Privacy Policy

Last Updated: January 7, 2026

This Privacy Policy explains how I (Matthias Gliwka) collect, use, and protect your information when you visit my blog at https://gliwka.eu. I am committed to transparency and protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Matthias Gliwka
c/o Online-Impressum.de #5653
Europaring 90
53757 Sankt Augustin
Germany

privacy@gliwka.eu
+49 1579 2618054

2. Information I Collect and Legal Basis

By default, no personal data is collected when you browse my website. No cookies or similar tracking technologies are in use by me directly.

I collect the following information only under the specified legal bases:

Privacy-Preserving Anonymous Statistics

Data Collected: Site visited, timestamp, user agent/browser, and anonymized IP addresses (last octet deleted).
Purpose: To understand website traffic, popular content, and improve user experience. This data is processed locally and cannot be used to identify you.
Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) in analyzing and improving my website, while respecting your privacy through anonymization.
Retention: This data is aggregated and retained for analytical purposes for 2 years.

Comments

Data Collected: Pseudonym (optional), comment text, and the anonymized IP address associated with the comment submission (for spam prevention).
Purpose: To publish your comments on blog posts and engage with my content.
Important Notice on Public Nature: By voluntarily submitting a comment, you acknowledge that your text and pseudonym will be published on the open internet. While I can remove your data from my own systems and repositories upon request, I have no control over third-party services (such as the Internet Archive, search engines, or AI scrapers) that may have copied, cached, or archived your comment while it was publicly available.
Legal Basis: Consent (Art. 6(1)(a) GDPR). By submitting your comment, you explicitly consent to its global publication and acknowledge the risks associated with public data described above.
Retention: Your comment data will be kept on my systems for as long as the associated blog post is publicly available or until you request its deletion.

Data Collected: Your email address.
Purpose: To send you updates, new blog posts, or other relevant information.
Legal Basis: Consent (Art. 6(1)(a) GDPR) by explicitly subscribing to my newsletter.
Retention: Your email address will be stored until you unsubscribe from the newsletter. You can unsubscribe at any time via a link provided in every newsletter email or by contacting me directly.

Contact Inquiries

Data Collected: Your email address, name (if provided), and the content of your message.
Purpose: To respond to your questions, feedback, or privacy requests.
Legal Basis: Legitimate Interest (Art. 6(1)(f) GDPR). I have a legitimate interest in answering inquiries sent to me and maintaining communication with my readers.
Retention: Contact data is retained only as long as necessary to process your request or as required by statutory retention periods.

3. How I Use Your Information

I use the collected information solely for the purposes described above: to operate and improve my blog, to publish user-submitted comments, to send newsletters to subscribers, and to respond to inquiries.

I do not sell, trade, or otherwise transfer your personal information to outside parties, except as described below:

mailbox.org (Heinlein Support GmbH)

Role: Email hosting provider. Used for sending newsletters and receiving contact inquiries.
Data Processed: Email addresses, message content, and technical metadata (headers, timestamps).
Location: Germany (EU).
Legal Basis: Data processing occurs strictly within Germany/EU under GDPR.

bunny.net (BunnyWay d.o.o)

Role: Content Delivery Network (CDN) and web hosting provider. They serve the website globally, optimizing loading times.
Data Processed: As a CDN, they may temporarily process your IP address and user agent information to deliver website content. They also handle the transmission of comments.
Location: BunnyWay d.o.o. is based in Slovenia (EU).
Legal Basis for Transfer: Data processed within the EU is covered by GDPR. See Section 9 for details on international data transfers through the CDN.

GitHub

Role: Hosting provider for the website’s source code and repository for comment storage.
Data Processed: Comment content, associated metadata (pseudonym, timestamp), and version history.
Location: GitHub Inc. is based in the USA.
Legal Basis for Transfer: GitHub is a subsidiary of Microsoft Corporation, which participates in the EU-US Data Privacy Framework (DPF). This ensures that data transferred to US-certified companies is protected to EU standards. As a fallback measure, I also rely on Standard Contractual Clauses (SCCs).

I ensure that all third-party processors comply with data protection regulations and adequately protect your data.

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR): You have the right to request copies of your personal data.
Right to Rectification (Art. 16 GDPR): You have the right to request that I correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (Art. 17 GDPR): You have the right to request that I erase your personal data from my systems. Note that this applies to data under my control and does not extend to third-party archives of public information.
Right to Restrict Processing (Art. 18 GDPR): You have the right to request that I restrict the processing of your personal data, under certain conditions.
Right to Object to Processing (Art. 21 GDPR): You have the right to object to my processing of your personal data, under certain conditions.
Right to Data Portability (Art. 20 GDPR): You have the right to request that I transfer the data that I have collected to another organization, or directly to you, under certain conditions.
Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of personal data relating to you infringes GDPR.

To exercise any of these rights, please contact me at the email address provided in Section 1.

6. Changes to This Privacy Policy

I may update my Privacy Policy from time to time. I will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

7. Contact Me

If you have any questions about this Privacy Policy, my data practices, or wish to exercise your rights, please contact me at:

privacy@gliwka.eu

8. Cookies and Tracking Technologies

This website does not use cookies or similar tracking technologies (such as localStorage, web beacons, or tracking pixels) for any purpose. You can browse my website without any cookies being set by me.

For your protection, this website also explcitily opts out of FLoC (Federated Learning of Cohorts) tracking provided by your browser.

9. International Data Transfers

My website is delivered globally through bunny.net’s Content Delivery Network (CDN), which operates servers in multiple countries across 6 continents. When you access my website, the following applies:

Technical Data Routing: On a technical level, when you connect to my website, your request may be routed to the nearest CDN server to optimize loading times. This means that if you are located outside the European Union, your connection data (such as IP address and user agent) may be temporarily processed by CDN servers in your region to deliver the website content to you efficiently.
Data Processing and Storage: bunny.net anonymizes any data that could be used to directly or indirectly identify a user. By default, bunny.net anonymizes IP addresses by removing the last octet from the address. When IP anonymization is disabled for logging purposes, all logs are stored within the EU. bunny.net is an EU-based company (BunnyWay d.o.o., Slovenia) that operates under GDPR and maintains a privacy-first approach.
Purpose of Global CDN: The sole purpose of this international data routing is to provide you with fast website loading times regardless of your geographic location.
GDPR Compliance: bunny.net is fully committed to complying with the GDPR and has taken steps to ensure no personally identifiable data is stored from your users that access your services through bunny.net. This processing is covered by my legitimate interest (Art. 6(1)(f) GDPR) in providing an efficient, globally accessible website while respecting user privacy through bunny.net’s anonymization practices.

If you have concerns about international data transfers, please contact me at privacy@gliwka.eu.

10. Automated Decision-Making

I do not engage in any automated decision-making or profiling activities as defined under Article 22 GDPR. Your personal data is not used to make automated decisions that produce legal effects concerning you or similarly significantly affect you.

1. Data Controller#

2. Information I Collect and Legal Basis#

Privacy-Preserving Anonymous Statistics#

Comments#

Newsletter Subscription#

Contact Inquiries#

3. How I Use Your Information#

4. Data Sharing and Third-Party Processors#

5. Your Data Protection Rights (GDPR)#

6. Changes to This Privacy Policy#

7. Contact Me#

8. Cookies and Tracking Technologies#

9. International Data Transfers#

10. Automated Decision-Making#