Privacy Policy (Datenschutzerklärung)

Last updated: 2026-01-05

1. Controller

The controller within the meaning of the GDPR is:
Moritz Lampkemeyer
Email: contact@lampkemeyer.com

Data Protection Officer (DPO): Not appointed (not required for this website).

2. Scope

This Privacy Policy explains how personal data is processed when you visit this website and the self-hosted WordPress blog at /blog, leave comments, subscribe to updates/newsletters via Jetpack, or interact with embedded third-party content.

3. Hosting

This website is hosted by:
wint.global GmbH, In der Steele 35, 40599 Düsseldorf, Germany

The hosting provider may process personal data (e.g., server log files) on my behalf to operate this website. Where required, a data processing agreement (Art. 28 GDPR) is in place.

4. Server log files

When you access this website, the server automatically records information such as:

  • IP address
  • Date and time of access
  • Requested page/file
  • Referrer URL
  • Browser type/version and operating system

Purpose: ensuring technical operation, security, and troubleshooting.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Retention: 30 days unless longer retention is required for security investigations.

5. Cookies and similar technologies (TDDDG/GDPR)

This website and the WordPress blog may use cookies or similar technologies (e.g., local storage) for essential functions (e.g., security, session handling, comment convenience) and, depending on configuration, for optional features (e.g., statistics, embedded content).

Legal basis:
- Essential storage/access: § 25(2) TDDDG (where applicable) and Art. 6(1)(f) GDPR
- Non-essential storage/access (e.g., analytics/marketing): § 25(1) TDDDG + Art. 6(1)(a) GDPR (consent)

You can restrict or delete cookies in your browser settings. Note that some functions may not work properly if cookies are disabled.

6. Comments (WordPress)

If you leave a comment on the blog, the data you enter (e.g., name/pseudonym, email address, website (optional), comment text) is processed to publish the comment and to enable moderation. Technical metadata (e.g., IP address, user agent) may also be processed to prevent abuse and spam. WordPress may set cookies to remember your details for future comments.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the comment function, moderation, and abuse prevention); where applicable also Art. 6(1)(b) GDPR (providing the requested functionality).
Retention: Comments and associated metadata remain stored until the comment is deleted or the blog is removed.

Gravatar (avatars)

If Gravatar is enabled for comments, an anonymized hash derived from your email address may be transmitted to Gravatar to check whether you use the service and to display an avatar. Gravatar is part of the Automattic group. If you want to avoid this, do not use an email address associated with Gravatar or disable avatars where possible.

Spam protection

The WordPress blog uses spam protection (Akismet). Comment-related data (including IP address and user agent) may be transmitted to the spam protection provider to detect abusive content.

7. Newsletter / subscriptions (Jetpack)

If you subscribe to updates (newsletter / blog subscription), your email address (and, optionally, a name) is processed to send you new posts and/or comment follow-ups. Subscriptions are provided via the Jetpack plugin (Automattic/WordPress.com services).

Legal basis: Art. 6(1)(a) GDPR (consent).
Withdrawal: You can unsubscribe at any time via the unsubscribe link in each email or by contacting contact@lampkemeyer.com.
Retention: Until you unsubscribe; afterwards, your data will be deleted or anonymized unless legal retention obligations apply.

8. Jetpack / Automattic services (WordPress.com connection)

The blog uses Jetpack, a plugin that can connect parts of the site to WordPress.com/Automattic infrastructure to provide features such as subscriptions/newsletters, certain comment-related functions, and (optionally) statistics. Depending on enabled Jetpack modules, Automattic may process visitor/subscriber data as an independent controller or as a processor (depending on the feature and configuration).

For more information, see Automattic’s privacy and cookie information:
https://automattic.com/privacy/
https://automattic.com/cookies/
Jetpack cookies overview:
https://jetpack.com/support/cookies/

9. Analytics / statistics

On the static pages (outside /blog), I do not use third-party analytics beyond what is technically necessary (server logs).

For the WordPress blog, Jetpack includes an optional statistics feature (“Jetpack Stats” / “WordPress.com Stats”). Status: [ENABLED].

If enabled, the feature processes usage data (e.g., page views, referrers, approximate location derived from IP, and technical device/browser information) to provide aggregated site statistics.

Legal basis:
- If cookies or similar technologies are used: Art. 6(1)(a) GDPR (consent) and § 25(1) TDDDG
- If operated without consent-requiring storage/access: Art. 6(1)(f) GDPR (legitimate interest)

10. Embedded content from third parties

Posts may include embedded content (e.g., YouTube/Vimeo videos, social media posts, external images). Embedded content behaves similarly to visiting the third-party website directly and may transmit your IP address and other technical data to that provider. Those providers may also set cookies or use similar technologies.

Where possible, I use privacy-friendly embedding options (e.g., “no-cookie” modes) and/or load embedded content only after you take an action (e.g., click-to-load). Where consent is required, embedded content should be loaded only after your consent.

Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TDDDG if cookies/device access are involved; alternatively Art. 6(1)(f) GDPR where strictly necessary for the requested content and implemented in a privacy-friendly way.

11. SSL/TLS encryption

This website uses SSL/TLS encryption to protect data transmitted to and from the site.

12. Recipients / processors

Service providers may process data on my behalf as processors under Art. 28 GDPR, where required. This can include:

  • Hosting provider: wint.global GmbH
  • WordPress/Jetpack services (Automattic/WordPress.com), depending on enabled modules
  • Third-party providers for embedded content, if embeds are used

13. International data transfers

If third-party services are used (e.g., Jetpack/Automattic services or embeds), data may be transferred outside the EU/EEA. Where required, appropriate safeguards (e.g., standard contractual clauses) are used by the provider.

14. Data retention

Unless a specific retention period is stated in this policy, personal data is retained only as long as necessary for the stated purposes or as required by law.

15. Your rights

Under the GDPR, you have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interests (Art. 21 GDPR)
  • Withdraw consent at any time (Art. 7(3) GDPR)

16. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority is typically the data protection authority of your place of residence or of the controller’s location in Germany.

17. No automated decision-making

No automated decision-making, including profiling, takes place within the meaning of Art. 22 GDPR.