Privacy Policy
Effective date: April 16, 2026
Last updated: April 16, 2026
1. Controller
Tobias Hager
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Germany
Phone: 089-58964214
Email: th@tobias-hager.com
If you have any questions about data protection, please contact us at the email address above.
2. Overview of Data Processing
We take the protection of your personal data seriously. This privacy policy explains what data we collect when you visit tobias-hager.com, how we use it, and what rights you have regarding your data. We process personal data only in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications-Telemedia Data Protection Act (TTDSG).
3. Hosting
This website is hosted by Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. When you visit our website, Hostinger processes the data necessary to deliver the website to your browser. This includes your IP address, date and time of the request, browser type, operating system, and the requested URL. This processing is based on Art. 6(1)(f) GDPR (legitimate interest in providing a stable and secure website). Server log files are stored for up to 30 days for security purposes and then automatically deleted.
4. Cookies
This website uses a minimal number of cookies:
Essential cookie (always active, Art. 6(1)(f) GDPR / Section 25(2) TTDSG):
A consent preference cookie (th_cookie_consent_v1) stores your cookie choices so the banner is not shown on every page load. This cookie is strictly necessary for the website to function. Duration: 1 year.
Analytics cookie (opt-in only, Art. 6(1)(a) GDPR / Section 25(1) TTDSG):
If you consent, WP Statistics (a self-hosted, privacy-focused analytics plugin) may set a cookie or use hashed data to count unique page views. Your IP address is anonymised (masked). No data is sent to third parties. No Google Analytics, no advertising networks. You can withdraw your consent at any time via the cookie settings in the footer of this website. Duration: session-based.
5. Analytics — WP Statistics
With your consent, we use WP Statistics, a self-hosted WordPress plugin, to collect anonymised usage data. This includes pages visited, referrer URLs, browser type, device type, and screen resolution. IP addresses are masked and not stored in identifiable form. All data is stored exclusively on our own server and is never shared with third parties. Legal basis: Art. 6(1)(a) GDPR (your consent). You can opt out at any time by adjusting your cookie preferences via the settings link in the footer.
6. Login Security — Limit Login Attempts Reloaded
To protect the administrative area of this website against brute-force attacks, we use the WordPress plugin Limit Login Attempts Reloaded (LLAR). This plugin processes and temporarily stores the following data when a login attempt is made:
- IP address of the visitor
- Username entered
- Date and time of the login attempt
- Number of failed attempts and lockout status
This data is stored locally in the WordPress database on our server and is not shared with any third party. IP addresses and lockout logs are automatically deleted after the retention period configured in the plugin. No cookies are set by this plugin.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the website against unauthorised access).
7. Google Fonts
This website uses Google Fonts for consistent typography. Fonts are loaded from Google’s CDN servers (fonts.googleapis.com, fonts.gstatic.com). When your browser loads a font file, a connection is established to Google’s servers, which may transmit your IP address. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform and visually appealing presentation). Google’s privacy policy: https://policies.google.com/privacy.
8. Content Delivery Networks (CDNs)
We load certain front-end libraries (such as GSAP for animations) from cdnjs.cloudflare.com, a CDN operated by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA). When your browser requests a file from this CDN, your IP address is transmitted. Cloudflare may process this data in the USA. Legal basis: Art. 6(1)(f) GDPR. Cloudflare is certified under the EU–U.S. Data Privacy Framework. More information: https://www.cloudflare.com/privacypolicy/.
9. Contact via Email
If you contact us by email, we will process the personal data provided in your message (name, email address, content of the message) for the purpose of handling your enquiry. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries) or Art. 6(1)(b) GDPR if your enquiry relates to a contract. Your data will be deleted once your request has been fully resolved, unless statutory retention periods apply.
10. Social Media Links
This website contains links to external social media profiles (LinkedIn, GitHub, X/Twitter, Instagram). These are simple hyperlinks — no social media plugins, tracking pixels, or embedded widgets are loaded. A connection to these platforms is only established when you actively click a link. We have no influence over the data processed by these platforms once you leave our site.
11. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
Right of access (Art. 15 GDPR) — You can request information about whether and what personal data we process about you.
Right to rectification (Art. 16 GDPR) — You can request the correction of inaccurate data.
Right to erasure (Art. 17 GDPR) — You can request the deletion of your data, provided there is no legal obligation to retain it.
Right to restriction of processing (Art. 18 GDPR) — You can request that we restrict the processing of your data under certain conditions.
Right to data portability (Art. 20 GDPR) — You can request to receive the data you provided to us in a structured, commonly used, machine-readable format.
Right to object (Art. 21 GDPR) — You can object to the processing of your data based on legitimate interests at any time.
Right to withdraw consent (Art. 7(3) GDPR) — You may withdraw any consent given at any time with effect for the future.
To exercise any of these rights, please contact us at th@tobias-hager.com.
12. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent supervisory authority for Bavaria is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.
13. Data Security
This website uses TLS (Transport Layer Security) encryption for all connections. You can recognise an encrypted connection by the lock icon in your browser’s address bar and the “https://” prefix.
14. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our data processing practices or legal requirements. The current version is always available on this page.