Dear Visitor to our Website,

The following privacy policy applies to the use of our online offering www.mikes-photoblog.com (hereinafter "Website"). We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you the use of the aforementioned Website. This statement describes how and for what purpose your data is collected and used, and what choices you have in connection with personal data.

By using this Website, you consent to the collection, use, and transfer of your data in accordance with this privacy policy.

1 Controller

The controller responsible for the collection, processing, and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

Michael Rhein Erzbergstr. 58 64658 Fürth Germany Email: mail@michael-rhein.de Phone: +49 151 2267 5830

If you wish to object to the collection, processing, or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the controller.

2 General Use of the Website

2.1 Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating the Website. In this context, we or our hosting provider process access data, content data, usage data, meta and communication data of users of the Website on the basis of our legitimate interests in an efficient and secure provision of this online offering pursuant to Art. 6 para. 1 sentence 1 f) GDPR in conjunction with Art. 28 GDPR.

The Website is hosted by Squarespace, Inc. Squarespace, Inc. is a US-based company located at 225 Varick Street, 12th Floor, New York, NY 10014, USA. Squarespace provides a platform for creating and hosting websites, including integrated tools for design, content, and analytics. For more information on data protection at Squarespace, please refer to their privacy policy: Squarespace Privacy Policy. Squarespace processes data on behalf of the website operator and ensures that the processing is GDPR-compliant, including through a Data Processing Addendum (DPA) that includes standard contractual clauses or other appropriate safeguards for data transfers to third countries.

2.2 Access Data and Embedded Content

The Website www.mikes-photoblog.com serves to provide a purely private, non-commercial photo blog. When visiting our Website, data about your usage behavior and your interaction with us is collected, which is automatically transmitted from your browser to our server. This data is necessary so that you can view our Website and navigate on it. The legal basis for the collection of the data is Art. 6 para. 1 f) EU General Data Protection Regulation.

In detail, the following data is collected when visiting our Website:

• Name and URL of the retrieved file

• Date and time of the retrieval

• Amount of data transferred

• Message about successful retrieval (HTTP response code)

• Browser type and browser version

• Operating system

• Referer URL (i.e., the previously visited page, if this links to the Website www.mikes-photoblog.com)

• Websites accessed by the user's system via our Website

• IP address

This data in the form used (web server log files) cannot be assigned to specific natural persons. We use this log data without assignment to your person or other profiling for statistical evaluations and for the purpose of operating, securing, and optimizing our Website, but also for the anonymous recording of the number of visitors to our Website (traffic) as well as the extent and type of use of our Website and services. No personalization or merging of this data with other data sources takes place. This also constitutes our legitimate interest pursuant to Art. 6 para. 1 sentence 1 f) GDPR.

We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence (e.g., in the event of a hacker attack on our Website). We store IP addresses for a limited period in the log files if this is necessary for security purposes.

This data is deleted regularly when it is no longer required.

Embedded Content from Third-Party Providers Embedded content from third-party providers such as Komoot, YouTube, Google Maps, and MyRouteApp may be displayed on our Website. This content is only loaded if you expressly consent to the use of cookies, the embedding of third-party providers, and our privacy policy via our cookie consent tool ("opt-in" mode pursuant to Art. 6 para. 1 a) GDPR). If you consent, this content will also be displayed for non-logged-in users, which leads to the automatic transmission of the following data to the respective providers:

• IP address

• Browser type and browser version

• Operating system

• Referer URL

• Other data disclosed by the browser (e.g., screen resolution)

This data transmission occurs regardless of whether you have a user account with the respective providers or are logged in. The providers may process this data in accordance with their own privacy policies. For more information, please refer to the privacy policies of the providers:

• Komoot Privacy Policy

• Google (YouTube/Google Maps) Privacy Policy

• MyRouteApp Privacy Policy

Without your consent, this content will not be loaded, and no data will be transmitted to the third-party providers. Further details on cookie consent can be found in sections 2.3 and 2.5.

Additionally, social media links for sharing on X, Facebook, and LinkedIn as well as via email are offered after each blog post. Clicking on these links calls up the services of the respective providers, assuming your consent pursuant to Art. 6 para. 1 a) GDPR.

2.3 Cookies

In addition to this data, we also use cookies on our Website. These are small text files that are stored on your computer (in your browser) after visiting our Website. If you visit our Website again afterward, the browser you use will send the information stored in the cookie to our Website and can, for example, facilitate navigation by adopting presets. Cookies are not viruses and cannot install malware on the computer. They are just short texts exchanged between web server and browser.

In the default settings, the Website uses only technically necessary cookies for the operation of the Website. These include transient cookies (temporary cookies), which are stored only for the duration of your browser usage. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to the Website. As soon as you close the browser, these cookies are automatically deleted.

Persistent cookies (time-limited cookies) are only used for certain functions via opt-in. These differ from transient cookies only in that they are not automatically deleted when the browser is closed, but only after a preset time.

The following functions can be activated via opt-in, which require persistent cookies:

1. Analysis / Statistics: The use of Squarespace's own traffic analysis. This integrated function from Squarespace captures anonymized data on visitor numbers, page views, sources of origin (e.g., search engines or referrers), device types, geographical locations (at country level), and usage behavior (e.g., dwell time on pages). The data is used to optimize the Website and is not passed on to third parties. The analysis is based on Art. 6 para. 1 a) GDPR (consent) and is deactivated by default.

2. Comment Function for Blog Posts: The use of Squarespace's own comment function for blog posts. This allows visitors to leave comments, whereby personal data such as name, email address, and IP address are collected to prevent spam and enable moderation. The function is deactivated by default and is only activated via opt-in (Art. 6 para. 1 a) GDPR).

Both functions are deactivated by default. The cookie settings can be adjusted or revoked at any time by clicking on the cookie consent button in the lower left corner of the screen.

In principle, you can configure the settings of your browser so that cookies are not accepted or stored at all or only to a limited extent. However, if you make use of this option, there may be restrictions on the usability of our Website.

Our legitimate interest in the use of technically necessary cookies pursuant to Art. 6 para. 1 sentence 1 f) GDPR is to make our Website more user-friendly, effective, and easier to use.

2.4 Email Contact

If you contact us via email, we store your details for processing the inquiry and in case follow-up questions arise. This also constitutes our legitimate interest pursuant to Art. 6 para. 1 sentence 1 f) GDPR. There is no contact form on the Website.

We only store and use further personal data if you consent to this or if this is legally permissible without special consent.

2.5 Third-Party Scripts and Cookie Consent

Our Website uses scripts from third-party providers to provide functions. These scripts may transmit data such as your IP address to the provider. To handle this in a GDPR-compliant manner, we use the GDPR-compliant cookie consent tool CCM19, which obtains your consent pursuant to Art. 6 para. 1 a) GDPR before such scripts or non-essential cookies are loaded. CCM19 is a German tool operated by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, and ensures that consents are logged and revocable. Without consent, no non-essential cookies or scripts are activated.

3 Legal Bases and Storage Period

The legal basis for data processing is Art. 6 para. 1 f) GDPR (legitimate interest), in particular the secure and efficient operation of this private Website. Your data will only be stored for as long as necessary for the operation of the Website and will be deleted thereafter, unless longer storage is required by law.

4 Your Rights as a Data Subject

You have the right to request information about your stored data and to have it corrected or deleted if necessary. Please contact us by email at the address given in section 1. You can also object to the processing of your data or lodge a complaint with a supervisory authority if you believe that the data processing is not lawful. The competent supervisory authority is the Hessian Commissioner for Data Protection and Freedom of Information, accessible at https://datenschutz.hessen.de.

5 Data Security

We strive to ensure the security of your data to the maximum extent possible within the framework of applicable data protection laws and technical possibilities.

However, we point out at this point that data transmission over the Internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

Furthermore, we do not guarantee that our offering will be available at certain times; disruptions, interruptions, or failures cannot be excluded. The servers we use are regularly and carefully secured.

6 Disclosure of Data to Third Parties and to Non-EU Countries

There is no proactive disclosure of your personal data to non-EU countries by the website operator. We only use your data to the extent that this is technically or otherwise necessary, e.g., in the event of misuse of our offering (such as hacker attacks).

However, please note that data (e.g., your IP address) may be disclosed to non-EU countries if you use the offered social media links for sharing on X, Facebook, or LinkedIn or forward a post via email. By clicking on these links, you access the services of the respective providers, which may be located outside the EU.

For logged-in users, data may also be transmitted to providers in non-EU countries (e.g., in the USA) through embedded content such as YouTube videos or Google Maps. This only occurs if you have consciously logged in as an invited user and thus consented to the use of this content. For non-logged-in users, the embedding of this content only occurs after your express consent via the cookie consent tool, as described in section 2.2.