Eric Stumper Logo Eric Stumper
Back to Home

Privacy Policy

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Data processing on this website is carried out by the website operator. You can find the contact details in the imprint of this website.

2. Hosting

This website is hosted by Cloudflare. Cloudflare is a US company certified under the EU-US Data Privacy Framework (DPF), ensuring an adequate level of data protection pursuant to Art. 45 GDPR.

Data collected: IP address, access logs, browser information

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient website delivery)

More information: Cloudflare Privacy Policy

3. General Information and Mandatory Information

Data Protection

I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Responsible Party

The responsible party for data processing on this website is: Eric Stumper Erich-Schwarz-Weg 34 24235 Laboe Germany Email: info@ericstumper.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

4. Web Analytics with Umami

This website uses Umami, a privacy-friendly web analytics service. Umami is operated by Umami Software, Inc. and hosted on servers in the European Union (EU region Frankfurt).

Privacy-friendly analytics without consent requirement: Umami is designed to be GDPR and CCPA compliant without requiring cookie banners. No cookies are set, no IP addresses are permanently stored, and no personally identifiable information (PII) is collected.

Data collected: Umami collects anonymized usage data such as pages visited, time spent, referrer, and general device information. This data cannot be attributed to any individual person.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing website usage to improve our services)

More information: Umami Privacy Policy

5. Bot Protection with Cloudflare Turnstile

I use Cloudflare Turnstile to protect forms from automated entries (spam protection). Turnstile is a privacy-friendly alternative to traditional CAPTCHAs.

Data collected: When using forms, technical data such as browser information and interaction patterns are analyzed to determine whether the input comes from a human or a bot. No additional cookies are set.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against spam and abuse)

Data transfer: Cloudflare is certified under the EU-US Data Privacy Framework (DPF).

More information: Cloudflare Privacy Policy

6. Contact Form

If you send inquiries via the contact form, your details from the inquiry form, including the contact data you provided, will be stored for the purpose of processing the inquiry and in case of follow-up questions.

Data collected: Name, email address, message, selected topic

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries)

Retention: Your inquiry is stored for 12 months to properly handle it and for any follow-up questions.

Email delivery: Emails are sent via Resend. Resend is a US company certified under the EU-US Data Privacy Framework (DPF).

7. Newsletter

When you sign up for my newsletter, your data is transferred to kit.com (ConvertKit).

Data collected: Name, email address, consent timestamp

Legal basis: Art. 6(1)(a) GDPR (consent)

Retention: Until you unsubscribe, plus 3 years for consent documentation

Data transfer: kit.com is a US company certified under the EU-US Data Privacy Framework (DPF). Additionally, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed.

You can unsubscribe from the newsletter at any time via the unsubscribe link in each email or by contacting me directly.

More information: kit.com Privacy Policy

8. Appointment Booking

For appointment booking, I use cal.com.

Data collected: Name, email address, booking details, calendar information

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Retention: 12 months after the appointment date

Data transfer: Data transfer is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR.

More information: cal.com Privacy Policy

9. Payment Processing

For payment processing, I use Stripe.

Data collected: Name, email address, payment data, transaction information

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Retention: 10 years (statutory retention requirement under German tax law AO § 147)

Data transfer: Stripe is certified under the EU-US Data Privacy Framework (DPF). Additionally, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed.

More information: Stripe Privacy Policy

10. Embedded YouTube Videos

On some pages, I embed YouTube videos. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data collection only with your consent: YouTube videos are only loaded when you actively click the play button. Only then is a connection to YouTube servers established.

Data collected by YouTube: IP address, cookie data (if logged into YouTube), device information

Legal basis: Art. 6(1)(a) GDPR (consent by click)

Data transfer: Google is certified under the EU-US Data Privacy Framework (DPF) and additionally uses Standard Contractual Clauses (SCCs).

More information: Google Privacy Policy

11. Embedded Google Maps

On some pages, I use the Google Maps mapping service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data collection only with your consent: Google Maps is only loaded when you actively click "Load map". Only then is a connection to Google servers established.

Data collected by Google: IP address, location data, device information

Legal basis: Art. 6(1)(a) GDPR (consent by click)

Data transfer: Google is certified under the EU-US Data Privacy Framework (DPF) and additionally uses Standard Contractual Clauses (SCCs).

More information: Google Privacy Policy

12. Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data stored with me.

Right to rectification (Art. 16 GDPR): You have the right to correct inaccurate data.

Right to erasure (Art. 17 GDPR): You have the right to have your data deleted, unless there are statutory retention obligations.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data.

Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your data at any time, if the processing is based on Art. 6(1)(e) or (f) GDPR.

Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw your consent at any time. Click on "Cookie Settings" in the footer of this website or contact me directly.

Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with the competent data protection supervisory authority. The authority responsible for you depends on your place of residence.

For all inquiries, please contact the address provided in the imprint.