System administrator for Linux and Windows environments. Automation of complex IT processes with Ansible and Puppet, management of server infrastructures such as virtualizations, web servers, firewalls, proxies, etc. Full-stack web developer with HTML, S/CSS, JavaScript, TypeScript, PHP and Python, MariaDB and PostgreSQL; including API solutions.
This privacy policy informs you about the nature, scope and purpose of the collection and use of personal data by the website operator. The legal basis for the processing of personal data is the General Data Protection Regulation (GDPR) in conjunction with the German Federal Data Protection Act (BDSG) and the German Digital Services Act (DDG).
Dear reader,
With this privacy policy, I am obligated to inform you about what types of your personal data I process, for what purposes and to what extent. This obligation arises from current German and European data protection laws and regulations, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
This privacy policy applies to all processing of personal data carried out by me on my website, for all communication and storage means I use, as well as for my external online presences such as social media profiles, software forges and package registries.
In this privacy policy, I use the generic masculine and deliberately refrain from gender-specific forms. All personal designations apply equally to all genders.
Michel Abele
Dahlenwarsleber Str. 4
OT Hohenwarsleben
39326 Hohe Börde
Germany
Email: kontakt@michel-abele.de
Phone: +49 (0) 39 204 - 738 863
The following overview shows which data I process, why I process it and who is affected.
Below you will find an overview of the legal bases from the GDPR on which I rely when processing your data. In addition to the GDPR, national data protection laws may apply in your or my country. If other legal bases are relevant in specific cases, I will inform you at the appropriate place.
National data protection regulations in Germany: In addition to the GDPR, the German Federal Data Protection Act (BDSG) applies in Germany. It additionally regulates your rights to information and deletion, your right to object, as well as the handling of special data categories and automated decisions. Depending on the federal state, additional state data protection laws may apply.
Applicable legal bases under Swiss data protection law: If you are in Switzerland, I process your data on the basis of the Swiss Data Protection Act (DSG since September 1, 2023). This also applies if my data processing affects you in Switzerland. Unlike the GDPR, the Swiss DSG does not require a specific legal basis for processing personal data. I process personal data only if this is lawful, carried out in good faith and proportionate (Art. 6(1) and (2) Swiss DSG). Furthermore, personal data is collected only for specific purposes that are recognizable to you and processed only in a manner compatible with those purposes (Art. 6(3) Swiss DSG).
Note on applicability of GDPR and Swiss DSG: This privacy policy applies under both the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR). For better readability, I consistently use GDPR terminology throughout. This means: I write "processing" instead of "handling," "personal data" instead of "personal information," "legitimate interest" instead of "overriding interest," and "special categories of data" instead of "particularly sensitive personal data." When the Swiss DSG applies, the terms retain their meaning under Swiss law.
I take appropriate technical and organizational measures to protect your data. In doing so, I consider the legal requirements, the state of the art, the costs, the nature of the data processing and the possible risks to your rights and freedoms. I adapt the protective measures to the respective risk.
Protective measures include: Ensuring the confidentiality, integrity and availability of your data through access controls, both physical and electronic. I also control who accesses, enters, transfers and backs up the data.
I have established procedures to enable you to exercise your rights, to delete data and to respond to data protection risks. Already when selecting hardware, software and procedures, I consider data protection by design and privacy-friendly default settings.
IP address truncation: When I process IP addresses and the full address is not necessary, I truncate them (also known as "IP masking"). The last digits of the IP address are removed or replaced by placeholders. This makes it significantly harder to identify you based on your IP address.
Currently, I use a standard recommended by the BSI (German Federal Office for Information Security) on all my servers, whereby the last octet (IPv4) or the last 80 bits (IPv6) are set to zero.
| Services | Server Types | Masked | Reason |
|---|---|---|---|
| Nginx Access Logs | Web, Mail | Yes | Pure access logs |
| HAProxy Logs | Proxy | Yes | Pure access logs |
| HAProxy X-Forwarded-For | Proxy → Backends | Yes | IP is forwarded to all backends |
| Postfix, Dovecot, Rspamd | No | SPF, DNSBL, spam scoring require real IPs | |
| CrowdSec (stand-alone) | All | No | Requires real IPs for threat detection |
| BIND | DNS | No | Query logging is already disabled |
| SSH | All | No | Legitimate interest (security) |
Securing online connections through TLS encryption (HTTPS): I protect your data during transmission through TLS encryption. This technology encrypts all information between your browser and my website so that no one can read along. Unencrypted HTTP traffic is automatically redirected to the secure HTTPS connection. Access with older, insecure encryption versions, particularly via SSL, is not possible — these are automatically blocked. You can recognize the secure connection by the "https://" in your browser's address bar, indicating that your data is being transmitted in encrypted form.
Currently, only TLSv1.2 and TLSv1.3 are permitted on all servers; this follows current best-practice standards. ACME paths (Let's Encrypt) are excluded from the HTTP-HTTPS redirect, as they are only needed for certificate issuance and do not affect visitor traffic.
In the course of my data processing, I sometimes transfer personal data to other entities, companies or persons. These may be, for example, IT service providers or providers of services that I use for my website. In doing so, I comply with legal requirements and enter into contracts with these recipients to ensure the protection of your data.
Data processing in third countries: When I process data outside the EU or EEA (recognizable by the provider's address or when I explicitly mention it here), I comply with the legal requirements.
Data transfer to the USA: For the USA, I use two levels of protection:
If anything changes with the DPF, the contractual clauses continue to apply. This way, your data remains protected even in the event of legal changes.
For each service provider, I inform you whether they are DPF-certified and whether standard contractual clauses are in place. The list of all DPF-certified companies can be found at: dataprivacyframework.gov.
Swiss data protection: Under Swiss DSG, I only transfer data abroad if adequate protection exists there. The Swiss list of recognized countries can be found at: bj.admin.ch.
Other third countries: For other countries, I use standard contractual clauses, obtain your consent or only transfer data when legally required. Information on EU adequacy decisions: commission.europa.eu.
I delete your personal data in accordance with legal requirements once you withdraw your consent or no other legal basis exists. This also applies when the original purpose ceases or I no longer need the data.
Exceptions: I retain data longer when legal obligations require it or I need them for legal proceedings or to protect the rights of other persons.
Your rights under the GDPR: As an affected person, you have the following rights (Art. 15 to 21 GDPR):
Your rights under the Swiss DSG:
I process user data to provide my website. This includes your IP address, which is technically necessary to display the content to you.
What data I process:
Purpose: Provision of the website, user-friendliness, IT security and infrastructure.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Server log files: All accesses are automatically logged: pages accessed, time, data volume, browser, operating system, previous page (referrer) and IP address. I use these logs for security (e.g., against DDoS attacks) and server stability. The logs are deleted after 30 days, unless they are needed for evidentiary purposes.
Due to load balancing and fallback mechanisms, delivery can switch at any time between the providers listed below to ensure optimal availability.
Hetzner (Germany)
To provide my website, I use various storage technologies that store or read data on your device. I use them for functionality, security and convenience of my website, as well as for analyzing visitor flows. In detail, the following technologies are used:
Cookies are small text files stored by your browser on your device. They are automatically transmitted to the server with each page request.
Types by storage duration:
Web Storage enables data to be stored directly in the browser. Unlike cookies, this data is not automatically transmitted to the server.
IndexedDB is a client-side database in the browser that can store larger and structured amounts of data. The data remains locally on your device and is not automatically transmitted to the server. It remains permanently stored until deleted by the website or manually by you.
Via the Cache API, resources such as HTML pages, stylesheets, scripts and images can be cached in the browser to improve loading times and enable offline use. Service workers are background processes in the browser that, among other things, manage these caches.
Legal basis: I use these storage technologies only with your consent or when they are technically necessary (legitimate interests). Technically necessary storage includes storage for functions you have requested, saved settings or the security of the website.
Processed data: Technical data such as IP addresses, timestamps and identification numbers.
Legal bases:
I use a self-developed consent management system to obtain, store and manage your consent for the use of cookies and other storage technologies. You can change or withdraw your consent at any time. I store your consent decision for a maximum of two years so that I do not have to ask you again with each visit and can provide the legally required evidence. Storage is done server-side and/or in a cookie.
Legal basis:
Currently, none of these storage methods are used on this website.
I process user data of my apps only to the extent necessary to provide the app functions, ensure security and further develop the apps. Contact with users is only made when required for the administration or use of the app.
Legal bases:
Processed data:
Device permissions: My apps may require access to device functions (camera, location, etc.). You must actively grant these permissions and can revoke them at any time in your device settings. Without the necessary permissions, some app features may not work.
Camera access: If the app uses camera functions, photos/videos are processed only for the respective app function. Access requires your permission, which you can revoke at any time.
Location data: For apps with location features, GPS data is used only for the specific function. I do not create movement profiles or location histories. Access requires your permission, which you can revoke at any time.
When you download my applications, scripts or code libraries via app stores, package registries, software forges or other platforms, the respective platform's privacy policies also apply. The platforms collect their own data for reach measurement, advertising and any payments.
Processed data:
Purpose: Provision of the software and customer service.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Codeberg (Germany)
GitLab (USA)
GitHub (USA, Netherlands)
Ansible Galaxy (USA)
When you contact me (by mail, email, phone or social media), I process your information to answer your inquiry.
Processed data:
Purpose: Answering your inquiry and communication.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Deletion: See section General Information on Data Storage and Deletion.
Deutsche Post (Germany)
fonial (EnBW, Germany)
Telekom (Germany)
I use messenger services for communication. You can also contact me by phone or email.
End-to-end encryption. With encrypted messengers, no one — not even the provider — can read your messages. Please always use the latest version with encryption enabled.
Metadata: Even with encrypted messages, the messenger providers can see when you communicate with me, what device you use and possibly your location.
Legal bases:
I do not share your contact data with messenger services without your consent.
Withdrawal and deletion: You can object at any time. I delete messages in accordance with my general deletion policies or when the conversation is concluded and no retention obligations exist.
Security note: For confidential matters, I reserve the right to refer to more secure communication channels.
Processed data: Contact data, message content, metadata (timestamp, device, possibly location)
Signal (USA)
Telegram (Dubai, EU representative)
WhatsApp (Meta, USA, Ireland)
LinkedIn (USA, Ireland)
Instagram (Meta, USA, Ireland)
Facebook (Meta, USA, Ireland)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use AI systems that may process personal data. AI here means: software that autonomously generates results such as texts, recommendations or decisions from inputs.
Principles of AI use:
External AI providers: When I use external AI services, I carefully select providers and ensure that they comply with data protection regulations. I review this regularly.
Data that may be processed:
Protective measures: If personal data is processed, I implement technical and organizational measures to protect it.
Legal basis:
Deletion: See section General Information on Data Storage and Deletion.
Claude (Anthropic, USA)
DeepL (Germany)
Gemini (Google, USA, Ireland)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use external platforms for video and audio conferences as well as online meetings.
This section does not apply when you contact me using your own provider, e.g., via an invitation link.
Data processed by the platforms:
The platforms encrypt communication to the extent technically possible.
Recordings: If meetings are recorded, I will inform you beforehand and obtain your consent if necessary.
Tips for participants:
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Discord (USA)
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
I use internet-based software services (cloud services) for the storage and management of documents as well as for the exchange of content.
Processed data:
Cookies with public forms: When I provide public forms or documents via cloud services, the providers may set cookies for web analytics or to save settings.
Affected persons: Prospects, communication and business partners
Purpose: Office organization and IT infrastructure
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Deletion: See section General Information on Data Storage and Deletion.
Nextcloud at Hetzner (Germany)
I analyze the usage of my website to understand when which areas are visited and what should be optimized. In doing so, I create pseudonymous user profiles without real names.
What is collected:
Data protection:
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Digital badges are electronic certificates that confirm skills, achievements and interests. They contain an image or digital certificate with information about the recipient, issuer and the acquired qualification.
Data processed for personalized badges:
Affected persons: Badge recipients, users, business partners
Purpose: Certification, marketing, public relations
Cookies: If cookies are needed for badges, I will obtain your consent beforehand.
Legal bases:
Deletion: After termination or according to general deletion deadlines.
Embedding of digital badges: I embed badges from external providers into my website. These are loaded in real-time from the badge providers' servers so that the current status is always displayed.
In doing so, your browser transmits technical data to the badge provider:
The badge provider thereby learns that you have visited my website.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
I am active in social networks to communicate and share information there.
Important notes:
Your rights: For information and data protection rights, it is best to contact the respective platform directly — only they have full access to your data. If needed, I am happy to assist you.
Details on data processing and objection options can be found in the privacy policies of the respective networks.
Processed data: Contact data, content (posts, messages), usage behavior
Purpose: Communication, feedback, public relations
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Instagram (Meta, USA, Ireland)
Facebook (Meta/USA/Ireland)
Meta attempts to partially shift the data protection responsibility for the processing of personal data to page operators through externalization. I point out that I have no influence whatsoever on Meta's mechanisms and therefore cannot assume any responsibility for them.
This construct has been viewed critically by the ECJ. Meta exploits a legal gray area here to avoid being solely liable for data protection violations.
LinkedIn (USA/Ireland)
Legal basis for all: Legitimate interests (Art. 6(1)(f) GDPR)
Important: Further data processing after collection lies solely with the platforms, including the transfer to the USA.
I embed external content such as graphics, videos or maps from third-party providers into my website.
Technically necessary data transfer: In order for this content to be displayed, your IP address must be transmitted to the respective providers — without an IP address, no delivery of the content.
Further possible data processing by third-party providers:
Processed data: IP addresses, usage behavior, technical data, possibly location data
Purpose: Display of content, user-friendliness, marketing
Legal bases:
Deletion: See section General Information on Data Storage and Deletion.
Integration of third-party software: I use external software libraries (e.g., jQuery) for functionality and better user-friendliness. The providers of this software receive your IP address for technical delivery and may also use it for security purposes and to optimize their services.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Google Fonts (Google, USA, Ireland)
Google Fonts are generally loaded exclusively from our own server. For testing purposes, fonts may also be temporarily embedded directly from Google Fonts.
Google Fonts (local): Fonts on my own server, no data transfer to Google.
Bulma (via jsDelivr) (England, Poland)
Bulma is generally loaded exclusively from our own server. For testing purposes, elements may also be temporarily embedded directly from Bulma (jsDelivr).
Bulma (local): Framework for responsive web design, on my own server, no external data transfer.
Legal basis for all services: Legitimate interests (Art. 6(1)(f) GDPR)
In the context of my freelance work, I process personal data of my clients and business partners for:
Processed data:
Purpose:
Legal bases:
Deletion: After expiration of the statutory retention periods (typically 10 years pursuant to § 147 AO, § 257 HGB)
Contract initiation: For inquiries and proposals, I collect the following data:
Retention: Data from contracts that did not materialize is deleted no later than 6 months after rejection, unless a statutory retention obligation exists.
Ongoing contracts: During project execution, I process data for:
Data sources:
Data sharing only with:
Publication: References and project examples are only published with the express consent of the client.
Third countries: Data transfer outside the EU/EEA only with your consent or when legally required.
Retention: According to statutory retention periods
Legal bases:
Please check regularly for updates to this privacy policy. I will adjust it when my data processing changes.
If changes require your consent or a notification, I will inform you directly.
Note on contact data: The current contact data of the service providers mentioned can be found on their respective websites.
Last updated: 02/26/2026