JK3DA LogoJK3DA

Privacy Policy

Information according to GDPR

1. General Information

The protection of your personal data is of particular concern to me. I process your data exclusively on the basis of legal provisions (GDPR, TMG). In this privacy policy, I inform you about the most important aspects of data processing on my website.

2. Hosting

This website is hosted by STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. When you visit this website, STRATO automatically collects and stores server log files. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in the secure and efficient operation of the website).

3. Contact & Request Form

If you contact me via email or the request form, your provided data (email address, phone number if given, project description) will be stored for the purpose of processing your inquiry and for follow-up questions. The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures). Data will be deleted after six months unless a contractual relationship arises. I will not share this data without your consent.

4. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

This data is not combined with other data sources. I reserve the right to review this data retrospectively if specific indications of illegal use become known.

5. Instagram Feed

This website displays posts from my Instagram profile via the Instagram Graph API, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. When the Instagram feed is loaded, a connection to Meta's servers is established, which may transfer your IP address to Meta. The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in presenting current portfolio work). For more information, see Meta's privacy policy at https://privacycenter.instagram.com/policy.

6. Online Shop & Customer Accounts

When you create a customer account, I store your email address and a securely hashed password (no plain-text storage). Purchase history (product IDs, date, price paid) is stored to enable re-downloads. Legal basis: Art. 6 (1) lit. b GDPR.

Payment processing (Stripe): Payments are processed by Stripe Payments Europe, Ltd., Dublin, Ireland. Your payment data (card number, bank details) is transmitted directly to Stripe and is never stored on our servers. Stripe's privacy policy: stripe.com/privacy

Session cookie: After login, a session cookie is set (httpOnly, expires after 30 days) to keep you logged in. No tracking cookies are used.

Two-factor authentication (optional): If you enable 2FA, a TOTP secret is stored encrypted in our database. No third-party services are used for 2FA.

7. Newsletter

If you subscribe to our newsletter, your email address will be stored for sending purposes. Registration uses a double opt-in process: you receive a confirmation email and are only added after clicking the confirmation link. Legal basis: Art. 6 (1) lit. a GDPR (consent).

Email service provider: Newsletters are sent via Brevo (Sendinblue SAS), 55 rue d'Amsterdam, 75008 Paris, France. Your email address is transmitted to Brevo for this purpose. Privacy policy: brevo.com/legal/privacypolicy

You can unsubscribe at any time via the unsubscribe link in every email. Your data will be deleted immediately.

8. Analytics, Marketing & Tracking

Google Tag Manager: We use Google Tag Manager (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) as the technical container for the services below. The Tag Manager itself does not collect personal data. Tags only load after you give consent for the relevant category. We use Google Consent Mode v2: without your consent, all storage categories (analytics_storage, ad_storage, ad_user_data, ad_personalization, functionality_storage, personalization_storage) are set to “denied”, so no cookies are stored and no personal data is transmitted to Google.

Google Analytics 4 (analytics category): With your consent, GA4 collects anonymized data about page views, session duration, scroll depth, and origin. IP addresses are anonymized. Data may be transferred to Google LLC servers in the US; Google LLC is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6 (1) lit. a GDPR (consent). Privacy policy: policies.google.com/privacy

Google Ads & Conversion Tracking (marketing category): If you consent to the marketing category, tags for Google Ads are activated. They measure whether a visit came from one of our ads and whether subsequent actions (inquiry, purchase) occur. Personalised advertising and remarketing may also be enabled. Provider: Google Ireland Limited. You can revoke this consent at any time via the cookie banner (footer link “Cookies”).

Umami Analytics (analytics category): Self-hosted, privacy-friendly open-source web analytics on our own server (analytics.jk3da.com). Umami does not store cookies, collects no personal data, and transfers no data to third parties. Only anonymous usage statistics are recorded. Activation happens only with your consent to the analytics category.

Microsoft Clarity (analytics category): With your consent, Microsoft Clarity records anonymized session replays and generates click/scroll heatmaps to help us identify usability issues. Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Data may be transferred to Microsoft Corporation servers in the US; Microsoft Corporation is certified under the EU-US Data Privacy Framework. Sensitive form inputs are automatically masked. Legal basis: Art. 6 (1) lit. a GDPR (consent). Privacy policy: privacy.microsoft.com/privacystatement

Your consent: Your selection is stored locally in your browser (localStorage key cookie_consent_v2). Before consent, no tracking occurs — enforced via Consent Mode v2. You can change your selection any time via the link in the footer.

9. Your Rights

  • Information about your stored data
  • Correction of incorrect data
  • Deletion of your data (if no legal retention obligation exists)
  • Restriction of data processing
  • Data portability
  • Objection to the processing of your data

Complaints authority in Hesse: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden – https://datenschutz.hessen.de

10. Responsible Party

Jonas Kircher
Rathausstraße 88
65203 Wiesbaden
E-Mail: kontakt@jk3da.com
VAT-ID: DE445604246