Legal
Privacy Policy
Last updated: 3 July 2026
This privacy policy informs you about the nature, scope and purpose of the processing of personal data on danielrudolf.me pursuant to the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Controller
Controller within the meaning of Art. 4 no. 7 GDPR and § 5 DDG:
- Operator
- Xclusive Bespoke Mallorca SL
- Address
- Carrer de Sant Miquel 36, 5º, 07002 Palma de Mallorca, Balearic Islands, Spain
- Authorised representative
- Daniel Rudolf (managing director)
- hallo@danielrudolf.me
- Data protection enquiries
- datenschutz@danielrudolf.me
2. General principles
We process personal data exclusively for the purposes set out below, on one of the legal bases specified in Art. 6 (1) GDPR, and only for as long as necessary. We do not sell data and only pass it on to the processors listed below — all with GDPR-compliant data processing agreements.
3. Hosting & technical delivery
Cloudflare (hosting & content delivery network)
This website is delivered as a static site via the infrastructure of Cloudflare, Inc. (Cloudflare Workers Static Assets, including a globally distributed content delivery network). When the website is accessed, Cloudflare processes technically necessary data (IP address, browser type, time, requested URL) to provide the service, deliver it from a nearby edge server and protect against attacks (e.g. DDoS).
- Provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA
- Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure, performant and attack-protected delivery)
- Storage period: technical server and security logs are retained by Cloudflare only briefly and are not merged with other sources
- Third-country transfer: Cloudflare also operates servers outside the EU (incl. in the USA). For transfers to the USA we rely on the EU-US Data Privacy Framework (Cloudflare is certified) and, additionally, on the European Commission's Standard Contractual Clauses (SCC). A data processing agreement pursuant to Art. 28 GDPR is in place with Cloudflare.
- Privacy information: cloudflare.com/privacypolicy
4. Server logs
When the website is accessed, the following data is temporarily processed (server log, by Cloudflare):
- Anonymised IP address (truncated)
- Date and time of the request
- Requested URL
- HTTP status code and amount of data transferred
- Referrer URL
- User agent (browser, operating system)
This data is evaluated exclusively for security and diagnostic purposes and is not merged with other data sources.
5. Contact by email
Online forms for transmitting data are currently not active. Contact is currently made exclusively by email (e.g. via the addresses listed on /en/contact/ and /en/press/). No input is received, stored or forwarded server-side on this website.
If you contact us by email, we process the data you transmit (name, email address, content of the message) in order to handle your enquiry. The email is transported via your own email provider and our email service at Host Europe GmbH (Germany).
- Legal basis: Art. 6 (1) (b) GDPR (steps prior to a contract) and Art. 6 (1) (f) GDPR (legitimate interest in handling enquiries)
- Storage period: until the enquiry has been finally handled; statutory retention obligations remain unaffected
Note: As soon as online forms (incl. a double-opt-in newsletter) are activated, this policy will be supplemented with the processing operations and providers then used.
6. Newsletter
A newsletter sign-up form is currently not active. No newsletter subscriptions are currently collected, stored or sent.
Once the newsletter launches, sign-up will take place exclusively via a double-opt-in procedure. This policy will then be supplemented with the data processed, the legal basis (Art. 6 (1) (a) GDPR – consent) and the email provider used.
7. Sample chapter for the book
A sample chapter can currently be requested informally by email (see /en/book/). There is no automatic newsletter sign-up or automated token delivery.
8. Analytics
This website currently uses no analytics or tracking services. No cookies are set for statistics or marketing purposes and no user profiles are created. A cookie banner is therefore not required.
Should a cookieless, data-minimising reach measurement (e.g. Plausible Analytics with processing in the EU) be activated in future, this policy will be supplemented accordingly.
9. External content (embeds)
On /en/tv-media/ we only embed video and podcast content after an active click on the play button. As long as you do not click, no data is transmitted to the respective providers (YouTube, Vimeo, media libraries).
As soon as you click play:
- For YouTube we use the youtube-nocookie.com variant, which works without tracking cookies — until you actively log in.
- For other providers (media libraries, podcast hosters), their respective privacy policies apply.
10. Cookies
We set only a single cookie:
- sticky_buy_dismissed — 24-hour lifetime, stores the decision to hide the mobile sticky CTA on /en/book/. First-party, no tracking content.
Beyond that, no tracking or marketing cookies are set.
11. Your rights (Art. 15–22 GDPR)
You have the right at any time to:
- access the data stored about you (Art. 15 GDPR)
- rectification of inaccurate data (Art. 16 GDPR)
- erasure (“right to be forgotten”, Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- object to processing (Art. 21 GDPR)
- withdraw consent once given (Art. 7 (3) GDPR)
You can exercise these rights informally by email to datenschutz@danielrudolf.me We respond within 30 days (Art. 12 (3) GDPR).
12. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority — in particular in the EU member state of your residence, place of work or the place of the alleged infringement. For Germany, the competent supervisory authority depends on the data subject's place of residence; you will find a list at bfdi.bund.de .
13. Security of data processing
We take technical and organisational measures in accordance with Art. 32 GDPR:
- HTTPS / TLS encryption for the entire website (via Cloudflare)
- Static delivery with no server-side application, no database and no form or input processing — correspondingly minimal attack surface
- Security HTTP headers (incl. HSTS, X-Content-Type-Options, Referrer-Policy)
- Regular updates of the software and dependencies used to build the website
14. Changes to this privacy policy
We reserve the right to adapt this privacy policy if processing operations change (e.g. when new services are integrated). The current version is always available at this URL; in the event of material changes we will inform active newsletter subscribers by email.