System administrator for Linux and Windows environments. Automation of complex IT processes with Ansible and Puppet, management of server infrastructures such as virtualization, web servers, firewalls, proxies, etc. Full-stack web developer with HTML, S/CSS, JavaScript, TypeScript, PHP and Python, MariaDB and PostgreSQL; including API solutions.
This privacy policy informs you about the type, scope and purpose of the collection and use of personal data by the website operator. The legal basis for the processing of personal data is the General Data Protection Regulation (GDPR) in conjunction with the German Federal Data Protection Act (BDSG) and the German Digital Services Act (DDG).
Dear Reader,
You are welcome to waste fifteen minutes of your precious life reading this privacy policy in full, or you can simply skim it and pick out the key points.
With this privacy policy, I am required to inform you about what types of your personal data I process, for what purposes and to what extent. This obligation arises from the current German and European data protection laws and regulations, in particular from the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This privacy policy applies to all processing of personal data carried out by me on my website, to all communication and storage means I use, and to my external online presences such as social media profiles, software forges and package registries.
In this privacy policy, I use the generic masculine and deliberately refrain from gender-specific forms. All personal designations apply equally to all genders.
Michel Abele
Dahlenwarsleber Str. 4
OT Hohenwarsleben
39326 Hohe Börde
Germany
Email: kontakt@michel-abele.de
Phone: +49 (0) 39 204 - 738 863
The following overview shows what data I process, why I process it and who is affected.
Below you will find an overview of the legal bases from the GDPR on which I rely for the processing of your data. In addition to the GDPR, national data protection laws may apply in your or my country. If in special cases other legal bases are relevant, I will inform you at the appropriate point.
National data protection regulations in Germany: In addition to the GDPR, the German Federal Data Protection Act (BDSG) applies in Germany. It additionally regulates your rights to access and deletion, your right to object, and the handling of special categories of data and automated decisions. Depending on the federal state, further state data protection laws may apply.
Applicable legal bases under the Swiss Data Protection Act: If you are located in Switzerland, I process your data on the basis of the Swiss Data Protection Act (DSG since September 1, 2023). This also applies if my data processing affects you in Switzerland. Unlike the GDPR, the Swiss DSG does not require a specific legal basis for the processing of personal data. I only process personal data if this is done lawfully, in good faith and proportionately (Art. 6(1) and (2) of the Swiss DSG). Furthermore, personal data is only collected for specific and recognizable purposes and only processed in a manner compatible with those purposes (Art. 6(3) of the Swiss DSG).
Note on the applicability of the GDPR and Swiss DSG: This privacy policy applies under both the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR). For better comprehensibility, I consistently use the terminology of the GDPR. This means: I write "processing" instead of "handling," "personal data" instead of "personal information," "legitimate interest" instead of "overriding interest" and "special categories of data" instead of "particularly sensitive personal data." When the Swiss DSG applies, the terms nevertheless retain their meaning under Swiss law.
I take appropriate technical and organizational measures to protect your data. In doing so, I consider the legal requirements, the state of the art, the costs, the nature of the data processing and the potential risks to your rights and freedoms. I adapt the protective measures to the respective risk.
Protective measures include: Ensuring the confidentiality, integrity and availability of your data through access controls, both physical and electronic. I also control who accesses, enters, transmits and backs up the data.
I have established procedures to enable you to exercise your rights, to ensure data deletion and to respond to data protection risks. Even when selecting hardware, software and procedures, I pay attention to data protection by design and privacy-friendly default settings.
IP address truncation: When I process IP addresses and the full address is not necessary, I truncate it (also called "IP masking"). The last digits of the IP address are removed or replaced with placeholders. This makes it significantly harder to identify you based on your IP address.
Currently, I use a standard recommended by the BSI on all my servers, where the last octet (IPv4) or the last 80 bits (IPv6) are set to zero.
| Services | Server Types | Masked | Reason |
|---|---|---|---|
| Nginx Access Logs | Web, Mail | Yes | Pure access logs |
| HAProxy Logs | Gateway | Yes | Pure access logs |
| HAProxy X-Forwarded-For | Gateway → Backends | Yes | IP is forwarded to all backends |
| Postfix, Dovecot, Rspamd | No | SPF, DNSBL, spam scoring require real IPs | |
| CrowdSec (Stand-alone) | All | No | Requires real IPs for threat detection |
| BIND | No | No | Query logging is already disabled |
| SSH | All | No | Legitimate interest (security) |
Securing online connections through TLS encryption (HTTPS): I protect your data during transmission through TLS encryption. This technology encrypts all information between your browser and my website so that no one can eavesdrop. Unencrypted HTTP traffic is automatically redirected to the secure HTTPS connection. Access with older, insecure encryption versions, particularly via SSL, is not possible, these are automatically blocked. You can recognize the secure connection by the "https://" in your browser's address bar, which shows you that your data is being transmitted in encrypted form.
Currently, only TLSv1.2 and TLSv1.3 are permitted on all servers, this follows current best practice standards. ACME paths (Let's Encrypt) are excluded from the HTTP-HTTPS redirect, as they are only needed for certificate issuance and do not affect visitor traffic.
In the course of my data processing, I sometimes pass on personal data to other entities, companies or persons. These may include, for example, IT service providers or providers of services that I use for my website. In doing so, I comply with the legal requirements and enter into contracts with these recipients that are intended to ensure the protection of your data.
Data processing in third countries: When I process data outside the EU or EEA (recognizable by the provider's address or when I explicitly mention it here), I comply with the legal requirements.
Data transfer to the USA: For the USA, I use two levels of protection:
If something changes with the DPF, the contractual clauses continue to apply. This way your data remains protected even in the event of legal changes.
For each service provider, I inform you whether they are DPF-certified and whether standard contractual clauses are in place. The list of all DPF-certified companies can be found at: dataprivacyframework.gov.
Swiss data protection: Under Swiss DSG, I only transfer data abroad if adequate protection exists there. The Swiss list of recognized countries can be found at: bj.admin.ch.
Other third countries: For other countries, I use standard contractual clauses, obtain your consent or only transfer when legally required. Information on EU adequacy decisions: commission.europa.eu.
I delete your personal data in accordance with legal requirements as soon as you revoke your consent or no other legal basis exists. This also applies when the original purpose ceases to apply or I no longer need the data.
Exceptions: I retain data longer if legal obligations require this or I need them for legal enforcement or to protect the rights of other persons.
Your rights under the GDPR: As an affected person, you have the following rights (Art. 15 to 21 GDPR):
Your rights under the Swiss DSG:
I process user data to provide my website. This includes your IP address, which is technically necessary to display the content to you.
What data I process:
Purpose: Provision of the website, user-friendliness, IT security and infrastructure.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Server logfiles: All accesses are automatically logged: pages accessed, time, data volume, browser, operating system, previous page (referrer) and IP address. These logs are used for security (e.g. against DDoS attacks) and server stability. The logs are deleted after 30 days, unless they are needed for evidentiary purposes.
Due to load balancing and fallback mechanisms, delivery can switch between the providers listed below at any time to ensure optimal availability.
Hetzner (Germany)
To provide my website, I use various storage technologies that store or read data on your device. I use them for functionality, security and convenience of my website as well as for analyzing visitor traffic. In detail, the following technologies are used:
Cookies are small text files stored by your browser on your device. They are automatically sent to the server with each page request.
Types by storage duration:
Web Storage enables data to be stored directly in the browser. Unlike cookies, this data is not automatically sent to the server.
IndexedDB is a client-side database in the browser that can store larger and structured amounts of data. The data remains locally on your device and is not automatically sent to the server. It remains permanently stored until deleted by the website or by you manually.
Via the Cache API, resources such as HTML pages, stylesheets, scripts and images can be cached in the browser to improve loading times and enable offline use. Service workers are background processes in the browser that, among other things, manage these caches.
Legal basis: I only use these storage technologies with your consent or when they are technically necessary (legitimate interests). Technically necessary storage includes storage for functions you have requested, saved settings or website security.
Processed data: Technical data such as IP addresses, timestamps and identification numbers.
Legal bases:
I use a self-developed consent management system to obtain, store and manage your consent for the use of cookies and other storage technologies. You can change or revoke your consent at any time. I store your consent decision for a maximum of two years so as not to have to ask you again with every visit and to be able to provide the legally required proof. Storage is done server-side and/or in a cookie.
Legal basis:
Currently, none of these storage methods are used on this website.
I process user data of my apps only insofar as necessary to provide the app functions, ensure security and further develop the apps. Contact with users is only made when required for administration or use of the app.
Legal bases:
Processed data:
Device permissions: My apps may require access to device functions (camera, location, etc.). You must actively grant these permissions and can revoke them at any time in your device settings. Without the necessary permissions, some app features may not function.
Camera access: If the app uses camera functions, photos/videos are only processed for the respective app function. Access requires your permission, which you can revoke at any time.
Location data: For apps with location functions, GPS data is only used for the specific function. I do not create movement profiles or location histories. Access requires your permission, which you can revoke at any time.
When you download my applications, scripts or code libraries via app stores, package registries, software forges or other platforms, their privacy policies additionally apply. The platforms collect their own data for reach measurement, advertising and possible payments.
Processed data:
Purpose: Provision of software and customer service.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Codeberg (Germany)
GitLab (USA)
GitHub (USA, Netherlands)
Ansible Galaxy (USA)
When you contact me (by mail, email, phone or social media), I process your information to answer your inquiry.
Processed data:
Purpose: Answering your inquiry and communication.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Deletion: See section General Information on Data Storage and Deletion.
Deutsche Post (Germany)
fonial (EnBW, Germany)
Telekom (Germany)
I use messenger services for communication. You can also contact me by phone or email.
End-to-end encryption. With encrypted messengers, no one – not even the provider – can read your messages. Please always use the latest version with encryption enabled.
Metadata: Even with encrypted messages, the messenger providers can see when you communicate with me, what device you use and possibly your location.
Legal bases:
I do not share your contact data with messenger services without your consent.
Revocation and deletion: You can object at any time. I delete messages according to my general deletion policies or when the conversation is concluded and no retention obligations exist.
Security notice: For confidential matters, I reserve the right to refer to more secure communication channels.
Processed data: Contact data, message content, metadata (timestamp, device, possibly location)
Signal (USA)
Telegram (Dubai, EU representative)
WhatsApp (Meta, USA, Ireland)
LinkedIn (USA, Ireland)
Instagram (Meta, USA, Ireland)
Facebook (Meta, USA, Ireland)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use AI systems that may process personal data under certain circumstances. AI here means: software that independently generates results such as texts, recommendations or decisions from inputs.
Principles for AI use:
External AI providers: When I use external AI services, I carefully select the providers and ensure that they comply with data protection regulations. I review this regularly.
Potentially processed data:
Protective measures: If personal data is processed, I implement technical and organizational measures for its protection.
Legal basis:
Deletion: See section General Information on Data Storage and Deletion.
Claude (Anthropic, USA)
DeepL (Germany)
Gemini (Google, USA, Ireland)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use external platforms for video and audio conferences as well as online meetings.
This section does not apply if you contact me using your provider, e.g. via an invitation link.
Data processed by the platforms:
The platforms encrypt communication to the extent technically possible.
Recordings: If meetings are recorded, I will inform you in advance and obtain your consent if necessary.
Tips for participants:
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Discord (USA)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use internet-based software services (cloud services) for storing and managing documents as well as for exchanging content.
Processed data:
Cookies with public forms: When I provide public forms or documents via cloud services, the providers may set cookies for web analytics or to save settings.
Affected persons: Prospects, communication and business partners
Purpose: Office organization and IT infrastructure
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Deletion: See section General Information on Data Storage and Deletion.
Nextcloud at Hetzner (Germany)
I analyze the usage of my website to understand when which areas are visited and what should be optimized. I create pseudonymous user profiles without real names.
What is collected:
Data protection:
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Digital badges are electronic certificates that confirm skills, achievements and interests. They contain an image or digital certificate with information about the recipient, issuer and the acquired qualification.
Processed data for personalized badges:
Affected persons: Badge recipients, users, business partners
Purpose: Certification, marketing, public relations
Cookies: If cookies are needed for badges, I will obtain your consent in advance.
Legal bases:
Deletion: After cancellation or according to general deletion periods.
Embedding of digital badges: I embed badges from external providers in my website. These are loaded in real-time from the badge providers' servers so that the current status is always displayed.
In doing so, your browser transmits technical data to the badge provider:
The badge provider thereby learns that you have visited my website.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
I am active in social networks to communicate and share information there.
Important notes:
Your rights: For information and data protection rights, it is best to contact the respective platform directly – only they have full access to your data. I am happy to assist you if needed.
Details on data processing and objection options can be found in the privacy policies of the respective networks.
Processed data: Contact data, content (posts, messages), usage behavior
Purpose: Communication, feedback, public relations
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Instagram (Meta, USA, Ireland)
Facebook (Meta/USA/Ireland)
Meta attempts through externalization to partially shift the data protection responsibility for the processing of personal data onto page operators. I point out that I have no influence whatsoever on Meta's mechanisms and therefore cannot accept any responsibility for them.
This construct has been viewed critically by the ECJ. Meta exploits a legal gray area here to avoid being solely liable for data protection violations.
LinkedIn (USA/Ireland)
Legal basis for all: Legitimate interests (Art. 6(1)(f) GDPR)
Important: Further data processing after collection lies solely with the platforms, including transfer to the USA.
I embed external content such as graphics, videos or maps from third-party providers into my website.
Technically necessary data transmission: In order for this content to be displayed, your IP address must be transmitted to the respective providers – without an IP address, no delivery of content.
Further possible data processing by third-party providers:
Processed data: IP addresses, usage behavior, technical data, possibly location data
Purpose: Display of content, user-friendliness, marketing
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Integration of third-party software: I use external software libraries (e.g. jQuery) for functions and better user-friendliness. The providers of this software receive your IP address for technical delivery and may also use it for security purposes as well as to optimize their services.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Google Fonts (Google, USA, Ireland)
Google Fonts are generally loaded exclusively from the own server. For testing purposes, fonts may also be embedded directly from Google Fonts for a limited time.
Google Fonts (local): Fonts on my own server, no data transfer to Google.
Bulma (via jsDelivr) (England, Poland)
Bulma is generally loaded exclusively from the own server. For testing purposes, elements may also be embedded directly from Bulma (jsDelivr) for a limited time.
Bulma (local): Framework for responsive web design, on my own server, no external data transfer.
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
In the initiation and during an employment relationship, particularly during remote employment, I process personal data for:
Processed data:
Purpose:
Legal bases:
Deletion: After statutory retention periods
As an applicant: For applications, I collect the following data:
Retention: Application documents are deleted no later than 3-6 months after rejection (Section 26 BDSG, Section 15 AGG).
As an employee: I process your data for:
Data sources:
Data disclosure only to:
Publication: Your data will only be published if this is necessary for a specific purpose (e.g. as a reference on my website).
Third countries: Data transfer outside EU/EEA only with your consent or when legally required.
Retention: According to statutory retention periods
Legal bases:
Please regularly check for updates to this privacy policy. I adapt it when my data processing changes.
If changes require your consent or notification, I will inform you directly.
Note on contact data: The current contact data of the mentioned service providers can be found on their respective websites.
Last updated: 02/25/2026