With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”).
The terms used are not gender-specific.
Last updated: January 7, 2026
Jurek Rotha
Artist
Franz-Flemming-Str. 9
04179 Leipzig
Germany
Email address: post[AT]jurekrotha[DOT]de
The following overview summarizes the types of data processed and the purposes of their processing and refers to the affected persons.
Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If more specific legal bases apply in individual cases, we will inform you of these in this Privacy Policy.
In addition to the data protection provisions of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, among other things, specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfers, as well as automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual German federal states may apply.
These data protection notices serve to provide information both under the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). For this reason, please note that, due to broader territorial application and better comprehensibility, the terms used in the GDPR are applied. In particular, instead of the terms used in the Swiss FADP such as “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data,” the GDPR terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. However, the legal meaning of these terms continues to be determined in accordance with the Swiss FADP where applicable.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, access to the data itself, data entry, disclosure, availability safeguards, and data separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, data deletion, and responses to data breaches. We also take the protection of personal data into account during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.
To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information transmitted between a website or app and the user’s browser (or between servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. A website secured with an SSL/TLS certificate is indicated by “HTTPS” in the URL, serving as a signal to users that their data is transmitted securely and in encrypted form.
If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to other persons, entities, or companies (which may be apparent from the provider’s address or if explicitly stated in this Privacy Policy), this is always done in compliance with legal requirements.
For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), which has been recognized as a secure legal framework by an adequacy decision of the European Commission dated July 10, 2023. In addition, we have concluded Standard Contractual Clauses (SCCs) with the respective providers in accordance with the requirements of the European Commission, which establish contractual obligations to protect your data.
This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the SCCs serve as an additional safeguard. Should there be any changes to the DPF, the SCCs will apply as a reliable fallback mechanism, ensuring that your data remains adequately protected at all times.
We inform you for each service provider whether they are certified under the DPF and whether SCCs are in place. Further information about the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/.
For data transfers to other third countries, appropriate safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found on the European Commission’s website.
As a data subject, you have the following rights under the GDPR, in particular pursuant to Articles 15 to 21 GDPR:
We process users’ data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and functions of our online services to the user’s browser or device.
Types of data processed: Usage data; meta, communication, and procedural data; log data.
Data subjects: Users (e.g., website visitors).
Purposes: Provision of our online offering and user-friendliness; IT infrastructure; security measures.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).
Access to our online offering is logged in the form of server log files. These may include the accessed pages and files, date and time of access, transferred data volume, success messages, browser type and version, operating system, referrer URL, IP address, and the requesting provider. Log files are used for security purposes and to ensure system stability. Log data is stored for a maximum of 30 days and then deleted or anonymized unless further retention is required for evidentiary purposes.
When contacting us (e.g., by post, contact form, email, telephone, or social media), the information provided by the inquiring persons is processed to respond to inquiries and carry out requested actions.
Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract or pre-contractual inquiries (Art. 6(1)(b) GDPR).
We maintain online presences within social networks and process user data in this context to communicate with users or provide information about us. User data may be processed outside the EU, which may pose risks regarding the enforcement of user rights. User data is generally processed for market research and advertising purposes by social network operators.
Service: Instagram
Provider: Meta Platforms Ireland Limited
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Basis for third-country transfers: Data Privacy Framework (DPF)
This section provides an overview of the terms used in this Privacy Policy. Where terms are legally defined, those definitions apply. The explanations below are intended to aid understanding.
(Definitions of inventory data, content data, contact data, meta/communication/procedural data, usage data, personal data, log data, controller, and processing follow the GDPR-based interpretations.)
Created using the free Datenschutz-Generator.de by Dr. Thomas Schwenke
Translatet from german origin to english with Google Translate & Chat GPT.
