amount of data transferred, referrer URL, and browser and operating system used.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring a stable, secure, and functional web presence and in defending against attacks. The data is generally deleted within a few days unless it is required for evidence preservation in the event of a security incident.

Our website is hosted by Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel processes technical access data (including the IP address) each time a page is accessed as a processor within the meaning of Art. 28 GDPR. A data processing agreement including EU Standard Contractual Clauses (SCC) is in place. For data transfers to the USA, Vercel additionally relies on its certification under the EU-U.S. Data Privacy Framework. Legal basis: Art. 6 (1) (f) GDPR.

For the storage of application data we use Neon (Neon Inc.) with the database located within the European Union (Frankfurt am Main). Neon is engaged as a processor pursuant to Art. 28 GDPR. Legal basis: Art. 6 (1) (b) and (f) GDPR.

Fonts are delivered exclusively from our own server via the function integrated into Next.js. No connection from your browser to Google servers is established, and no data is transmitted to Google.

If you contact us by email or phone, your details (name, email address or phone number, content of the request, and where applicable the company) are stored to process the request and for any follow-up questions. Legal basis: Art. 6 (1) (b) GDPR for pre-contractual measures or contract initiation, and Art. 6 (1) (f) GDPR otherwise. The data is deleted as soon as it is no longer necessary for the purpose of its collection and no statutory retention periods apply.

To arrange calls we link to the external service Cal.com (Cal.com, Inc.). Clicking the booking link redirects you to Cal.com. The data entered there (name, email, preferred time, and any further information) is processed by Cal.com on the basis of its own privacy policy and transmitted to us so that the meeting can take place. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures). Further information: https://cal.com/privacy.

Paid plans are processed via Paddle.com Market Limited acting as Merchant of Record. When you access the pricing page, technical components of Paddle are loaded to prepare the checkout. In the course of a purchase, Paddle processes the data required for settlement, taxation, and invoicing (in particular name, email, billing address, and payment data) as an independent controller. Legal basis: Art. 6 (1) (b) GDPR (performance of contract) and Art. 6 (1) (c) GDPR (compliance with tax and commercial law obligations). Further information at https://www.paddle.com/legal/privacy.

On this website we use only strictly necessary cookies or comparable technologies that are essential for the operation of the site (for example language/routing preference and the checkout flow on the pricing page). The legal basis is § 25 (2) No. 2 TDDDG in conjunction with Art. 6 (1) (f) GDPR. We currently do not use any tracking or marketing cookies, analytics tools, or social media plugins. Consent under § 25 (1) TDDDG is therefore not required.

Subject to the statutory requirements, you have the following rights with regard to the personal data concerning you: right of access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection to processing (Art. 21). If processing is based on consent, you have the right to withdraw it at any time with effect for the future. To exercise your rights an informal message to the email address listed above is sufficient.

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent supervisory authority for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestraße 2–4, 40213 Düsseldorf, https://www.ldi.nrw.de.

This privacy policy is currently valid and has the status stated above. Due to further development of our services or due to changes in statutory or regulatory requirements, it may become necessary to amend this privacy policy. The current version is available on this page at any time.