Privacy policy

Last updated: January 8, 2026

This privacy policy explains how Alexa Steinbrück (“I”, “me”, or “my”) collects, uses, and protects your personal information when you visit this website (alexasteinbruck.com). This policy is designed to comply with the EU General Data Protection Regulation (GDPR) and German data protection laws.

1. Controller and Data Protection Officer

Responsible party according to Art. 4 (7) GDPR:

Alexa Steinbrück Leipzig, Germany Email: mail (at) alexasteinbruck (dot) com

2. General Information About Data Processing

2.1 Scope of Personal Data Processing

I process personal data of website visitors only to the extent necessary to provide a functional website and deliver my content and services. Processing of personal data occurs only with your consent or when permitted by law.

2.2 Legal Basis for Processing Personal Data

• Art. 6 (1) lit. a GDPR serves as the legal basis when consent is obtained for processing personal data
• Art. 6 (1) lit. b GDPR applies when processing is necessary for contract performance
• Art. 6 (1) lit. f GDPR applies when processing is necessary for legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms

3. Data Collection on This Website

3.1 Server Log Files

When you visit this website, the hosting provider (Netlify, Inc.) automatically collects and stores information in server log files. This information includes:

• Browser type and version
• Operating system
• Referrer URL (the previously visited page)
• Hostname of the accessing computer
• IP address
• Time of the server request

This data cannot be attributed to specific individuals and is not combined with other data sources. The data is processed based on Art. 6 (1) lit. f GDPR for the legitimate interest of ensuring the technical operation and security of the website. The data is automatically deleted after 30 days.

3.2 Contact Form

When you contact me via the contact form on this website, your submission is processed through Netlify Forms, a service provided by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA.

The following information is collected and stored when you submit the contact form:

• Your name
• Your email address
• Your message content
• Submission timestamp
• Technical metadata (IP address, user agent)

Purpose of data processing: The data you provide is used solely for the purpose of processing your inquiry and for potential follow-up questions. I will not share this data with third parties without your consent, except as necessary to respond to your inquiry via email.

Data storage and retention: Form submissions are stored on Netlify’s servers and forwarded to me via email notification. I retain your inquiry data only for as long as necessary to respond to your request and handle any follow-up communication. You may request deletion of your data at any time by contacting me at the email address provided in this policy.

Legal basis: The processing of this data is based on Art. 6 (1) lit. b GDPR if your inquiry relates to a potential contract, or Art. 6 (1) lit. f GDPR for my legitimate interest in responding to inquiries and providing customer service.

Netlify processes this data on my behalf in accordance with a data processing agreement and is subject to their privacy policy: https://www.netlify.com/privacy/

3.3 Google Fonts

This website uses Google Fonts, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to display fonts uniformly. When you access a page, your browser loads the required fonts into its cache to display text and fonts correctly.

For this purpose, your browser must establish a connection to Google’s servers, which informs Google that this website was accessed via your IP address. The use of Google Fonts is based on Art. 6 (1) lit. f GDPR. I have a legitimate interest in the uniform presentation of fonts on my website.

If your browser does not support Google Fonts or blocks the connection to Google’s servers, standard fonts will be used.

For more information about Google Fonts, visit: https://developers.google.com/fonts/faq Google’s privacy policy: https://policies.google.com/privacy

3.4 Website Analytics (Plausible)

This website uses Plausible Analytics, a privacy-friendly web analytics service. Plausible is designed to comply with GDPR, CCPA, and PECR regulations and does not use cookies or collect personal data.

The following anonymous data is collected:

• Page URL
• HTTP Referrer
• Browser type
• Operating system
• Device type
• Country (derived from IP address, which is not stored)

Your IP address is processed only in anonymized form and is not stored. No personal data that could identify you is collected or stored. The data is processed based on Art. 6 (1) lit. f GDPR for my legitimate interest in analyzing website usage to improve content and user experience.

Plausible is hosted in the EU, and all data is stored on EU servers.

For more information: https://plausible.io/data-policy

4. Cookies

This website does not use cookies. All functionality is provided without storing any information on your device.

5. Third-Party Services and External Links

5.1 External Links

This website contains links to external websites (e.g., GitHub, LinkedIn, Medium). I have no control over the content and data protection practices of these third-party sites. When you click on an external link, you leave this website, and the privacy policies of those external sites apply. I recommend reviewing the privacy policies of any third-party websites you visit.

5.2 Hosting

This website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. Netlify processes data on my behalf in accordance with a data processing agreement. For more information, visit: https://www.netlify.com/privacy/

6. Your Rights Under GDPR

As a data subject, you have the following rights:

6.1 Right to Information (Art. 15 GDPR)

You have the right to request confirmation about whether personal data concerning you is being processed and, if so, to receive information about this data.

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the immediate correction of incorrect personal data concerning you.

6.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided that legal requirements are met.

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of the processing of your personal data.

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

6.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data based on Art. 6 (1) lit. f GDPR.

6.7 Right to Withdraw Consent (Art. 7 (3) GDPR)

If processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations.

7. Data Security

I implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. All data transmission on this website occurs via encrypted HTTPS connections.

8. Data Retention

Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Server log files are automatically deleted after 30 days. Contact form submissions (once implemented) will be retained for the duration necessary to respond to your inquiry and for any legally required retention periods.

9. No Automated Decision-Making

I do not use automated decision-making or profiling as defined in Art. 22 GDPR.

10. No Data Transfer to Third Countries

Personal data is processed exclusively within the European Union, with the exception of services provided by Google (Google Fonts) and Netlify (hosting), both of which are based in the USA. These services process data in accordance with GDPR requirements through Standard Contractual Clauses or other approved transfer mechanisms.

11. Children’s Privacy

This website is not directed at children under the age of 16, and I do not knowingly collect personal data from children.

12. Changes to This Privacy Policy

I reserve the right to update this privacy policy to reflect changes in legal requirements or changes to my services. The current version is always available on this page. Please check this page periodically for updates.

13. Contact

If you have any questions about this privacy policy, your data protection rights, or wish to exercise any of your rights, please contact me at:

Email: mail (at) alexasteinbruck (dot) com

For data protection inquiries, please include “Privacy” in the subject line.