Privacy Policy

Last updated: March 6, 2026

1. Controller

The controller responsible for data processing on this website is:

Campus Business Box e.V.
Fraunhoferstr. 13
Wissenschaftszentrum
24118 Kiel
Germany

Represented by the Board: Harm Brandt

Phone: +49 431 2602442
Email: team@coding.waterkant.sh

2. Overview of data processing

This Privacy Policy explains how we process personal data when you visit coding.waterkant.sh, subscribe to our newsletter, or contact us.

Personal data is processed in particular when:

  • visiting the website
  • subscribing to the newsletter
  • interacting with embedded external content
  • contacting us by email

We process personal data in accordance with the General Data Protection Regulation (GDPR).

3. Hosting and website delivery

This website is operated using the Ghost publishing platform and hosted on Google Cloud Compute Engine.

Hosting provider:

Google Cloud
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

The server infrastructure used for this website is located in:

Google Cloud region europe-west3 (Frankfurt, Germany).

When visiting the website, the server automatically processes technical information necessary to deliver the website. This may include:

  • IP address
  • date and time of access
  • requested page
  • browser type and version
  • operating system
  • referrer URL
  • HTTP status codes

These data are processed to:

  • ensure stable and secure operation of the website
  • detect misuse or attacks
  • maintain system security

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure website operation).

Server logs are stored for up to 30 days and then deleted unless required for security investigations.

4. Use of Cloudflare

We use Cloudflare as a reverse proxy and security service to protect our website against attacks and improve performance.

Provider:

Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
USA

Cloudflare processes technical connection data such as:

  • IP addresses
  • browser information
  • request metadata
  • security logs

This processing helps us:

  • protect the website against DDoS attacks
  • ensure secure website delivery
  • improve performance and availability

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure website operation).

Where personal data is transferred to the United States, Cloudflare relies on appropriate safeguards such as Standard Contractual Clauses.

5. Newsletter subscription

Visitors may subscribe to our newsletter on this website.

The newsletter is managed using the Ghost publishing platform. When subscribing, we process the following data:

  • email address
  • subscription status
  • subscription timestamp
  • technical metadata related to newsletter delivery

Newsletter data is stored until you unsubscribe.

The legal basis is Art. 6(1)(a) GDPR (consent).

You can unsubscribe at any time using the unsubscribe link included in every newsletter.

6. Email delivery via Mailgun

We use Mailgun as our email delivery service for sending newsletters.

Provider:

Mailgun Technologies Inc.
112 E Pecan St. #1135
San Antonio, TX 78205
USA

Our Mailgun account uses the EU region.

When newsletters are sent, Mailgun processes subscriber email addresses and technical delivery data required to send the emails.

This may include:

  • email address
  • delivery status
  • bounce information
  • unsubscribe status
  • open tracking
  • click tracking

Newsletter open and click tracking allow us to understand how subscribers interact with newsletters.

The legal basis is Art. 6(1)(a) GDPR (consent).

Mailgun processes data under a data processing agreement and provides safeguards for international data transfers.

7. Ghost analytics

This website uses Ghost's built-in analytics.

Ghost analytics provide aggregated information about:

  • page views
  • traffic sources
  • newsletter performance
  • link clicks
  • subscriber activity

Ghost analytics are first-party and privacy-focused.

The data are used solely to understand how our content is used and to improve our website.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving the website and editorial content).

8. Cookies and necessary technologies

This website uses technically necessary cookies and similar technologies required for:

  • website security
  • newsletter functionality
  • basic website operation
  • interaction with embedded content

The legal basis for necessary technologies is:

  • § 25(2) TDDDG
  • Art. 6(1)(f) GDPR

No third-party marketing or advertising cookies are used.

9. Embedded external content

Some articles may include embedded third-party content, for example:

  • YouTube videos
  • other externally hosted media

When viewing such embedded content, your browser may establish a connection to the third-party provider and transmit technical data such as your IP address.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing rich media content).

10. Contact via email

If you contact us by email, we process the personal data you provide, such as:

  • name
  • email address
  • message content

The purpose is to respond to your inquiry.

The legal basis is:

  • Art. 6(1)(b) GDPR for contract-related inquiries
  • Art. 6(1)(f) GDPR for general communication

Data are stored only as long as necessary to process the request.

11. Recipients of personal data

Personal data may be shared with the following service providers where necessary:

  • Google Cloud (hosting infrastructure)
  • Cloudflare (security and reverse proxy)
  • Mailgun (newsletter email delivery)

All providers process data only as required for the described services.

12. International data transfers

Some service providers (e.g., Cloudflare and Mailgun) may process data outside the European Economic Area.

Where such transfers occur, we ensure appropriate safeguards under Art. 46 GDPR, such as Standard Contractual Clauses.

13. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise these rights, please contact:

team@coding.waterkant.sh

14. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority.

The competent authority for Schleswig-Holstein is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98
24103 Kiel
Germany

https://www.datenschutzzentrum.de

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or technical services.

The current version published on this website applies.

Datenschutz | Impressum