Privacy Policy
1. Responsible
Controller within the meaning of the General Data Protection Regulation (GDPR):
Daniel Schönenborn
c/o IP-Management #10111
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Phone:
Email:
1.1 Impressum-Privatschutz (IP Management)
We use the services of IMPRESSUM-PRIVATSCHUTZ GmbH, Ludwig-Erhard-Str. 18, 20459 Hamburg, Germany, to manage mail sent to us. This service provider offers a secure and reliable postal address for our project (e.g. imprint, privacy policy, cancellation policy, and other areas where applicable). This also constitutes our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. We have concluded a data processing agreement with Impressum-Privatschutz and fully comply with the strict requirements of the German data protection authorities when using this service. Further information on data protection at Impressum-Privatschutz GmbH can be found here: https://impressum-privatschutz.de/datenschutzerklaerung/
2. Data Storage and Sharing
When you use the contact form on this website, the data you enter (e.g. name, email address, and message) is stored in a database on my hosting provider's server.
The data is processed exclusively to handle your inquiry. Responses are sent manually via email.
If you contact me directly by email, your details will be stored for the purpose of processing the inquiry and for any follow-up questions.
The hosting provider for this website is Lima-City GmbH, Germany. Processing takes place on servers within the European Union. A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting provider.
Server log files: When this website is accessed, the hosting provider automatically records technical data in log files (IP address, date and time of the request, requested URL, referrer URL, browser type and version, operating system). This data is used for the technical provision of the website, to ensure system security, and to defend against attacks. The data is not merged with other data sources and is deleted no later than 14 days after collection, unless security-relevant incidents require longer storage.
Legal basis for log files: Art. 6(1)(f) GDPR (legitimate interest in the security and functionality of the website).
Spam protection (ALTCHA): To protect our contact form and admin login from automated requests, we use the proof-of-work solution ALTCHA. ALTCHA runs entirely client-side in the browser, does not set any cookies, and does not transmit personal data to external servers. Only a cryptographic token (HMAC) is generated and transmitted to our server for verification when the form is submitted.
Legal basis for ALTCHA: Art. 6(1)(f) GDPR (legitimate interest in defending against spam and automated requests).
Admin login (rate limiting): When the admin login page is accessed, your IP address is temporarily stored to limit the number of failed login attempts per IP (max. 3 attempts per 30 minutes). The data is automatically discarded after the time window expires.
Legal Basis: Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
The data will be deleted as soon as it is no longer required for processing, but no later than 12 months, provided there are no statutory retention obligations.
3. Cookies and Tracking Technologies
3.1 Essential Cookies
This website uses the following essential cookies that are necessary for the operation of the website:
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| PHPSESSID | Symfony session cookie for authentication, CSRF protection, and flash messages | Session (until browser closes) | This Website (First-Party) |
| _lcp | Bot detection and defense against automated requests by our hosting provider Lima-City | Session | Lima-City GmbH |
| _lcp2 | Bot detection and defense against automated requests by our hosting provider Lima-City | Session | Lima-City GmbH |
Further information on data processing by our hosting provider is available at: https://www.lima-city.de/hilfe/welche-daten-speichert-lima-city-von-webseitenbesuchern
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and functional website and in defending against automated attacks)
3.2 Cookie Settings (Consent Cookie)
To store your cookie preferences, we use the following cookie:
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| cookie_consent | Storage of your cookie consent preferences | 365 days | This Website (First-Party) |
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in storing your preferences)
3.3 Third-Party Cookies (With Consent)
The following services set cookies only after your explicit consent. You can withdraw this consent at any time in our cookie settings.
Twitch (Twitch Interactive, Inc.)
We embed live streams from the Twitch platform. When loading the stream, Twitch sets various cookies:
| Category | Example Cookies | Purpose | Duration |
|---|---|---|---|
| Authentication | auth-token, login | Twitch login status | Session to 2 years |
| Preferences | video-quality, volume | Player settings | Session to 1 year |
| Analytics | unique_id, api_token | Usage statistics, tracking | Session to 2 years |
Provider: Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA
Data Transfer to Third Countries: Twitch processes data in the USA. The transfer to the USA is based exclusively on your explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with Art. 49(1)(a) GDPR.
Privacy Policy: https://www.twitch.tv/p/en/legal/privacy-notice/
Legal Basis: Art. 6(1)(a) GDPR (consent), Art. 49(1)(a) GDPR (consent to third country transfer)
YouTube (Google Ireland Limited)
We embed videos using the privacy-friendly domain youtube-nocookie.com. No cookies are set, but YouTube stores data in your browser's Local Storage:
| Key | Purpose | Duration |
|---|---|---|
| yt-remote-device-id | Unique device identifier for remote playback | Persistent |
| yt-remote-connected-devices | List of connected remote playback devices | Persistent |
| yt-remote-fast-check-period | Interval for remote device connection checks | Persistent |
| yt-remote-session-app | Remote session application data | Session |
| yt-remote-session-name | Remote session name | Session |
| yt-player-headers-readable | Player configuration headers | Persistent |
| ytidb::LAST_RESULT_ENTRY_KEY | IndexedDB last result tracking | Persistent |
| yt-player-bandwidth | Bandwidth estimation for quality selection | Session |
When loading the embed, the following data is transmitted to Google: IP address, browser user agent, referrer URL, and embed URL.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data Transfer to Third Countries: Google processes data in the USA. The transfer is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Art. 49(1)(a) GDPR.
Privacy Policy: https://policies.google.com/privacy
Legal Basis: Art. 6(1)(a) GDPR (consent)
3.4 Your Rights and Cookie Management
You can change your cookie settings at any time:
- Cookie Settings: Click the "Cookie Settings" link in the footer of this website to adjust your preferences
- Browser Settings: You can delete or block cookies in your browser settings
- Withdrawal of Consent: You can withdraw your consent at any time with effect for the future
Rejecting third-party cookies (media content) does not affect the basic functionality of the website. In this case, live streams will not load automatically but can be loaded manually if desired.
Important: Deleting essential cookies may affect the functionality of the website (e.g., session loss, missing CSRF protection).
4. External Media
This website contains embedded content from the Twitch platform. When loading this content, personal data (e.g. IP address) may be processed by the provider.
The provider is Twitch Interactive, Inc., USA. For more information, please refer to: Twitch Privacy Policy
Additionally, videos from the YouTube platform are embedded using the privacy-friendly domain youtube-nocookie.com. When loading, personal data (e.g. IP address) may be transmitted to Google.
The provider is Google Ireland Limited, Ireland. For more information, please refer to: Google Privacy Policy
5. Your Rights
You have the right to:
- Access: You can request information about your personal data stored with me.
- Rectification: You can request the correction of inaccurate data.
- Erasure: You can request the deletion of your data, provided there are no legal retention obligations.
- Restriction: You can request the restriction of processing your data.
- Objection: You can object to the processing of your data.
- Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.
- Withdrawal of Consent: You can withdraw a given consent at any time with effect for the future (Art. 7(3) GDPR).
- Complaint to a supervisory authority: Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a data protection supervisory authority. The competent authority is, for example, the Hamburg Commissioner for Data Protection and Freedom of Information, Ludwig-Erhard-Str. 22, 20459 Hamburg, Germany (datenschutz-hamburg.de).
To exercise these rights, please contact me via the email address provided above.
Automated decision-making / profiling: Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.
6. Changes
I reserve the right to update this privacy policy to ensure it always complies with current legal requirements or to implement changes to my services in the privacy policy. The new privacy policy will then apply to your next visit.
Last updated: May 2026