Legal
Privacy Policy
Status: 2026-05-03
Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR).
1. Data Controller
The party responsible for data processing on this website within the meaning of the GDPR is:
Rafael Stefanik
Georg-Benjamin-Strasse 29
13125 Berlin
Germany
Email: info@pradox.de
2. Data Protection Officer
A data protection officer has not been appointed, as the legal requirements under § 38 BDSG (German Federal Data Protection Act) are not met.
3. Hosting and Server Log Files
This website is operated on the controller's own server infrastructure in Germany — consisting of an upstream reverse proxy (TLS termination) and a backend server (content delivery), both under direct control and in Germany. There is no processing on behalf of the controller within the meaning of Article 28 GDPR.
When you access this website, the following data is automatically recorded and stored in so-called server log files:
- IP address of the requesting device (truncated after 7 days)
- Date and time of access
- URL accessed
- HTTP status code and amount of data transferred
- Referrer URL
- User agent (browser, operating system)
Purpose: Ensuring smooth connection setup, security of information technology systems, defense against attacks.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in the functionality and security of the website).
Storage period: The full IP address is anonymised or deleted after no more than 7 days. The remaining log data is deleted after 14 days, unless it is needed to clarify a specific security incident.
Recipients: No transfer to third parties takes place.
4. Contact via Email
This website offers a contact option via email (mailto link to info@pradox.de). If you contact me by email, the data you provide (name, email address, content of the message, and any other information you submit) will be processed for the purpose of handling your enquiry.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in responding to your enquiry).
Storage period: Your message will only be stored for as long as necessary to handle your enquiry, but no longer than six months after final processing.
Processing service providers (processors pursuant to Article 28 GDPR):
The email address info@pradox.de is provided through the mail infrastructure of united-domains AG (Germany). Incoming messages are forwarded automatically to my private email account at 1&1 Mail & Media GmbH (GMX), Germany, where they are stored.
| Provider | Purpose of processing | Location |
|---|---|---|
| united-domains AG | Receipt and forwarding of email to info@pradox.de |
Germany |
| 1&1 Mail & Media GmbH (GMX) | Storage of the forwarded email in the inbox | Germany |
Both providers are located within the European Union; no transfer to third countries takes place as a result. Standard processing terms pursuant to Article 28 GDPR apply via the providers' general terms and conditions.
Note on transport encryption: During transport between your email provider and the infrastructure mentioned above, I cannot guarantee that the message is encrypted end-to-end. Please do not send particularly sensitive data (e.g. health data, banking details) by unencrypted email.
5. Cookies and Comparable Technologies
Information on the use of cookies and comparable storage technologies (localStorage) on this website is summarised in a separate Cookie Notice.
In short:
- This website currently does not set cookies, does not load any third-party scripts, and does not embed any external content (e.g. Google Fonts, YouTube, Maps).
- A technically necessary storage of your cookie selection in local browser storage (
localStorage) takes place without consent pursuant to § 25(2) No. 2 TDDDG (German Telecommunications Digital Services Data Protection Act). - Future cookies requiring consent (e.g. for reach measurement) would only be set after your express consent; in such a case, this privacy policy will be supplemented prior to activation.
6. External Links, News Aggregation and Social Media References
This website may contain links to external websites. By clicking on such a link, you leave this website. I have no influence on the content or data processing practices of the destination sites. The respective privacy policy of the linked provider applies.
News Aggregation
This website may display a news section listing links to publicly available articles (e.g. from Anthropic, OpenAI, Hacker News, Heise, Golem, The Verge, MIT Technology Review). This aggregation takes place entirely server-side: my server periodically retrieves the public RSS feeds of the original sources and stores the resulting headlines, source attributions, publication dates, and where applicable short teasers locally as static content.
- When pradox.de is loaded, only this content already aggregated on my server is delivered. No third-party scripts, no iframes, and no embedded widgets from the news sources are loaded.
- No personal data (in particular no IP address and no browser information) of visitors to pradox.de is transmitted to the news sources, as long as you do not click the links.
- Only when you click on a news headline do you leave pradox.de and are forwarded to the respective original source; from that moment on, only the privacy policies of the original sources apply.
Links to the Operator's Own Code Repositories (GitHub)
The profile section of this website displays links to the operator's own public code repositories at GitHub Inc. (88 Colin P. Kelly Jr. Street, San Francisco, CA 94107, USA, or affiliated GitHub B.V. in the Netherlands for EU users). These are exclusively simple hyperlinks and not embedded plugins, browser-side API calls, status badges or scripts from GitHub.
- When pradox.de is loaded, no connection to GitHub is established and no GitHub scripts, no status badges (e.g. from shields.io or github.com), and no embedded widgets are loaded. Any logos or symbols shown are delivered locally from my server.
- No data of visitors is transmitted to GitHub as long as the links are not clicked.
- Only when you click on a repository link do you leave pradox.de and are forwarded to GitHub. From that moment on, GitHub's privacy policy applies: https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement. GitHub may transfer personal data to the United States; GitHub bases such transfers, among other things, on the EU-US Data Privacy Framework and Standard Contractual Clauses (Article 46 GDPR).
Code Screenshots in Own Posts
The news, blog and cheatsheet sections may publish images (screenshots) of code or tool interfaces. These images are stored and served as static files entirely from my own server. No images or content are embedded from third-party servers (e.g. imgur, GitHub CDN, Cloudinary). Therefore, no visitor data is transmitted to third parties when pradox.de is loaded by way of such posts.
Where references to social networks such as LinkedIn (LinkedIn Ireland Unlimited Company), X.com / Twitter (X Corp.), Instagram (Meta Platforms Ireland Limited), TikTok (TikTok Technology Limited, Ireland) or comparable platforms are integrated on pradox.de, these are explicitly simple hyperlinks and not embedded plugins or scripts:
- When you access pradox.de, no connection to these providers is established.
- No cookies of these providers are set and no data is transmitted to them as long as you do not click the links.
- Only when you click do you leave pradox.de; from that moment on, only the privacy policies of the respective platform apply.
When you switch to one of these platforms, the providers regularly process personal data (at minimum your IP address, browser and device information, and possibly cookie IDs). For providers with parent group or infrastructure outside the EU (e.g. Meta group, X Corp. headquartered in the USA, ByteDance behind TikTok), transfers to third countries may occur. Logged-in users may be linked to their account by the respective provider.
The privacy policies of the listed providers can be found at:
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- X / Twitter: https://x.com/de/privacy
- Instagram: https://privacycenter.instagram.com/policy
- TikTok: https://www.tiktok.com/legal/privacy-policy-eea
Further technical information on links and comparable mechanisms is summarised in the Cookie Notice.
Search engine indexing / Google Search Console
This website is publicly accessible and is crawled and indexed by search engines in the usual way — in particular by the Googlebot operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and the affiliated Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The operator additionally uses the Google Search Console to monitor indexing status and identify crawl issues. Ownership is verified solely through a passive <meta name="google-site-verification"> tag in the HTML.
- When this website is loaded, no connection to Google is established. No cookies are set, no Google scripts are loaded, and no visitor data is transmitted to Google.
- Crawling by the Googlebot only generates server-side access logs, which are processed as described in section 3.
- If you reach this website via Google Search, your browser will send a Referer header to my server. Any further processing by Google in the search context takes place outside this website and is governed by Google's privacy policy: https://policies.google.com/privacy.
- In the Google Search Console, the operator is provided with aggregated, non-personal statistics (search queries, impressions, click-through rates, average position); Google applies thresholds that are intended to prevent identification of individual users.
Regarding third-country transfers to the USA via Google LLC: Google is certified under the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023).
7. Your Rights as a Data Subject
You have the following rights with regard to the personal data concerning you:
- Right of access (Article 15 GDPR)
- Right to rectification of incorrect or incomplete data (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to processing (Article 21 GDPR), in particular where processing is based on Article 6(1)(f) GDPR
- Right to withdraw a given consent with effect for the future (Article 7(3) GDPR)
To exercise your rights, an informal email to info@pradox.de is sufficient.
8. Right to Lodge a Complaint with a Supervisory Authority
You have the right under Article 77 GDPR to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.
The competent authority is in particular the supervisory authority of the federal state in which I reside:
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Berlin Commissioner for Data Protection and Freedom of Information
Website: https://www.datenschutz-berlin.de/
9. Data Security
This website is delivered via the encrypted HTTPS protocol (TLS). Appropriate technical and organisational measures pursuant to Article 32 GDPR are implemented.
10. Automated Decision-Making
There is no automated decision-making, including profiling, within the meaning of Article 22 GDPR on this website.
11. Validity and Updates of this Privacy Policy
This privacy policy is currently valid and dated 2026-05-03. Adjustments may become necessary due to changes to the website or amendments to legal requirements. The latest privacy policy is always available on this page.
Annex — What Must Be Added When the Website is Extended
Once any of the following functions is integrated, this privacy policy must be supplemented before activation. Subsequent retroactive adjustment would be unlawful.
| Function | What needs to be added |
|---|---|
| Google Analytics / Matomo Cloud / Plausible | Cookie/storage consent pursuant to § 25(1) TDDDG (cookie banner with opt-in), tool description, provider, third-country transfer (for US tools), retention period, legal basis Art. 6(1)(a) GDPR |
| Google Fonts (via CDN from fonts.googleapis.com) | Separate section, processing on behalf of Google Ireland, note on US third-country transfer; or: host fonts locally and omit |
| Google reCAPTCHA | Separate section with provider, legal basis (Art. 6(1)(f)), third-country transfer USA, standard contractual clauses |
| Embedded YouTube videos / Maps / Vimeo | Cookie/third-party note, "two-click solution" recommended, third-country transfer USA |
| Newsletter / Mailchimp / SendGrid | Separate section with double opt-in procedure, provider (processor), opt-out option, retention period |
| Contact form (instead of mailto) | Mandatory/voluntary fields, possible captcha, storage location of incoming messages, legal basis |
| Registration / login / user accounts | Fields processed, password hashing, retention period, deletion concept, legal basis Art. 6(1)(b) GDPR |
| Hosting with an external provider | Provider, location, reference to processing agreement (Art. 28 GDPR), provider's logfile documentation |
| External mail provider (mailbox.org, IONOS, Google Workspace, M365) | Provider with location, processing agreement, possible third-country transfer (for Google/Microsoft) |
In each case, before activation, have it reviewed or check very carefully, since GDPR violations can be subject to warning under § 3a UWG (German Act Against Unfair Competition).