Privacy Policy and Cookie Policy
Privacy Policy
At martinbartels.net, we are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and protect your personal information.
1. Data Controller
The data controller for this website is Martin Bartels, located at Frankfurt, Germany. For any questions about this Privacy Policy, please contact us at martin.h.bartels@live.com.
2. Personal Data We Collect
As there is no public user login, we primarily collect data related to:
- Admin Login: For administrative access, we collect email addresses. This data is solely for internal site management.
- Blog Comments: When you leave a comment on a blog post, we collect:
- Name: Used for public display alongside your comment.
- Email Address: Used for internal purposes such as comment storage, checking if you are on a mailing list, and for communication from the blog author (admin) regarding your comment or any related inquiries. Your email address will not be publicly displayed.
- Website Usage (Non-Personal): We may collect anonymized usage statistics to understand how our website is used and to improve its performance. This data does not identify individual users.
- Information you provide voluntarily: If you contact us via email, we will collect the information you provide in your communication to respond to your inquiry.
3. Purpose of Data Collection
We collect data for the following purposes:
- To secure and manage administrative access to the application.
- To allow you to leave comments on blog posts and display your name alongside your comment.
- To facilitate internal comment management, including checking against mailing lists and enabling communication from the admin regarding your comment.
- To operate, maintain, and improve the functionality of the website.
- To respond to your inquiries and provide support when you contact us.
4. Legal Basis for Processing
We process your personal data based on:
- Consent: When you submit a blog comment, you provide explicit consent for us to process your name and email for the purposes outlined. If you contact us, your communication implies consent for us to process your data to respond to your inquiry.
- Legitimate Interests: Processing for administrative login is based on our legitimate interest in securing and managing our application. For internal comment management (e.g., checking against mailing lists, moderation) and anonymized usage statistics, our legitimate interest is in maintaining a functional and engaging blog and improving our services.
5. Data Storage and Security
Your data is stored and managed within the Cloudflare Workers environment.
- D1 Databases: Relational data, such as administrative user information and blog comment data (including names and email addresses), is stored in Cloudflare D1 databases. D1 is a highly distributed and durable SQL database built on SQLite, ensuring data integrity and availability across Cloudflare's global network.
- R2 Storage: Object data, such as website assets, is stored in Cloudflare R2 Storage. R2 provides highly durable and available object storage, geographically distributed for performance and resilience.
- Cloudflare Workers: Our application runs as a Cloudflare Worker, which is a serverless execution environment distributed globally across Cloudflare's edge network. This architecture enhances data security by minimizing data processing in a single location and leveraging Cloudflare's built-in security features.
We implement the following security measures to protect your data:
- Encryption: Data is encrypted in transit using HTTPS (SSL/TLS) and at rest within Cloudflare's infrastructure (D1, R2).
- Access Controls: Access to D1 databases and R2 buckets is strictly controlled and limited to authorized personnel and the Worker itself through secure bindings.
- Regular Backups: Cloudflare's underlying infrastructure includes robust data backup and recovery mechanisms.
- Platform Security: We leverage Cloudflare's comprehensive security measures, including DDoS protection, WAF, and other edge security features, to protect the application and data from external threats.
- Password Hashing: Admin passwords are securely hashed using industry-standard algorithms (e.g., via the Better Auth framework) before storage in D1.
6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For administrative login data, this means retaining it for the duration of the account's active use. For blog comments, your name and email will be retained as long as the comment is publicly displayed or for internal management purposes, unless you request deletion. If you have contacted us via email, we will retain the correspondence for a reasonable period to address your inquiry and for our records.
7. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct any inaccurate or incomplete data.
- Right to Erasure: You can request that we delete your personal data, including your name and email associated with comments.
- Right to Restrict Processing: You can request that we restrict the processing of your data.
- Right to Data Portability: You can request a copy of your data in a machine-readable format.
- Right to Object: You can object to the processing of your data for certain purposes.
- Right to Withdraw Consent: If processing is based on consent (e.g., for comments), you can withdraw your consent at any time.
To exercise any of these rights, please contact us at martin.h.bartels@live.com.
8. Data Sharing
We do not sell, trade, or otherwise transfer your personal data to third parties. We only share data in the following circumstances:
- When required by law or to protect our rights, property, or safety.
- With Cloudflare as our infrastructure provider, which processes data on our behalf as a data processor. Cloudflare is committed to GDPR compliance.
9. International Data Transfers
Our application is deployed globally across Cloudflare's network. This means your data may be processed in data centers outside the European Economic Area (EEA). Cloudflare maintains robust data protection agreements and certifications (e.g., Standard Contractual Clauses) to ensure that appropriate safeguards are in place to protect your data in compliance with GDPR requirements, regardless of location.
10. Data Breach Notification
In the event of a data breach that affects your personal data, we will:
- Notify you via email (if applicable) within 72 hours of becoming aware of the breach.
- Provide details about the nature of the breach, the data affected, and the steps we are taking to mitigate the risks.
- Report the breach to the relevant supervisory authority, as required by law.
11. Cookies
Our website uses cookies solely for administrative authentication purposes. These cookies store encrypted session data to keep the admin logged in while managing the website. For more details, please refer to our Cookie Policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.
13. Contact Us
If you have any questions about this Privacy Policy or your personal data, please contact us at martin.h.bartels@live.com.
Cookie Policy
Last Updated: 05.06.25
1. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work more efficiently and provide a better user experience.
2. Cookies We Use
We use only strictly necessary cookies for administrative authentication purposes. These cookies are essential for the functioning of our website for administrators and do not collect any personal data for marketing or tracking purposes for public users.
Authentication Cookies (for Administrators)
- Purpose: These cookies store encrypted session data to keep administrators logged in while using our website's backend.
- Duration: These cookies are typically deleted when an administrator logs out or after a set period of inactivity (persistent cookies).
3. Managing Cookies
Since these cookies are strictly necessary for the functioning of the administrative login of our website, they cannot be disabled without affecting administrative access. However, you can block or delete cookies through your browser settings. Please note that disabling cookies may prevent administrators from logging in or using certain features of our website's backend. For public users, disabling cookies will not impact the Browse experience, as no cookies are used for public access.
4. Changes to This Cookie Policy
We may update this Cookie Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.
5. Contact Us
If you have any questions about this Cookie Policy, please contact us at martin.h.bartels@live.com.