Privacy Policy

Privacy Policy for derbergsteiger.com

Last updated: January 13, 2026

---

1. General Information and Legal Notice

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data on our website derbergsteiger.com (hereinafter referred to as the “Website”).

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this privacy policy.

When you use this website, various types of personal data are collected. Personal data refers to any information that can be used to identify you personally.

Please note that data transmission over the Internet may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Controller (Responsible Entity):
[Your Name / Company Name]
[Your Address]
[Your Email Address]
[Your Phone Number]

---

2. Data Collection on This Website

a) Server Log Files and IT Security

The website provider automatically collects and stores information in server log files for the following purposes:

• Technical operation of the website
• Ensuring IT security
• Detection and prevention of attacks (e.g., via fail2ban)
• Investigation of security incidents
• Analysis of attack patterns

Stored data includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing device
• Time of the server request
• IP address

This data is not merged with other data sources.

Processing is carried out on the basis of Art. 6(1)(f) GDPR and Art. 9(2)(f) GDPR (protection against security risks). Server log files are archived to ensure system security and to analyze attacks.

---

b) Contact Form (Contact Form 7)

If you send us inquiries via the contact form, your details from the form, including the contact data you provide, will be stored for the purpose of processing your request and for follow-up questions. We do not share this data without your consent.

Processing is based on Art. 6(1)(b) GDPR if your request is related to a contract or pre-contractual measures. In all other cases, processing is based on your consent (Art. 6(1)(a) GDPR) and/or our legitimate interest (Art. 6(1)(f) GDPR).

The data you send us will remain with us until you request deletion, revoke your consent, or the purpose for data storage no longer applies. Mandatory legal provisions, especially retention periods, remain unaffected.

---

c) Analytics Tool (WP-Statistics)

This website uses WP-Statistics to analyze website traffic. WP-Statistics is a WordPress plugin that stores data locally on our server. No data is transmitted to third parties.

Privacy-friendly configuration:

• Your IP address is anonymized (last part masked)
• IP addresses are additionally hashed (not reversible)
• “Do Not Track” browser settings are respected
• No cookies are used without your consent

Processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize the website.

Anonymized data is automatically deleted after 365 days.

---

d) Google Search Console

This website uses Google Search Console to analyze and optimize visibility in search engines. Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Processed data includes:

• Access statistics and search queries
• Technical website data
• Crawling errors and indexing status
• Website performance data

Processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in optimizing the website for search engines and monitoring technical functionality.

Data transfer: Data may be transferred to Google servers in the United States. Transfers are based on EU Standard Contractual Clauses.

Further information:

• https://policies.google.com/privacy
• https://search.google.com/search-console

---

3. Cookies and External Services

a) Google reCAPTCHA

We use Google reCAPTCHA to protect our contact forms from spam and abuse. Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

reCAPTCHA processes your IP address and other data required for the service.

Processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the website from automated abuse.

Further information:

• https://www.google.com/intl/en/policies/privacy/
• https://developers.google.com/recaptcha/

Note on third-country transfers: Google is a US-based company. Data is transferred to the USA based on EU Standard Contractual Clauses.

---

b) Cloudflare CDN

This website uses Cloudflare, Inc. as a Content Delivery Network (CDN). Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.

Cloudflare processes your IP address and technical information about your browser and operating system.

Processing is based on Art. 6(1)(f) GDPR.

Further information: https://www.cloudflare.com/privacy-policy/

Note on third-country transfers: Data transfer to the USA is based on EU Standard Contractual Clauses.

---

c) External CDNs (cdnjs, Unpkg)

Our website uses external CDNs such as cdnjs and Unpkg to deliver JavaScript libraries. These services may collect technical data about your usage.

Processing is based on Art. 6(1)(f) GDPR.

---

4. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the change from “http://” to “https://” in your browser’s address bar and the lock icon.

---

5. Your Rights as a Data Subject

You have the right to:

• Request information about your stored personal data
• Request correction or deletion of your data
• Object to data processing
• Request restriction of processing

For access requests, please provide the exact date of your visit and your IP address at that time so we can locate relevant data in archived server logs.

Deletion of server log data stored for IT security purposes may be refused if the data is still required for maintaining system security.

If you believe that your data is being processed in violation of data protection laws, you have the right to lodge a complaint with a supervisory authority.

---

6. Data Retention

The storage duration of personal data depends on the legal basis:

• Server log files are archived for IT security purposes
• WP-Statistics data is deleted after 365 days
• Other data is deleted once the purpose ceases or consent is withdrawn, unless legal retention obligations apply

---

7. Changes to This Privacy Policy

We reserve the right to modify this privacy policy to reflect changes in legal or technical requirements. The current version is always available on our website.