Privacy Policy

This privacy policy applies to the website docbb.de and all of its subdomains (e.g. stats.docbb.de, studie.docbb.de, vorstellung). For third-party sites we link to, the privacy notices published there apply.

1) Controller

Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR):

Dr. Bernd Bürger Zwieselstr. 1 83404 Ainring, Germany Email: [email protected]

2) General information on data processing

We process personal data of visitors to this website only to the extent necessary to provide a functional website and the content offered on it. Any processing beyond that takes place only with your consent or on the basis of a statutory permission.

The website uses no advertising cookies, no third-party trackers, no Google Analytics, no Facebook pixel and therefore requires no cookie banner. There are no cookies when merely viewing the site — cookies are set exclusively after an active user action (see section 8).

3) Server log files (hosting)

When the website is accessed, the server automatically records data in so-called server log files:

  • requested URL
  • date and time of access
  • amount of data transferred
  • HTTP referrer (referring page)
  • browser type and version
  • operating system used
  • truncated IP address

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security, stability and functionality of the website).

Retention: Server log files are stored for a maximum of 28 days (4 weekly rotations) and then automatically deleted. In the event of concrete suspicion of unlawful use (e.g. attack attempts), individual entries may be retained for longer.

Hosting provider: The website is hosted on a dedicated server operated by STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (server location Germany). A data processing agreement pursuant to Art. 28 GDPR is in place with STRATO.

4) Content delivery network: Cloudflare

We use the CDN of Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA for the secure and fast delivery of the website (DDoS protection, TLS termination, caching).

When the website is accessed, technically necessary data (IP address, HTTP headers, requested URL) is transmitted to Cloudflare. To protect against attacks, Cloudflare may set a security cookie (__cf_bm, lifetime max. 30 minutes) and, where applicable, cf_clearance (for bot challenges). According to the established view of the supervisory authorities, these are technically necessary (Art. 6(1)(f) GDPR, § 25(2) no. 2 of the German TDDDG).

Legal basis: Art. 6(1)(f) GDPR. DPA: A data processing agreement is in place with Cloudflare. Third-country transfer USA: Cloudflare is certified under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023).

Privacy notice: https://www.cloudflare.com/privacypolicy/

5) Web analytics: Matomo (self-hosted, cookieless)

We use Matomo (open-source software) for statistical analysis of site usage. Matomo runs on our own server in Germany (subdomain stats.docbb.de). No data whatsoever is transferred to third parties — in particular not to InnoCraft Ltd. or any other external provider.

Matomo is configured in a privacy-friendly way:

  • No cookies (disableCookies is active)
  • Do Not Track is respected (setDoNotTrack)
  • IP anonymisation (the last octet is discarded before storage)
  • No device fingerprinting
  • Retention of aggregated statistics: a maximum of 14 months

Data processed includes: truncated IP address, pages visited, time spent, device/browser class, language, anonymised source (referrer).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in data-minimising reach measurement). As no cookies are set and no data flows to third parties, no consent under § 25 of the German TDDDG is required (see also CNIL, “Matomo en mode cookieless”).

Objection: You can object to the collection at any time by activating “Do Not Track” in your browser or by writing to us informally at [email protected].

6) Affiliate programmes (Amazon, Springer/CJ) — “advertising”

We participate in partner programmes. All affiliate links are labelled as advertising — by an asterisk (*) directly next to the link, a visible statement at the beginning of each affected article (“This article contains advertising*”) and by the link attribute rel="sponsored nofollow". When you click such a link, you are redirected to the respective partner shop:

  • Amazon Partner Programme (Amazon EU S.à r.l., 38 avenue J. F. Kennedy, L-1855 Luxembourg) — links to amzn.to
  • Commission Junction (CJ.com) as intermediary for, among others, Springer/SpringerLink — links to *.dpbolvw.net

Only when you click the affiliate link is your data (IP address, possibly tracking cookies) transmitted to the partner. We ourselves receive no personal data about buyers, only aggregated settlement data (number of clicks/purchases, commission amount).

Legal basis for the link call: Art. 6(1)(f) GDPR. The subsequent data processing by the partner is not within our responsibility; the partner’s privacy notices apply.

7) Research surveys (studie.docbb.de)

On the subdomain studie.docbb.de we run scientific online surveys via a self-developed application that runs exclusively on our own server in Germany. No external survey services (e.g. SurveyMonkey, Google Forms, Typeform) are used.

Participation is voluntary and fully anonymous — no direct identifiers (name, email, IP address in readable form) are stored. The exact data processed, the purpose and the retention period of the respective survey can be found in the privacy information at the beginning of the specific survey.

Legal basis: Art. 6(1)(a) GDPR (consent through participation); additionally Art. 89 GDPR (processing for scientific research purposes).

8) Functional cookies upon active use

The following cookies are set exclusively after an active action and are technically necessary (Art. 6(1)(f) GDPR, § 25(2) no. 2 of the German TDDDG):

Cookie / storageSet when…LifetimePurpose
theme (LocalStorage)you toggle the light/dark schemepermanentStores your design choice
vorstellung_url-token (URL parameter)you open the protected page /vorstellung/ with a password4 hoursAccess token — not a cookie, URL only
__cf_bm (Cloudflare)on first page load, if bot suspicionmax. 30 min.Security / bot protection

9) Fonts

The fonts Playfair Display and Hanken Grotesk are delivered locally from our own server (“self-hosting”). No connection to Google Fonts or other external font services is established — your IP address is not transmitted to third parties for this purpose.

10) Contact

If you contact us by email ([email protected]) or via the contact form, the data transmitted (name, email, subject if applicable, message) is stored and used exclusively to process your enquiry.

Legal basis: Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR (if the enquiry is aimed at concluding a contract). Retention: Until the enquiry has been conclusively processed; statutory retention obligations remain unaffected.

Spam protection: Cloudflare Turnstile

To prevent automated submissions (bots, spam), the contact form embeds Cloudflare Turnstile (provider: Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA). Turnstile is only loaded once you interact with the form (e.g. click into an input field) — merely viewing the contact page establishes no connection to Turnstile. From that point on, Turnstile silently checks in the background whether the request is being made by a human; on submission, the result is additionally verified server-side against Cloudflare. For this purpose, technical data such as IP address, user agent, screen size, mouse and keyboard movements and a non-personally-identifying behavioural fingerprint are transmitted to Cloudflare and evaluated for the duration of the session. No cookies are set for profiling; Turnstile operates without tracking.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the contact form from abusive use). Retention: Turnstile tokens are valid for a maximum of 24 hours and are then automatically deleted. DPA / third-country transfer: A data processing agreement is in place with Cloudflare. Cloudflare is certified under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023). Privacy notice: https://www.cloudflare.com/privacypolicy/.

Articles may contain references to external platforms (e.g. YouTube for video thumbnails, Spotify/Anchor.fm for podcast episodes, LinkedIn, Instagram, Amazon). When you click such links, you are redirected to the third-party site; only then does the third party receive your IP address. No embedded third-party content is loaded automatically when the page is merely viewed (in particular no YouTube embeds — we use static thumbnails).

12) Your rights

You have the right at any time to:

  • access the data stored about you (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • withdraw consent given, with effect for the future (Art. 7(3) GDPR)
  • object to processing based on legitimate interest (Art. 21 GDPR)
  • lodge a complaint with a supervisory authority (Art. 77 GDPR)

Competent authority for Bavaria: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany, https://www.lda.bayern.de.

Please address enquiries to: [email protected]

13) RIGHT TO OBJECT IN INDIVIDUAL CASES

WHERE WE PROCESS PERSONAL DATA ON THE BASIS OF A LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION (ART. 21(1) GDPR).

FOLLOWING YOUR OBJECTION, WE WILL CEASE THE PROCESSING UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS.

14) Changes to this policy

We update this privacy policy as necessary to adapt it to changes in the legal situation or in technical circumstances.

Last updated: 10 July 2026