Name and Address of the Controller Responsible for Data Processing under the EU GDPR
Dr. Fabian Grupe
Simmerner Str. 2
56281 Emmelshausen
The following domain belongs to us
drgrupe.de
1. Introduction
We take data protection very seriously. The processing of personal data—such as an IP address, name, email address, or telephone number of a data subject—is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with applicable German data protection laws.
This Privacy Policy is intended to inform you about the nature, scope, and purpose of the personal data we collect, use, and process. It also explains the rights to which you are entitled.
2. Security Measures
We implement technical security measures consistent with the current state of the art to ensure compliance with data protection regulations and to protect the data we process from accidental or intentional manipulation, loss, destruction, or unauthorized access.
However, we would like to point out that data transmission over the Internet (e.g., communication by email) can contain security vulnerabilities (such as zero‑day exploits). Complete protection of data from access by third parties is not entirely possible.
Encrypted transmission of data
User‑related data is encrypted according to the TLS 1.2 standard or higher (all our servers fully support TLS 1.3) and transmitted to our servers located within Germany. In addition, we regularly test our systems using industry‑standard tools—such as the Mozilla Observatory (B+ rating)—to ensure we provide up‑to‑date encryption and security for all users of our tools and visitors to our website.
All open‑source web applications we use contain the latest updates and, according to the respective developers, are GDPR‑compliant.
3. Cookies and Website Analytics
We use “web analytics” services—specifically the on‑premise solution Matomo—to analyze visit data. For tracking, we use cookies to provide the best possible website experience for all our users. We explicitly chose Matomo (formerly Piwik) to ensure that user‑related data does not leave our web server. All analytics are conducted on the same server hosted in Germany.
Matomo enables fully GDPR‑compliant configuration. All data collected during your visit is anonymized and aggregated purely for statistical purposes. Additionally, we respect the “Do Not Track” function of modern browsers.
Please refer to the “EU Cookie Policy” page for a detailed list of potentially used cookies. As a rule, any cookies we use serve solely to ensure the proper functioning and display of our web interfaces. You may block cookies and tracking through your browser settings; however, doing so may prevent the full use of all website features.
Extended description according to GDPR: General Data Collection
Each access to our website and each retrieval of a file stored on the website is logged. Storage is for internal system‑related and statistical purposes. Logged data includes:
- Anonymized IP address
- Name of the retrieved file including date and time
- Transferred data volume
- Notification of successful retrieval
- Web browser and requested domain or page (subpage)
- Additional personal data only if voluntarily provided (e.g., via email inquiries, contact form submissions, or registration)
About Cookies
The website drgrupe.de uses cookies. Cookies are text files stored on a computer system via an Internet browser. Many cookies contain a unique cookie ID that allows websites and servers to distinguish one browser from another.
Cookies enable us to provide more user‑friendly services that would not be possible without them. For example, a website using cookies can remember user credentials or retain items in a shopping cart.
You may disable cookies at any time through your browser settings and may delete previously stored cookies. However, disabling cookies may limit certain website functionalities.
Data Protection Matters to Us
A cookie notice for self‑hosted software is not legally required. This requirement has existed since 2009 and is covered by the ePrivacy Directive 2002/58/EC. Because we use self‑hosted analytics, we would not have to present a cookie banner. Nevertheless, we have chosen to ask for your explicit consent.
You may prevent cookie storage through browser settings; however, this may restrict functionality.
Do‑Not‑Track
By default, we respect the browser’s Do‑Not‑Track setting. Only users who have disabled Do‑Not‑Track are tracked. IP anonymization is also enabled by default.
4. Log Files and Logging
Our web servers automatically collect a range of general data and information each time our website is accessed. This data is stored in server log files and may include:
- Browser types and versions
- Operating system used
- Date and time of access
- IP address
- Internet service provider
- Other similar data used to prevent threats or attacks on our IT systems (Art. 6(1)(f) GDPR)
We do not draw any conclusions about the identity of visitors. The information is required to:
- Deliver website content correctly
- Optimize content
- Ensure long‑term functionality of IT systems
- Defend against brute‑force attacks
- Provide information to law enforcement in the event of cyberattacks
All anonymized log data is stored separately from any personal data provided voluntarily.
5. Contact Options Through the Website
Our website reflectiveminds.de contains legally required information that enables quick electronic contact, including a general email address. If you contact us via email or the contact form, the personal data you provide is stored automatically for the purpose of processing your inquiry.
No personal data will be shared with third parties.
6. Routine Deletion and Restriction of Personal Data
We process and store personal data only for the duration necessary to achieve the purpose of storage or as required by European or national legislation. The duration of storage follows statutory retention periods. After such periods expire, data is routinely deleted unless it is needed for contract fulfillment or initiation.
If the storage purpose ceases to apply, or if a legally mandated retention period expires, personal data is blocked or deleted in accordance with the law.
7. Overview of Your Rights
Right to Withdraw Consent
You may withdraw consent for the collection, processing, or use of your data at any time by emailing:
datenschutz@drgrupe.de
Right of Access
Upon written request, we will inform you which personal data we have stored about you. For data protection inquiries, you may contact:
datenschutz@reflectiveminds.de
We strive to store your data using all technical and organizational measures to prevent unauthorized access. However, complete data security cannot be guaranteed for email communications; we therefore recommend encrypted email transmission (e.g., PGP).
Right to Erasure (“Right to Be Forgotten”)
Every data subject has the right to request immediate deletion of their personal data where processing is not required.
8. Disclosure of Data to Law Enforcement Authorities
We protect free communication through minimal data storage and technical measures such as encryption. We encourage the widespread use of technical protection mechanisms.
Under §113 TKG, law enforcement authorities may request certain “subscriber data” from telecommunications providers without a court order. Providers cannot refuse such requests and must keep them confidential from the affected customer.
Access to log files or mailbox contents typically requires a judicial order unless authorities claim “imminent danger.” Providers cannot legally challenge such orders.
If required under applicable law, we must release data to authorities.
We will not release data when no legal basis exists (“anticipatory obedience”). Requests without judicial authorization are refused.
We cannot assess whether the personal information provided by users during registration is accurate. If you encrypt your email traffic with PGP, we cannot decrypt your email content.
9. Data Protection Officer
If you have questions regarding data protection, please contact us at:
datenschutz (at) drgrupe (dot) de