Privacy Policy

(Last updated: 4 July 2025)

1. Controller

I, Christian Hansen, Ahornstrasse 17, CH-4055 Basel, Switzerland, e-mail: ch[at]christianhansen.ch, am the controller within the meaning of Art. 4 (7) GDPR for all data processing operations carried out on this website.

2. No Data-Protection Officer Required

Pursuant to § 38 BDSG, no data-protection officer has to be appointed because fewer than twenty persons regularly handle personal data.

3. Hosting and Server Log Files

The site is hosted by Hostinger International Ltd. (Lithuania). Hostinger stores server log files (IP address, date/time, requested URL, referrer, browser and OS details) to ensure security and proper operation. Legal basis: Art. 6 (1)(f) GDPR (legitimate interest). Log files are deleted automatically after 30 days; encrypted back-ups after a maximum of 90 days. A data-processing agreement under Art. 28 GDPR is in place.

4. Cookies and Local Storage

Only one essential entry is used:

• pll_language – remembers your language preference for one year; legal basis Art. 6 (1)(f).

Non-essential cookies (e.g. Google Analytics) are stored only after you give explicit consent in the banner. You may withdraw that consent there at any time with future effect.

5. Fonts

The site serves two commercially licensed fonts locally from its own server. No requests to Google Fonts are intended. Should your browser nevertheless contact fonts.gstatic.com (e.g. via extensions or fallback), Google LLC in the USA will receive your IP address. Legal basis: Art. 6 (1)(f) GDPR; safeguard: EU Standard Contractual Clauses.

6. Contacting Us

If you contact me by e-mail or form, I process your name, e-mail address and message to reply and follow up. Legal basis: Art. 6 (1)(b) GDPR (pre-contract measures) or Art. 6 (1)(f) (general inquiries). Data are deleted six months after the conversation has ended unless statutory retention duties apply.

7. Planned but Currently Inactive Tools

• Google Analytics 4 – audience measurement and statistics; currently disabled. Once enabled, data will be processed only after your consent (Art. 6 (1)(a)); this policy will then be updated. Data may be transferred to the USA under Standard Contractual Clauses.

8. Data Transfers to Third Countries

Personal data are transferred to the USA only if a Google Fonts fallback or, in future, Google Analytics is triggered. The transfer is safeguarded by the EU Standard Contractual Clauses.

9. Your Rights

You have the right to access (Art. 15), rectify (Art. 16), erase (Art. 17), restrict processing (Art. 18), receive your data in machine-readable form (Art. 20) and object to certain processing operations (Art. 21 GDPR). Just send a brief message to the contact details above.

10. Right to Lodge a Complaint

You may lodge a complaint with the competent supervisory authority, e.g. <State Data-Protection Authority, address>, if you believe your data are being processed unlawfully. In case you think something is faulty here, I would very much appreciate a notice before you take legal steps so I can do better without a law suit. Thanks in advance!

11. Data Security

Communication with this site is secured via TLS (“https://”). The server, CMS and all plug-ins are kept up to date; firewalls and access controls are in place. Encrypted back-ups are deleted after no more than 90 days.

12. Retention and Deletion

• Server log files: 30 days (back-ups 90 days)

• Contact inquiries: six months after final reply

• Accounting/tax records: ten years (statutory obligation)

• All other personal data: deleted as soon as the purpose no longer applies and no retention duty exists.

13. Changes to This Policy

This privacy policy will be updated whenever technical processes, services or legal requirements change. The latest version is always available on this page.