Privacy

Privacy Policy

This policy explains how Mathias Krostewitz processes personal data when you visit the website, use the contact form, or connect third-party publishing features.

Last updated: June 2, 2026

Controller

Mathias Krostewitz
Oskar-von-Miller-Ring 20, 80333 München, Deutschland
Email: mathias@krostewitz.com

Data processed when you visit the website

When the website is loaded, technical data may be processed to deliver the site securely and reliably. This can include IP address, request time, requested URL, referrer, browser type, device information, and server log data.

The legal basis is legitimate interest in operating, securing, and improving this website under Art. 6(1)(f) GDPR.

Contact, lead capture, and email verification

If you use the contact form or request a CV download, the submitted name, email address, phone number where requested, request type, message, source type, verification status, timestamps, and technical request data such as IP address, approximate country, state, address, browser, referrer, and page URL may be stored as a lead record.

Email is sent through the configured mail provider. Lead records are kept only as long as needed for communication, documentation, download protection, and abuse prevention.

Local storage, cookies, and admin sessions

The public website stores necessary preferences in your browser, including manual language and theme choices and the privacy preference itself. Admin-only areas use secure session cookies for authentication and account protection. Optional categories can be accepted, rejected, changed, or withdrawn through the privacy settings link in the footer.

Google Analytics

Google Analytics is loaded only if you consent to the Analytics category in the privacy preferences. It is used to understand aggregate website usage and improve the public website.

The site does not send your name, contact details, messages, CV requests, or admin data to Google Analytics. If enabled, Google may process device, browser, interaction, and approximate location data according to its own privacy terms. You can withdraw consent at any time through the privacy settings link in the footer.

Maps, weather, media, and external services

Some public sections can load third-party services or content. Automatic loading of Mapbox maps, cached Open-Meteo weather data, external webcam images, and country-based language detection is blocked until you consent to optional external services. Weather data is requested through this site's server cache; other loaded providers may receive technical data such as your IP address and browser information.

The site does not send your name, contact details, messages, CV requests, or admin data to these optional external content providers.

Outbound links to GitHub, LinkedIn, Koalendar, webcam source pages, or similar third-party sites are opened only when you choose them.

Uploaded post media, site assets, and CV files may be stored with a configured object storage provider and delivered through public asset URLs.

LinkedIn publishing integration

If a LinkedIn publishing integration is connected in the admin area, LinkedIn OAuth is used to request authorization from the connected LinkedIn member account. The application may store LinkedIn access tokens, account identifiers, selected post text, article links, and publication timestamps for the purpose of publishing or managing posts selected by the admin.

Access can be revoked through LinkedIn account settings or by disconnecting the integration once that feature is available in the admin area.

AI-assisted post editing

Admin users can choose to send post title, summary, content, and prompt text to an AI provider to draft or improve blog content. This processing only happens when an authenticated admin starts an AI action.

Legal bases

  • Art. 6(1)(a) GDPR for consent-based integrations, optional analytics, external media/maps, and automatic language detection.
  • Art. 6(1)(b) GDPR where processing is needed to respond to a request or provide a requested function.
  • Art. 6(1)(f) GDPR for secure operation, abuse prevention, and improvement of the website.
  • Art. 6(1)(c) GDPR where retention is required by law.

Your rights

Subject to the applicable legal conditions, you may request access, correction, deletion, restriction, portability, or object to processing of your personal data. You may also withdraw consent with effect for the future where processing is based on consent.

You also have the right to lodge a complaint with a competent data protection supervisory authority.

Updates

This policy may be updated when the website, third-party integrations, or legal requirements change. The date above shows the latest version.