1. Overview
This privacy policy informs you, pursuant to Article 13 of the General Data Protection Regulation (GDPR), about which personal data is processed when you visit this website. In short: this website uses no cookies, performs no tracking, uses no analytics tools, and embeds no external fonts, font services, or content delivery networks. The only technically necessary data processing arises from delivering the site through the hosting provider (server logs, see Section 4).
2. Controller
The controller within the meaning of the GDPR is:
Adriano Camonita
Barthstr. 6
44328 Dortmund
Germany
Email: casystudioco@gmail.com
A data protection officer is not legally required and has not been appointed.
3. General information on data processing
Personal data is only processed to the extent necessary to provide a functional website. Data is shared with third parties only to the extent described in this policy (hosting). No automated decision-making, including profiling, takes place.
4. Hosting via GitHub Pages and server log files
This website is hosted exclusively on GitHub Pages, a service provided by GitHub, Inc., 88 Colin P. Kelly Jr. St., San Francisco, CA 94107, USA (a subsidiary of Microsoft Corporation). No own backend is operated: the operator itself does not store, process, or analyze any server log files and has no access to such data.
When the website is accessed, your browser transmits technically necessary data that GitHub, as the hosting provider, may record in its own server log files. This typically includes:
- the IP address of the requesting device,
- the date and time of access,
- the specific page or file requested,
- the browser type and operating system used,
- the previously visited page (referrer), if transmitted.
Controller responsibility: GitHub collects and processes these log files on its own responsibility as an independent controller (Art. 4(7) GDPR) for its own operational and security purposes. The operator of this website has no access to this data.
Purpose: delivery of the website, ensuring the stability and security of operations, and defending against attacks.
Legal basis: The legal basis for the processing carried out by GitHub as controller is its legitimate interest pursuant to Art. 6(1)(f) GDPR in the technically error-free provision and the security of the infrastructure it operates. Insofar as the operator participates in this process by deciding to deliver this website via GitHub Pages, its legitimate interest lies in providing the website securely and reliably without operating an own server.
Necessity of providing the data: Processing of the IP address is technically required to deliver any content to your device. Without it, the site cannot be served.
Storage period: Server log files are kept by GitHub as an independent controller for its own security and operational purposes. The specific retention period is determined by GitHub's policies, which do not specify a fixed period; the governing criterion is that the data is deleted as soon as it is no longer required for these security and operational purposes (commonly a period in the order of around 30 to 90 days). Details are set out in the GitHub General Privacy Statement.
Processor agreement: No processing on behalf of the operator within the meaning of Art. 28 GDPR exists for GitHub Pages in this constellation: when providing a purely static website without an own backend and without tracking, no personal data flows to the operator; the technically required processing of connection data is attributable solely to the hosting provider and its own security purposes. GitHub thus processes the operational server logs on its own responsibility.
5. Data transfer to the USA (third country)
As GitHub is based in the USA, hosting may involve the transfer of personal data (in particular the IP address) to the USA — a third country within the meaning of the GDPR.
GitHub, Inc. is independently certified under the EU-US Data Privacy Framework (DPF) (EU Commission adequacy decision (EU) 2023/1795 of 10 July 2023). In addition, GitHub relies on the EU Commission's Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR (Implementing Decision (EU) 2021/914). These safeguards are intended to ensure an adequate level of data protection.
Note: Despite these safeguards, access by U.S. authorities under U.S. law cannot be entirely ruled out for transfers to the USA.
6. Cookies and tracking
This website uses no cookies and employs no analytics, statistics, marketing, or tracking technologies. For this reason, no cookie consent banner is required.
This website stores a single technically necessary piece of information locally in your browser (the localStorage entry casy_lang) in order to remember your chosen language (DE/EN) across pages. This is a setting you actively make; storing it is exempt from consent under Section 25(2) no. 2 TDDDG. No tracking takes place, and the entry is never transmitted to a server.
7. No external services
No external fonts (e.g. Google Fonts), no content delivery networks, no embedded videos, maps, or social media plugins, and no third-party advertising or analytics services are loaded. All files required for display are delivered directly via the hosting provider.
8. Contact by email
If you contact us by email, the information you provide (e.g. email address, name, message content) is processed to handle your request. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to the request) or Art. 6(1)(b) GDPR where the request relates to entering into or performing a contract. The data is deleted once your request has been conclusively handled, unless statutory retention obligations apply.
9. SSL/TLS encryption
For security reasons, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the "https://" in your browser's address bar. With active encryption, the data you transmit to this website cannot easily be read by third parties.
10. Your rights as a data subject
With regard to the personal data concerning you, you have the following rights against the controller:
- Access (Art. 15 GDPR),
- Rectification (Art. 16 GDPR),
- Erasure (Art. 17 GDPR),
- Restriction of processing (Art. 18 GDPR),
- Data portability (Art. 20 GDPR),
- Objection to processing (Art. 21 GDPR).
To exercise these rights, an informal message to the contact details listed in Section 2 is sufficient.
11. Right to object (Art. 21 GDPR)
Where processing is based on Art. 6(1)(f) GDPR (legitimate interest), you have the right to object at any time, on grounds relating to your particular situation, to the processing. The controller will then no longer process the data unless there are compelling legitimate grounds that override your interests, or the processing serves to assert, exercise, or defend legal claims.
12. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. The competent authority is in particular the supervisory authority of the federal state of North Rhine-Westphalia:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2–4, 40213 Düsseldorf, Germany
www.ldi.nrw.de
13. Changes to this privacy policy
This privacy policy may be amended if the legal situation or the services used change. The dated version published here applies in each case.
14. Privacy contact
For questions regarding data protection, you can reach the controller at casystudioco@gmail.com.