Mímir EN DE

Privacy.

This notice describes what data we process on this website — who the controller is, which tools we use, and what your rights are. The German version of this notice is legally binding.

1. Introduction

This website is operated by Fabian Hagen.

It is very important to us that we handle our website visitors' data carefully and protect it as best we can. For this reason, we make every effort to comply with the requirements of the GDPR.

Below we explain how we process your data on our website. We use clear, transparent language so that you genuinely understand what happens with your data.

2. General information

2.1 Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means all data with which you can be personally identified — for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when ‘something happens with it’. Your IP is, for example, transmitted by the browser to our provider and stored there automatically. This constitutes processing (under Art. 4(2) GDPR) of personal data (under Art. 4(1) GDPR).

These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable rules and laws — GDPR, BDSG and TDDDG

The scope of data protection is regulated by law. In this case, those are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (German Federal Data Protection Act) as the national law.

In addition, the TDDDG supplements the GDPR rules in so far as the use of cookies is concerned.

2.3 The controller

Responsible for data processing on this website is the controller in the sense of the GDPR. That is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

You can reach the controller at:

Fabian Hagen

Bettwar 60

91628 Steinsfeld

Germany

[email protected]

2.4 How data is generally processed on this website

As noted above, some data (e.g. IP address) is collected automatically. This data is mostly needed for the technical provision of the website. Where we use personal data beyond that or collect other data, we will inform you or ask for your consent.

Other personal data you provide consciously.

You will find detailed information on this further below.

2.5 Your rights

The GDPR grants you comprehensive rights. These include the right to free information about the origin, recipients and purpose of your stored personal data. You can also request the correction, blocking or deletion of this data or lodge a complaint with the competent data protection supervisory authority. Consent you have given may be withdrawn at any time.

What these rights look like in detail and how to exercise them can be found in the last section of this privacy notice.

2.6 Data protection — our view

Data protection is more than a tedious obligation for us. Personal data has great value, and careful handling of such data should be a matter of course in our digitised world. As a website visitor, you should be able to decide for yourself what, when and by whom things ‘happen’ with your data. We therefore commit to complying with all legal provisions, collect only the data necessary for us, and treat it confidentially.

2.7 Disclosure and deletion

The disclosure and deletion of data are also important and sensitive topics. We therefore want to briefly inform you of our general approach.

Data is only disclosed on a legal basis and only when it is unavoidable. This may in particular be the case where a so-called processor is involved and a data processing agreement under Art. 28 GDPR has been concluded.

We delete your data when the purpose and legal basis for the processing cease to apply and no other legal obligations preclude deletion. Art. 17 GDPR also provides a good overview.

For all further information, please refer to this privacy notice and contact the controller for specific questions.

2.8 Hosting

Hetzner

We use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, for hosting our website. Hetzner provides the technical infrastructure for storage, delivery and management of all content provided on the website, including hosting of websites, domains, databases, backups and email functionality. In the context of using Hetzner, master data of customers, all website data stored on the servers, usage and access logs (e.g. IP addresses and access data) and backup data are processed. The processing serves the provision of a functional, secure and high-performance website infrastructure as well as the fulfilment of statutory retention and proof obligations. The legal basis is Art. 6(1)(f) GDPR based on the legitimate interest in the secure and efficient provision of the online offer, as well as Art. 6(1)(b) GDPR, where the processing is necessary for the performance of a contract or pre-contractual measures. Hetzner does not set its own cookies as part of the hosting service. No transfer of personal data to third countries takes place, since the data is processed exclusively in data centres within the EU. The stored data is deleted as soon as it is no longer required for the purposes for which it was collected. Further information: https://www.hetzner.com/legal/privacy-policy/

2.9 Legal bases

The processing of personal data always requires a legal basis. Art. 6(1)(1) GDPR provides the following options:

  • a) The data subject has given consent to the processing of their personal data for one or more specific purposes;
  • b) Processing is necessary for the performance of a contract to which the data subject is party, or for pre-contractual measures taken at the data subject's request;
  • c) Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • d) Processing is necessary to protect the vital interests of the data subject or of another natural person;
  • e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

3. What happens on our website

By visiting our website, we process personal data of yours.

To protect this data as best we can against unauthorised access by third parties, we use SSL/TLS encryption. You can recognise this encrypted connection by an https:// or a padlock symbol in your browser's address bar.

Below you'll learn which data is collected when visiting our website, for what purpose, and on what legal basis.

3.1 Data collection when accessing the website

When you access the website, information is automatically stored in so-called server log files. The information is:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

Purpose of processing

This data is needed temporarily so that we can display our website to you reliably. In particular, it serves the following purposes:

  • System security of the website
  • System stability of the website
  • Error correction on the website
  • Connection establishment to the website
  • Display of the website

Legal basis and retention

The data processing is carried out pursuant to Art. 6(1)(f) GDPR and is based on our legitimate interest in processing this data, in particular our interest in the functionality and security of the website.

This data is, where possible, stored pseudonymously and deleted once the respective purpose has been achieved.

Where server log files allow identification of the data subject, the data is stored for a maximum of 14 days. An exception applies if a security-relevant incident occurs. In that case, server log files are stored until the security-relevant incident has been resolved and fully clarified.

Otherwise, no merging with other data takes place.

3.2 Cookies

3.2.1 General

This website uses so-called cookies. These are data records — information stored in your end device's browser and related to our website.

By setting cookies, navigation on the website can be made easier for the visitor.

3.2.2 Refusing cookies

You can prevent cookies from being set by adjusting your browser's settings.

Here are links for commonly used browsers:

Mozilla Firefox: support.mozilla.org

Google Chrome: support.google.com

Microsoft Edge: support.microsoft.com

Safari: support.apple.com

If you use a different browser, search for the browser's name plus ‘delete and manage cookies’ and follow the official link.

Alternatively, manage cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

Please note that comprehensive blocking/deletion of cookies may impair the use of the website.

3.2.3 Technically necessary cookies

We use technically necessary cookies on this website so that it functions correctly and in accordance with applicable laws. They help make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis depends on the individual case and is Art. 6(1)(b), (c) and/or (f) GDPR.

3.2.4 Technically non-necessary cookies

We also use cookies on our website that are not technically necessary. These cookies serve, among other things, to analyse the surfing behaviour of website visitors or to offer functions that are not technically required.

The legal basis here is your consent pursuant to Art. 6(1)(a) GDPR.

Technically non-necessary cookies are only set with your consent, which you can withdraw at any time in the cookie consent tool.

3.3 Data processing through user input

3.3.1 Own data collection

We offer the following service on our website: waitlist for the product launch.

For this, we collect the following data:

  • Name
  • Email address

Legal basis and retention

The legal basis for this data processing is Art. 6(1)(b) GDPR.

The data is deleted as soon as the respective purpose ceases to apply and it is legally permissible to do so.

3.3.2 Contact — email

If you contact us by email, we process your email address and any further data contained in the message. This data is stored on the mail server and partly on the respective end devices. Depending on the matter, the legal basis is regularly Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR. The data is deleted as soon as the respective purpose no longer applies and it is legally permissible to do so.

3.4 Mailing service

Sweego.io

We use Sweego.io (Sweego SAS, France) to send transactional emails — in particular for the double-opt-in confirmation of your waitlist sign-up. As part of the sending process, your email address, your name (if provided) and technical metadata (delivery status, timestamps, IP address for spam scoring) are processed. The purpose is the reliable sending of transactional messages to you. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measure) and Art. 6(1)(f) GDPR (legitimate interest in reliable email delivery). Sweego is a French company; processing takes place exclusively within the EU, no third-country transfer occurs. Sweego does not set cookies on your device as part of the SMTP delivery. The data is deleted as soon as it is no longer required for delivery and delivery proof. More information: https://www.sweego.io

3.5 Analytics and tracking tools

Umami (self-hosted)

Our website uses the analytics tool Umami (self-hosted), an open-source web analytics software, which we operate entirely on our own servers and which we control. The service allows us to collect and evaluate anonymised metrics on page views, session duration, traffic sources, referrers, devices used (browser, operating system, device type), pages viewed, and custom events we define (such as button clicks or form submissions) — without storing personal data. Only anonymised usage data is processed; identification of visitors is excluded because, in particular, no IP addresses are stored and no cookies are set. The purpose is to analyse website usage, optimise our online presence, and evaluate marketing measures, in particular to improve functionality, usability, and reach. The legal basis is Art. 6(1)(f) GDPR, since there is an overriding legitimate interest in anonymised reach analysis and improvement of the website. Umami self-hosted does not use cookies. No transfer of personal data to third countries takes place, as all data is stored and processed solely on our own servers within the EU. Data is collected exclusively anonymised; deletion is not necessary since no assignment to a specific person is possible and no personal data is processed. Further general data protection information about the software: https://umami.is/privacy

3.6 Third-party content

Cloudflare DNS

This website uses Cloudflare DNS, a service for Domain Name System (DNS) management and website performance optimisation, operated by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare DNS enables management of DNS records and routes traffic via Cloudflare's global anycast network to provide protection against DDoS attacks, routing optimisation, and additional security (e.g. DNSSEC). As part of usage, data such as the source IP address, requested domain names, type and code of the DNS query, the responsible data centre, target IP, protocol and IP version is typically processed. The purpose of processing is the reliable and secure provision of DNS services, mitigation of attacks, and optimisation of access times. The legal basis is Art. 6(1)(f) GDPR, based on the legitimate interest in secure, performant and trouble-free provision of web services. Cloudflare DNS does not, to the best of our knowledge, set cookies on end devices as part of its DNS services. Personal data, in particular the IP address, is transferred to third countries, in particular to the USA. The basis for this is the EU Commission's standard contractual clauses, ensuring an adequate level of data protection. Data is deleted as soon as it is no longer required for the stated purposes or a valid consent is withdrawn, provided no legal retention obligations apply. More information: https://www.cloudflare.com/privacypolicy/

3.7 Cloud backups

Hetzner Storage Box

Our website uses Hetzner Storage Box for cloud backups, a service of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The Hetzner Storage Box enables secure and scalable storage of backups, such as automated offsite backups and the synchronisation or replication of data via protocols such as FTP, SFTP, rsync, Samba/CIFS or WebDAV. As part of usage, user upload files and backup data, anonymised IP addresses in server logs, account and billing data, and connection metadata (such as protocol, timestamps, use of sub-accounts) are typically processed. The processing serves the implementation and securing of regular backups of website or server data, recoverability, and protection against data loss. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, based on our legitimate interest in secure and reliable data storage. No transfer of personal data to third countries takes place; all data is stored exclusively in data centres within the European Economic Area. The retention period depends on contractual or statutory retention obligations; backup data is deleted as soon as the purpose of storage ceases to apply or deletion is triggered in the customer account, unless legal obligations preclude this. More information: https://www.hetzner.com/legal/privacy-policy/

4. Other important matters

Finally, we want to inform you in detail about your rights and how you will be informed about changes to data protection requirements.

4.1 Your rights in detail

4.1.1 Right of access under Art. 15 GDPR

You can request information as to whether personal data relating to you is being processed. If so, you can request further information about the manner of processing. A detailed list can be found in Art. 15(1)(a) to (h) GDPR.

4.1.2 Right to rectification under Art. 16 GDPR

This right includes the rectification of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to erasure under Art. 17 GDPR

This so-called ‘right to be forgotten’ gives you the right, under certain conditions, to demand the deletion of personal data by the controller. This is generally the case where the purpose of the data processing has ceased to apply, where consent has been withdrawn, or where the underlying processing took place without a legal basis. A detailed list of grounds can be found in Art. 17(1)(a) to (f) GDPR. The ‘right to be forgotten’ also corresponds to the controller's obligation under Art. 17(2) GDPR to take appropriate measures to bring about a general deletion of the data.

4.1.4 Right to restriction of processing under Art. 18 GDPR

This right is subject to the conditions set out in Art. 18(1)(a) to (d).

4.1.5 Right to data portability under Art. 20 GDPR

This regulates the general right to receive your own data in a common format and to transmit it to another controller. However, this only applies to data of processing based on consent or a contract under Art. 20(1)(a) and (b), and only insofar as it is technically feasible.

4.1.6 Right to object under Art. 21 GDPR

You can generally object to the processing of your personal data. This applies in particular if your interest in the objection outweighs the legitimate interest of the controller in the processing, and where the processing relates to direct marketing and/or profiling.

4.1.7 Right to ‘decision in individual cases’ under Art. 22 GDPR

You generally have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. This right also has restrictions and additions in Art. 22(2) and (4) GDPR.

4.1.8 Other rights

The GDPR contains comprehensive rights to inform third parties whether or how you have asserted rights under Art. 16, 17, 18 GDPR. However, only insofar as this is possible or feasible with reasonable effort.

We would also like to point out again your right to withdraw consent given under Art. 7(3) GDPR. The lawfulness of processing carried out up to that point is not affected by this.

We would also like to draw your attention to your rights under §§ 32 et seq. BDSG, which are largely identical in content to the rights just described.

4.1.9 Right to lodge a complaint under Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you are of the opinion that the processing of personal data relating to you violates this regulation.

5. Changes to this privacy notice

The current version of this privacy notice is dated 31 May 2026. From time to time it is necessary to adapt the content of the privacy notice in order to respond to actual and legal changes. We therefore reserve the right to amend this privacy notice at any time. We will publish the amended version in the same place and recommend that you read the privacy notice regularly.

← Back home