Privacy Policy
Last updated: March 3, 2026
Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:
Sebastian Software GmbH
Dalheimer Straße 12
55128 Mainz
Germany
Managing Directors:
Sebastian Fastner, Sebastian Werner
Email: privacy@palamedes.dev
A data protection officer has not been appointed, as the legal requirements for such an appointment are not met. For data protection inquiries, you may contact the email address stated above.
Overview of Data Processing
This website does not process personal data beyond what is technically necessary. No cookies are set. For statistical analysis of website usage, we use Plausible Analytics, which operates entirely without cookies and does not permanently store personal data (see section “Web Analytics”). There is no contact form – contact is made exclusively via email.
Hosting and Content Delivery Network
This website is operated via the infrastructure of Bunny.net (BunnyWay d.o.o., Slovenia, EU). Bunny.net provides the following services:
- CDN (Content Delivery Network) for delivering static files (HTML, JavaScript, CSS)
- Edge scripting for server-side logic on Bunny.net nodes
- Storage for static files and assets
Processed Data
With each page request, the following categories of technical connection data are processed: network identification data (IP address), time-related metadata (timestamp), usage data (requested URL), and technical metadata (browser type, operating system, and device information). In accordance with the contract, this data is held by Bunny.net exclusively in volatile memory (RAM) and automatically deleted after 20–30 seconds. No permanent storage takes place.
Legal Basis
Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the availability, integrity, and security of the website. This interest outweighs the users' interest in non-processing, as the connection data is processed exclusively transiently in volatile memory and automatically deleted after a few seconds. Insofar as information on the user's device is accessed (e.g., through edge scripting), this is permissible without consent pursuant to § 25(2)(2) TDDDG (German Telecommunications Digital Services Data Protection Act), as the access is strictly necessary to provide the service explicitly requested by the user.
Third-Country Transfer
Bunny.net is based in Slovenia (EU/EEA). However, as part of CDN operations, data may temporarily be processed on servers outside the EEA. For such transfers to third countries, Bunny.net has concluded Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR. Additionally, a Transfer Impact Assessment (TIA) was conducted in accordance with the recommendations of the European Data Protection Board (EDPB), confirming the effectiveness of the safeguards in place. Bunny.net contractually commits that connection data on CDN nodes is only processed transiently and not permanently stored. Furthermore, a Data Processing Agreement pursuant to Art. 28 GDPR is in place, in which Bunny.net ensures that sub-processors implement adequate data protection measures in accordance with the GDPR.
Obligation to Provide Data
The transmission of your IP address is technically essential to access this website. Without this data transmission, no connection to the server can be established and the website cannot be displayed. There is no legal or contractual obligation to provide additional personal data.
Further information can be found in Bunny.net's privacy policy and on Bunny.net's GDPR page.
Web Analytics with Plausible Analytics
This website uses Plausible Analytics for statistical analysis of website usage. Plausible is operated by us on our own server under the domain t.sebastian-software.de (self-hosted). Data is not shared with third parties.
How It Works
Plausible operates without cookies and without persistent identifiers. No personal data within the meaning of the GDPR is permanently stored. Plausible generates a daily hash from the IP address, User-Agent, and date, enabling an anonymous count of unique visitors. The IP address is never stored or logged in full. The hash is automatically rotated daily, making tracking across days impossible.
Processed Data
The following data is collected in aggregated, non-personal form:
- Page views (URL, referrer)
- Device information (screen size, operating system, browser)
- Approximate geographic location (at country level, derived from the IP address, which itself is not stored)
Legal Basis
The use of Plausible is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in analyzing website usage for the purpose of optimizing and tailoring our online offering. This interest prevails because Plausible is designed in such a way that no personal data is permanently processed and no conclusions can be drawn about individual users. Since Plausible does not set cookies and does not access information already stored on the user's device, consent pursuant to § 25 TDDDG is not required.
Hosting and Third-Country Transfer
Plausible is operated on a dedicated server hosted by Hetzner Online GmbH in Germany. No third-country transfer takes place. This does not constitute a data processor within the meaning of Art. 28 GDPR, as data processing takes place exclusively on our own infrastructure.
Further information on the data protection compliance of Plausible can be found on the Plausible Analytics website.
Contact via Email
When you contact us by email, the data you provide (email address, name if applicable, and content of the message) will be processed to handle your inquiry. If your inquiry is aimed at concluding or performing a contract, the legal basis is Art. 6(1)(b) GDPR (pre-contractual or contractual measures). For general inquiries without a contractual context, the legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in properly responding to incoming inquiries. This interest prevails because processing is limited to what is necessary to respond and data is deleted upon completion. Your data will be deleted once the inquiry has been conclusively handled. If tax or commercial law retention obligations apply (§ 257 HGB, § 147 AO), the relevant data will be retained for up to 10 years.
Appointment Booking via Terminaro
For online appointment booking, we use our own service Terminaro. Terminaro is operated by the same controller (Sebastian Software GmbH) – this therefore does not constitute a data transfer to a third party within the meaning of Art. 4(10) GDPR, but rather an internal processing operation by the same controller.
When you book an appointment via the booking link, the data you enter (name, email address, company if applicable, phone number, and reason for booking) is processed by Terminaro.
Legal Basis and Retention Period
Processing is based on Art. 6(1)(b) GDPR for the initiation of a consulting engagement (pre-contractual measures). Booking data is automatically deleted 90 days after the appointment date. If a contractual relationship arises from the booking and tax or commercial law retention obligations apply (§ 257 HGB, § 147 AO), the relevant data will be retained for up to 10 years. Terminaro does not use cookies on its public website and does not employ tracking or web analytics.
Hosting and Sub-Processors
User data is stored on servers of Hetzner Online GmbH in Germany. A Data Processing Agreement pursuant to Art. 28 GDPR is in place with Hetzner. For the delivery of static content, Terminaro uses the CDN of Bunny.net (BunnyWay d.o.o., Slovenia), whereby data is processed exclusively transiently in volatile memory.
The above information covers all essential processing details regarding Terminaro. Supplementary technical details can be found in Terminaro's privacy policy.
Appointed Data Processors
We use the following data processors pursuant to Art. 28 GDPR, with each of whom a Data Processing Agreement is in place:
- BunnyWay d.o.o. (Bunny.net), Slovenia
CDN, hosting, and edge scripting for this website - Hetzner Online GmbH, Germany
Hosting of the Terminaro application
External Links
This website contains links to external third-party websites. When you click on these links, you will be redirected to the respective third-party site. The respective operators are responsible for data processing on these external sites. We recommend that you read the privacy policies of the linked sites.
Automated Decision-Making
No automated decision-making, including profiling, pursuant to Art. 22 GDPR takes place.
Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR) – see separate section below
To exercise your rights, you may contact us at any time at: privacy@palamedes.dev
Right to Object (Art. 21 GDPR)
Insofar as we process your personal data on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time pursuant to Art. 21 GDPR. If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
To exercise your right to object, you may contact us at any time at: privacy@palamedes.dev
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
P.O. Box 30 40
55020 Mainz
www.datenschutz.rlp.de