Sign in Subscribe

Privacy Policy

  1. Information on the Collection of Personal Data and Contact Details of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The data controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Achim Rothe, Am Borsigturm 156, 13507 Berlin, Germany, Tel: +49-30-2000 7990, Email: mail@rothe.cc. The data controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

  1. Data Collection When Visiting Our Website

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the moment of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Used browser
  • Used operating system
  • Used IP address (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.

  1. Cookies & Third-Party Requests

This website uses almost no cookies or third-party requests. Since we only use technically necessary cookies and do not make third-party requests (except to Stripe for payment processing), we refrain from using a cookie consent tool.

Only cookies for storing login and payment information are saved. These are small text files stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process individual user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

The processing of personal data by individual cookies implemented by us is carried out in accordance with Art. 6 (1) lit. b GDPR either for the execution of the contract or according to Art. 6 (1) lit. f GDPR to maintain our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

This page refrains from unnecessary cookies, third-party requests, or other data transfers to the USA. Since we only use technically necessary cookies and queries (strictly necessary), we refrain from using a cookie consent tool. These cookies are in use:

  • ghost-members-ssr and ghost-members-sig identify whether a user is logged in or not. This is necessary, among other things, to ensure that members have access to paywall content. These cookies are only set after account registration/login. After the expiry of the cookie session, a re-login is required.
    (Duration: 6 months)
  • __stripe_sid and __stripe_mid are functional cookies for fraud prevention in payment attempts through the payment service provider Stripe. (Duration: 30 minutes and 1 year, respectively)
  1. Hosting

Our website is operated on server systems of Hetzner, located in Germany. The data center used by us is located in Germany. Hetzner Online is certified according to DIN ISO/IEC 27001. The certificate indicates adequate security management, data security, the confidentiality of information, and the availability of IT systems. In the course of our cooperation, we do not directly pass on personal data about your visit to our website to Hetzner. However, it may happen that Hetzner, e.g., during maintenance work, potentially gains access to personal data. Appropriate data protection agreements with Hetzner ensure the protection of your personal data in such a case.

  1. Payment Service Provider

To process payments, we use the payment processor Stripe Payments Europe, Ltd., Ireland, which is itself responsible for data protection in the sense of Art. 4 No. 7 GDPR. To the extent that we receive data entered by you during the order process (membership booking) and payment data, we fulfill the contract concluded with our customers (Art. 6 Abs. 1 S. 1 lit. b GDPR).

  1. Contacting Us

During contact with us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request according to Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

  1. Comment Function

Subsequent comments can be subscribed to by you as a user. You will receive a confirmation email to ensure that you are the owner of the specified email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Art. 6 (1) lit. a GDPR. You can cancel ongoing comment subscriptions at any time with effect for the future; please refer to the confirmation email for further information on the unsubscribe option.

  1. Transactional Emails & Email Newsletter

Interested parties have the opportunity to create a membership with a customer account and subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration is done by selecting the corresponding field on our website or by another clear action, through which interested parties express their consent to the processing of their data, so that the legal basis is Art. 6 (1) S. 1 lit. a GDPR. Consent can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or notice to our email address specified above. Processing of data until revocation remains lawful even in the event of a revocation.

Based on the recipients' consent (Art. 6 (1) S. 1 lit. a GDPR), we also measure the opening and click rate of our newsletters to understand which contents are relevant for our recipients.

8.1 Transactional Emails

We send transactional emails (e.g., registration confirmation, login link, etc.) with the tool Brevo (formerly Sendinblue) of the provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (Privacy Policy: https://www.sendinblue.com/legal/privacypolicy/). The provider processes content, usage, meta/communication data, and contact data in the EU.

8.2 Newsletter Emails

Our website uses the email service of Mailgun Technologies Inc., 535 Mission St., San Francisco, CA 94105, USA, for sending and analyzing emails when sending newsletter emails. For this purpose, the browser you use must connect to the servers of Mailgun Technologies, Inc. located in the USA. This enables Mailgun Technologies, Inc. to know that our website was accessed via your IP address. The use of Mailgun is in the interest of uniform and secure communication with registered users who have also subscribed to the newsletter.

A record of a received email includes:

  • Date and time of receipt
  • Recipient's email address
  • Access status (e.g., message opened)
  • Description of the type of web browser/email client used
  • IP address of the receiving computer

Consequences and Risks of Involving U.S. Companies (such as Mailgun)

Mailgun, a U.S. company, is involved in data processing. The 2016/1250 decision on the adequacy of the protection provided by the EU-US Data Protection Shield (Privacy Shield) was declared invalid by the CJEU. Therefore, data transfer to the USA is only permitted with the explicit consent of the data subject.

The data subject expressly consents to the involvement of Mailgun in data processing.

The risks are mainly the following:

  • According to the Court, the requirements of U.S. domestic law, particularly certain programs that allow access to personal data for national security reasons by U.S. authorities, lead to restrictions on the protection of personal data that are not regulated in a manner that is essentially equivalent to EU law requirements, and that these legal provisions do not grant affected persons rights that can be enforced against the U.S. authorities.
  • The Court emphasizes that certain surveillance programs allowing U.S. authorities access to personal data for national security reasons do not provide restrictions on the powers transferred to U.S. authorities or guarantees for potentially affected persons outside the U.S.

You can also use this site completely without data transfer to the USA if you do not subscribe to the newsletter.

9) Use of Customer Data for Direct Advertising

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of additional data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means we will only send you an email newsletter if you have explicitly confirmed that you agree to receive newsletters. We will then send you a confirmation email asking you to confirm by clicking on a link that you want to receive newsletters in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 Abs. 1 lit. a GDPR. When you subscribe to the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of subscription to prevent misuse of your email address at a later date. The data collected by us when subscribing to the newsletter will be used exclusively for the purpose of promotional communication through the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending the relevant message to the person responsible named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

10) Umami Web Analytics Service

We use the Umami web analytics service on our site to statistically evaluate visitor access and analyze the use of our website. The data is stored anonymously on a server in the European Union and complies with the requirements of the GDPR.

No cookies are used or personal data stored. Instead, your IP address is used to generate a code assigned to an anonymous user ID while you are on our website. These data cannot be assigned to a specific person and are encrypted with a daily changing code. It is therefore not possible to "recognize" you on a subsequent visit to our website.

Cross-page tracking, linking data with other sources, or passing on information to third parties does not take place.

The legal basis for processing is Art. 6, para. 1, lit. f, GDPR. Our legitimate interest lies in the needs-based design and optimization of our website.

If you do not want to help improve our site, you can control this at any time using the “Do-Not-Track function” in your browser.

11) Rights of the Data Subject

11.1 The applicable data protection law grants you comprehensive rights of data subjects (rights of access and intervention) against the controller with regard to the processing of your personal data, which we inform you about below:

  • Right of access by the data subject pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to be informed pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF, IN THE CONTEXT OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVIDE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE RELEVANT DATA FOR DIRECT ADVERTISING PURPOSES.

12) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the processing purpose and - if relevant - additionally by the respective statutory retention period (e.g., commercial and tax retention periods).

If personal data are processed on the basis of an explicit consent according to Art. 6 Abs. 1 lit. a GDPR, this data is stored until the person concerned revokes his consent.

If there are statutory retention periods for data that are processed within the scope of legal or legal-business obligations on the basis of Art. 6 Abs. 1 lit. b GDPR, these data are routinely deleted after the retention period expires, provided they are no longer required for contract fulfillment or contract initiation and/or there is no longer any legitimate interest in their further storage on our part.

When processing personal data on the basis of Art. 6 Abs. 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection according to Art. 21 Abs. 1 GDPR, unless we can provide compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 Abs. 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection according to Art. 21 Abs. 2 GDPR.

Unless otherwise indicated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Last Updated: 13.11.2023