Data Policy

With our privacy policy we would like to inform you about the personal data (‘data’) we process and for what purpose. The privacy policy relates to the following website:

www.hebing.dev

Responsible

The controller, under the General Data Protection Regulation (GDPR), and other national data protection laws of the EU member states, as well as other data protection regulations is:

mStats DS GmbH
Hohe Bleichen 12
20354 Hamburg

Authorised representative: Dr. Marcel Hebing
Email: marcel@hebing.dev

Overview of processing operations

Types of data processed:

Meta, communication and procedural data.
Log data.
Usage data (e.g. IP numbers, page views, length of visit and device types and operating systems used).
Categories of data subjects: Users.

Purposes of the processing:

Security measures.
Provision of our (online) services.
Provision of the infrastructure.

Provision of the online offering and web hosting

Provision of our online offer on rented storage and hosting space: For the provision of our online offer, we obtain storage space, IT capacities and software from server providers (‘web hosts’). Legitimate interests serve as the legal basis (Art. 6 para. 1 lit. f GDPR).
Collection of access data and log files on servers: Access to our online offering is logged (‘server logging’). This may include IP addresses, names of pages or files accessed, date and time of access, volume of data transferred, browser type and version including operating system and so-called ‘referrer URL’. Log files are used for security purposes and to ensure service stability. Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Use of cookies

For technical reasons, we use session cookies to correctly identify authenticated users while they are on our website. At the end of the session the corresponding cookies are discarded.

Data deletion

As soon as the original processing purpose no longer applies, or as soon as there is no longer a need to retain the data, we delete the personal data (‘data minimisation’).

Relevant legal bases

We process data in accordance with the EU General Data Protection Regulation (GDPR)

Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

In addition to the GDPR, national data protection regulations apply. In particular, the German Federal Data Protection Act (BDSG) and Federal State data protection laws may also apply.

Transmission of personal data

When processing personal data, we pass it on to third parties. These include IT service providers and providers of integrated services. In doing so, we observe the legal requirements and conclude appropriate contracts to ensure the protection of your data.

Use of processors (pursuant to Article 13 (1) GDPR)

This website is hosted via render.com. Render operates a global CDN for static sites. When you visit our website, your browser request is routed through Render’s CDN and/or servers. As a result, the following data may be processed by Render:

Browser type/version
Operating system used
Referrer URL (the previously visited page)
IP address
Time of the server request
Cookies (if used)

Render has confirmed compliance with relevant privacy standards: as of January 6, 2025, Render is certified under the EU‑US Data Privacy Framework (DPF), including its UK and Swiss extensions. You may obtain a data processing agreement (DPA) from Render on request.

Legal basis for this processing is our legitimate interest in providing and delivering the content of our website securely and efficiently (Art. 6 para. 1 lit. f GDPR).

International data transfers

Data processing in third countries (i.e. outside the European Union (EU) or the European Economic Area (EEA)) is carried out in accordance with the legal requirements.

If an adequacy decision has been recognised (Art. 45 GDPR), this is decisive.

As part of the ‘Data Privacy Framework’ (DPF), the EU Commission has also recognised the level of data protection as secure for certain companies from the USA as part of the adequacy decision of 10.07.2023.

In addition, standard contractual clauses (SCC; Art. 46 para. 2 lit. c) GDPR) may apply

The EU Commission provides information on third country transfers and adequacy decisions at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.

The service providers we use in the USA are certified under the Data Privacy Framework. The US Department of Commerce provides a list of certified companies at https://www.dataprivacyframework.gov/.

Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object on grounds of legitimate interest: You have the right to object at any time to the processing of your personal data, which is carried out on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR).
Right to information: You have the right to know whether we are processing your personal data. You also have the right to assert further information rights and request copies of data in accordance with legal requirements.
Right to rectification: You have the right to request the completion or rectification of your personal data processed by us.
Right to erasure and restriction of processing: You have the right, in compliance with legal requirements, to request the erasure of data or restriction of processing.
Right to data portability: In accordance with legal requirements, you have the right to request that we transfer your personal data to you or to another controller in a structured, commonly used and machine-readable format.
Complaint to supervisory authority: If you believe that our processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority (e.g., in the EU member state in which your habitual residence or place of work is located).

Competent data protection authority

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg

https://datenschutz-hamburg.de/