Privacy policy
Required disclosures under the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG).
This website collects as little data about you as technically possible. No accounts, no cookies, no analytics, no tracking pixels, no fonts from third parties, no social-media plugins. What we do collect, why, and for how long, is described below in detail.
1. Who is responsible
The controller for the processing of personal data on this website, within the meaning of Art. 4 No. 7 GDPR, is:
Creative Mayhem UG (haftungsbeschränkt) i.G.
Alte Jakobstraße 92
10179 Berlin
Deutschland
E-mail: info@creativemayhem.com
Managing director: Christopher Karl Neitzert
2. Principle of data minimisation
This website is a static information site. It does not set cookies, does not use analytics or tracking tools, does not embed third-party content (no social-media plugins, no external fonts, no video embeds, no chat widgets), and does not maintain user accounts. There are no forms that accept personal data; the only way to contact us is by e-mail at the address listed above.
3. Hosting
This website is hosted on servers operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. Hetzner processes technical connection data on our behalf under a Data Processing Agreement pursuant to Art. 28 GDPR. The legal basis for this processing is our legitimate interest in the secure and reliable provision of our website (Art. 6 para. 1 lit. f GDPR).
4. Server log files
When you access this website, our web server automatically collects and stores the following information in log files, which your browser transmits to us:
- the IP address of the requesting device
- the date and time of the request
- the URL that was requested and the HTTP status code returned
- the volume of data transferred
- the referrer (the page from which you arrived, if transmitted)
- the user agent (browser and operating-system information)
This data is processed to ensure trouble-free operation, to defend against attacks, and for error analysis. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest). This data is not merged with other data sources and is not passed to third parties. Log files are retained only for as long as necessary for the purposes described above; once that purpose ceases, they are deleted. In the absence of a concrete security incident, this retention period does not exceed what is technically needed to operate and maintain the service.
5. SSL / TLS encryption
For security reasons, this website uses SSL/TLS encryption on all connections. You can recognise an encrypted connection by the “https://” prefix in your browser's address bar and the lock icon. While encryption is active, the data you transmit to us cannot be read by third parties.
6. Contact by e-mail
If you contact us by e-mail, the details you provide (at minimum your e-mail address, plus any content you send) are processed for the purpose of handling your inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual or contractual communication) or Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to your inquiry). We delete this information as soon as the purpose of processing has been fulfilled, unless statutory retention obligations apply.
7. External links
This website contains links to external websites (for example to our GitHub organisation, to Discord, to the Steam store, and to reference documents such as c2pa.org). When you click such a link, you leave our area of responsibility. We have no control over how those third parties process your data. Their respective privacy policies apply.
8. No automated decision-making
We do not engage in automated decision-making (including profiling) within the meaning of Art. 22 GDPR.
9. Your rights
Under the GDPR you have, among others, the following rights with respect to personal data about you that we process:
- Right of access (Art. 15 GDPR) — to know what we hold about you
- Right to rectification (Art. 16 GDPR) — to have inaccurate data corrected
- Right to erasure (Art. 17 GDPR) — the “right to be forgotten”
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw a previously granted consent with effect for the future (Art. 7 para. 3 GDPR)
To exercise any of these rights, contact us at the e-mail address given in Section 1.
10. Right to lodge a complaint
You have the right to lodge a complaint with a data-protection supervisory authority about our processing of your personal data (Art. 77 GDPR). The competent authority for our company is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
www.datenschutz-berlin.de
11. International transfers
All personal data processed by us under this policy is processed exclusively on servers located within the European Union. No transfer of personal data to third countries outside the EU/EEA takes place.
12. Changes to this policy
This privacy policy is current as of the date shown below. As we further develop our website or in response to changes in law or regulatory guidance, it may become necessary to update this policy. The current version is always available on this page.
This privacy policy is provided in English because provcheck is an English-language service. Under Art. 12 GDPR, we may address data subjects in a language they understand; for our audience, that language is English.