tech.grahammiranda.com
Last Updated: November 2025
1. Controller (Data Controller)
According to § 5 TMG (German Telemedia Act) and Article 4 Para. 7 GDPR:
Graham Miranda
Hasselfelder Str. 23
38889 Blankenburg (Harz)
Germany
Contact Information:
- Phone: +49 15678 397267
- Email: legal@grahammiranda.com
D-U-N-S® Number: 316 856 052
Tax Number: 117/249/02725
2. Data Protection Officer
As this website is operated as a small business (Kleinunternehmen), no Data Protection Officer is required by law. For questions regarding data processing, please contact: legal@grahammiranda.com
3. Legal Basis for Data Processing
The processing of personal data is based on:
- Article 6 Para. 1 lit. a GDPR: Voluntary consent (e.g., newsletter subscription)
- Article 6 Para. 1 lit. f GDPR: Legitimate interests (e.g., security, analytical improvement)
- Article 6 Para. 1 lit. c GDPR: Legal obligations (e.g., invoice retention)
4. Collected Data and Processing Purposes
4.1 Newsletter Subscription
Collected Data:
- Email address (mandatory field)
- Optional: First name, last name
Purpose: Sending newsletter content, tech news, and exclusive offers
Legal Basis: Article 6 Para. 1 lit. a GDPR (Consent)
Procedure: Double Opt-In (confirmation link required via email)
Data Storage: As long as the newsletter subscription is active; data is deleted upon unsubscription
Notice: You can unsubscribe at any time by clicking the unsubscribe link in each newsletter
4.2 Automatic Data Collection During Website Visits
Collected Data:
- IP address
- Browser type and version
- Operating system
- Access date and time
- Referrer (visited page)
- Pages you visited
Purpose:
- Website operation and error analysis
- Security and protection against misuse
- Analytical improvements (anonymized)
- Compliance with legal obligations
Storage Duration: Log data is deleted after 7 days unless required for security investigations
Legal Basis: Article 6 Para. 1 lit. f GDPR (legitimate interests)
4.3 Google Analytics
Service: Google Analytics 4
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Collected Data:
- Anonymized IP address
- Browser information
- Device type
- Page views and time spent
- User events
Purpose: Analysis of website usage and user behavior for website improvement
Storage Duration: 14 months (GDPR-compliant)
Legal Basis: Article 6 Para. 1 lit. a GDPR (Consent via cookie banner)
Google Privacy Policy: https://policies.google.com/privacy
Opt-Out: Google Analytics Opt-Out Browser Extension: https://tools.google.com/dlpage/gaoptout
4.4 Google Search Console
Service: Google Search Console
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Collected Data:
- Website performance indicators
- Search queries
- Indexing status
- Crawl errors
Purpose: Optimization of website visibility in search results
Storage Duration: Determined by Google
Legal Basis: Article 6 Para. 1 lit. f GDPR (legitimate interests)
4.5 Cloudflare CDN Services
Service: Cloudflare Content Delivery Network (CDN)
Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA
Collected Data:
- IP addresses
- Browser and device information
- Bandwidth usage
- Security information
- Visit data
Purpose:
- Website acceleration and content distribution
- DDoS protection and security measures
- SSL/TLS encryption (QUIC protocol)
Legal Basis: Article 6 Para. 1 lit. f GDPR (legitimate interests: website security and performance)
Data Processing: According to Data Processing Agreement with Cloudflare Deutschland GmbH
Data Transfer: Cloudflare is certified under the EU-US Data Privacy Framework
Cloudflare Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/
4.6 Social Share Buttons
Type of Buttons: Social icons for sharing (not embedded)
Provider: Various social networks (e.g., Facebook, Twitter, LinkedIn, Pinterest)
Processing: Buttons are offered only as links. No automatic data transmission before user click
Legal Basis: Article 6 Para. 1 lit. f GDPR (legitimate interests)
Notice: When you click a social button, you are redirected to the external platform. Please review the privacy policy of the respective provider
4.7 iCloud Custom Email
Service: iCloud Custom Email Domain
Provider: Apple Inc., Cupertino, CA, USA
Usage: Contact email: legal@grahammiranda.com
Privacy: Subject to Apple’s privacy policies
4.8 RackNerd Server (Hosting)
Provider: RackNerd LLC
Server Locations: USA, France, Netherlands
Processing: Data storage on servers in the named locations
Data Processing Agreement: Between Graham Miranda and RackNerd according to Article 28 GDPR
Data Security: TLS/SSL encryption for all data transmissions
5. Data Categories and Recipients
External Recipients of Personal Data:
| Recipient | Data | Purpose | Location |
|---|---|---|---|
| Google LLC | Anonymized IP addresses | Analytics | USA (DPF) |
| Google LLC | Website performance data | Search Console | USA (DPF) |
| Cloudflare, Inc. | IP addresses, visit data | CDN/Security | USA/EU |
| RackNerd LLC | Website data | Hosting | USA, FR, NL |
| iCloud | Email data | Email transmission | USA |
6. Data Storage and Retention
Legal Retention Requirements (§ 147 German Tax Code – AO):
- Invoices and accounting records: 10 years
- Business correspondence: 6 years
- Customer contracts and orders: 10 years
- Tax-relevant documents: 10 years
Additional Storage Periods:
- Newsletter subscriptions: Until unsubscription or deletion request
- Website log data: 7 days (unless required for security)
- Google Analytics data: 14 months
- Backup data: Up to 90 days (for disaster recovery)
Principle: Data is deleted as soon as it is no longer required for its purpose and no legal retention requirements apply.
7. Data Access and Staff Access
- Administrative Staff: Only authorized staff have access to customer data
- NDA Obligation: All staff members are subject to confidentiality obligations
- Access Control: Password-protected administrative areas with two-factor authentication
8. Your Data Subject Rights
Under GDPR, you have the following rights:
Article 15 GDPR – Right of Access:
You can request a copy of your personal data that we store about you.
Article 16 GDPR – Right to Rectification:
You can correct or complete erroneous or incomplete data.
Article 17 GDPR – Right to Erasure (“Right to be Forgotten”):
You can request deletion of your personal data, provided no legal retention obligation exists.
Article 18 GDPR – Right to Restriction:
You can request restriction of data processing.
Article 20 GDPR – Data Portability:
You can receive your data in structured, commonly used, and machine-readable format and transfer it to others.
Article 21 GDPR – Right to Object:
You can object to the processing of your data.
Article 7 Para. 3 GDPR – Right to Withdraw Consent:
You can withdraw given consent at any time.
How to Exercise Your Rights:
Send an email to: legal@grahammiranda.com
Please specify:
- Your name
- Email address
- Which right you wish to exercise (access, rectification, deletion, etc.)
- Justification for your request
Processing Time: We will process your request within 30 days. For complex requests, the deadline may be extended to 60 days.
9. Security Measures
We implement the following security measures to protect your data:
- SSL/TLS Encryption for all data transmissions (HTTPS and QUIC)
- Cloudflare Security: DDoS protection, WAF (Web Application Firewall)
- Regular Backups: Daily backups with encrypted storage
- Access Control: Password-protected administrative areas
- Two-Factor Authentication: For administrative accounts
- Firewalling: Protection against unauthorized network access
- Malware Scans: Regular security vulnerability checks
- Data Deletion: Secure deletion of data after retention period
10. Data Breaches and Notifications
In case of a data breach:
- Notification to Supervisory Authority: Within 72 hours (if a risk exists)
- Notification to Affected Individuals: If a high risk exists
- Documentation: All breaches are documented
Competent Supervisory Authority: State Office for Consumer Protection Saxony-Anhalt
11. Cookies and Tracking Technologies
Cookie Categories:
Necessary Cookies (without consent):
- Session cookies for website functionality
- CSRF protection tokens
- Language settings
- SSL/TLS session management
Analytical Cookies (with consent):
- Google Analytics tracking cookies
- Performance monitoring
- Anonymous usage statistics
Marketing Cookies (with consent):
- Remarketing pixels
- Conversion tracking (if activated)
TTDSG/TDDDG Compliance:
According to § 25 Para. 1 TTDSG (German Telemedia and Digital Services Data Protection Act):
- Opt-In Procedure: Consent required before setting non-necessary cookies
- Cookie Banner: Prominent display with independent yes/no buttons
- No Pre-Selection: Cookies are not pre-selected
- Withdrawal Anytime: Users can withdraw consent at any time
- Granular Control: Individual cookie categories can be separately accepted/rejected
12. Links to External Websites
This website contains links to external third-party websites. We are not responsible for the privacy practices of these sites. Please review the privacy policies of such external sites before providing personal data.
13. Special Provisions for Children
This website is not directed at persons under 16 years of age. We do not knowingly collect data from children under 16. If we become aware that we have collected data from a child under 16, we will delete such data immediately.
14. Changes to This Privacy Policy
We reserve the right to modify this privacy policy at any time to adapt to new legal requirements or technologies. The current version will always be published on this page.
Date of Last Update: November 2025
15. Contact Information
Graham Miranda
Hasselfelder Str. 23
38889 Blankenburg (Harz)
Germany
Email: legal@grahammiranda.com
Phone: +49 15678 397267
Complaint to Supervisory Authority:
State Commissioner for Data Protection Saxony-Anhalt
Godehard-Fuchs-Str. 1
39108 Magdeburg, Germany
Email: mailbox@lfd.sachsen-anhalt.de
This Privacy Policy is compliant with GDPR, TTDSG/TDDDG, and TMG and was last updated in November 2025.
English 
Deutsch 
Español 
Italiano 
Français