Data Privacy

1. Overview

This privacy policy explains how personal data is handled when you visit this website. Personal data is any information that can be used to identify you personally.

Data Controllers: Tamer El-Hawari and Michael Haizmann, Chausseestraße 9a, 14109 Berlin, Germany.
Email: [email protected]

Data is collected when you voluntarily provide it (e.g. via email) and automatically when you visit the site (e.g. browser type, access time, IP address). This data is used solely to ensure site functionality and to understand aggregate usage patterns.

2. Your Rights

Under applicable data protection law (GDPR) you have the right to:

• Request information about the personal data we hold about you
• Request correction or deletion of your data
• Withdraw consent at any time (Art. 7(3) GDPR)
• Object to processing, including for direct marketing purposes (Art. 21 GDPR)
• Request restriction of processing
• Receive your data in a portable, machine-readable format
• Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at [email protected].

The competent supervisory authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin.

3. Hosting

This website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA. The source code is stored on GitHub, Inc. (a Microsoft company).

When you visit the site, Netlify may process technical data including your IP address, browser type, and request timestamps. This is necessary for serving the website and maintaining security.

For data transfers to the USA, Netlify and GitHub rely on Standard Contractual Clauses (SCCs) as a legal basis under GDPR. For more details, see Netlify's privacy policy at netlify.com/privacy.

4. Data Processing

All personal data is handled confidentially and in accordance with applicable statutory regulations, including the GDPR.

Data is stored only as long as the processing purpose requires, or as mandated by law (e.g. tax and commercial retention obligations). The legal bases for processing are:

• Art. 6(1)(a) GDPR — Consent
• Art. 6(1)(b) GDPR — Contract performance
• Art. 6(1)(c) GDPR — Legal obligation
• Art. 6(1)(f) GDPR — Legitimate interests

Data transmission over the internet may have security vulnerabilities. Complete protection against third-party access cannot be guaranteed. This site uses SSL/TLS encryption for all data in transit.

5. Analytics

This website uses GoatCounter, a privacy-focused, open-source analytics service operated by Martin Tournoij. A lightweight JavaScript file is loaded in your browser to count page views.

GoatCounter does not use cookies, does not track individual users across sessions, and does not collect personal data. IP addresses are not stored. The data collected includes page paths, referrer information, browser type, and screen size in aggregate form.

The legal basis is our legitimate interest in understanding aggregate usage patterns to improve the website (Art. 6(1)(f) GDPR). For details, see GoatCounter's privacy policy at goatcounter.com/help/privacy.

6. Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits. This includes:

• Browser type and version
• Operating system
• Referrer URL
• Hostname of the requesting device
• Date and time of the request
• IP address

This data is not combined with other data sources. The legal basis is our legitimate interest in the technical operation and security of the website (Art. 6(1)(f) GDPR).

7. Fonts

This site uses the open-source fonts Inter, JetBrains Mono, and Space Grotesk. These fonts are self-hosted on our own servers — no data is transmitted to third parties when loading fonts on this website.

8. Payment Processing

When you purchase the book, you are redirected to Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. Stripe collects and processes your payment information (name, email, payment method details, billing address, IP address) directly. We do not store or process payment card details ourselves.

The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR). For data transfers to the USA, Stripe participates in the EU-U.S. Data Privacy Framework. For more information, see Stripe's privacy policy at stripe.com/privacy.

9. External Links

This website may contain links to external sites. Once you leave this site, we have no control over the data practices of external providers. We recommend reviewing the privacy policies of any external site you visit.

10. Contact & Questions

For any questions about data privacy or to exercise your rights, please contact:

Tamer El-Hawari & Michael Haizmann
Chausseestraße 9a, 14109 Berlin
Email: [email protected]