Privacy

Scope

This privacy notice applies to Mathegakker at www.mathegakker.de and to the public content and exercise pages provided there. Linked third-party websites are governed by their own privacy notices.

Controller and contact

The controller for Mathegakker is Gergely Papp, Poststr. 12, 86179 Augsburg, Germany.

Contact: kontakt@mathegakker.de. Please do not send sensitive data by unencrypted email.

Data protection officer

No data protection officer is currently appointed because, based on the current assessment, there is no statutory obligation to appoint one. This will be reviewed again if the functionality or processing changes.

Processing of personal data

DNS with Namecheap PremiumDNS

Activity: DNS resolution and DNS-layer protection against overload attacks. Data: DNS query metadata visible to the authoritative DNS provider. Provider: Namecheap PremiumDNS as processor for DNS resolution and DNS-side availability and security services. Purpose: resolving domain names, maintaining availability, and providing DNS-oriented protection. Legal basis: Art. 6(1)(f) GDPR, legitimate interest in reliable and secure website delivery.

Retention follows Namecheap contract and product terms and is limited to what is required for DNS resolution, availability, security services, or legal obligations. Personal data may be transferred outside the EU/EEA, especially to the United States. For the United States, an adequacy decision exists where the recipient is effectively certified under the EU-U.S. Data Privacy Framework; otherwise Namecheap states that it relies in particular on European Commission standard contractual clauses. Namecheap provides information about these safeguards in its Data Processing Addendum. Visitors may request further information or a copy of the relevant safeguards using the contact address above, where disclosure is legally and contractually permitted.

Hosting and delivery with Cloudflare Pages

Activity: static hosting and server delivery. Data may include IP address, request metadata, user agent, date and time of the request, requested URL or file, referrer, access status, transferred data volume, browser and operating-system information, and technical security events. Provider: Cloudflare Pages as processor for Pages, CDN/edge delivery, security, abuse prevention, and related technical processing. Purpose: delivering the website, providing security, and preventing abuse. Legal basis: Art. 6(1)(f) GDPR, legitimate interest in website delivery and security.

Cloudflare processes request and security data under its product and contract terms only as long as required for delivery, security, troubleshooting, abuse prevention, or legal obligations. The use of Cloudflare Pages is based in particular on the Cloudflare Customer DPA. Cloudflare refers to EU standard contractual clauses, additional safeguards, and, for transfers to the United States, the Data Privacy Framework while certification remains valid. Visitors may request further information or a copy of the relevant safeguards using the contact address above, where disclosure is legally and contractually permitted.

Cloudflare Web Analytics

Activity: cookie-free web analytics and performance measurement. Data: page URL or path, referrer, country, device, browser and operating-system metadata, load-time and performance metrics, Core Web Vitals, and technical request metadata visible to Cloudflare during website delivery and beacon processing. According to Cloudflare, Web Analytics does not log query strings.

Purpose: cookie-free page-view and performance analysis for a free website, identifying frequently used content and exercise pages, checking load speed and Core Web Vitals, identifying display and loading problems, and improving the website. Legal basis: Art. 6(1)(f) GDPR, legitimate interest in data-minimizing, cookie-free reach measurement, performance monitoring, and improvement of the free offering.

Cloudflare states that unsampled beacon data is stored for 7 days and then aggregated to around 10 percent for longer-term storage. Web Analytics data is available in the Cloudflare dashboard for the previous 6 months. The beacon is loaded on the public website, on all public pages including legal information pages and translated privacy information pages. This lets Mathegakker also see how often these information pages are accessed. Mathegakker does not use custom analytics events and does not send exercise answers, names, pupil identifiers, or individual math tasks to Cloudflare Web Analytics. The use is based in particular on the Cloudflare Customer DPA; visitors may request further information or a copy of the relevant safeguards using the contact address above, where disclosure is legally and contractually permitted.

Exercise in the browser

Activity: runtime state of the exercise. Data: current task, current settings, and answers during the current page session. Recipients: no external recipients; processing takes place locally in the browser. Purpose: running the exercise in the browser. Legal basis: Art. 6(1)(f) GDPR where personal data is involved at all. Retention: page session only; the data is lost on refresh or restart. Mathegakker does not use Local Storage or Session Storage for settings, identifiers, pupil names, or exercise results.

Email contact

Activity: contact by email. Data: sender email address, message content, and mail metadata. Provider: IONOS SE / IONOS Mail Basic as processor for receiving, storing, spam and virus checking, and providing contact emails. Depending on the sender provider and transmission route, further technical services may be involved. Purpose: responding to inquiries. Legal basis: Art. 6(1)(f) GDPR for general inquiries; Art. 6(1)(b) GDPR only where an inquiry directly concerns a contract or pre-contractual steps.

Contact inquiries are deleted once resolved, no later than 6 months, unless statutory retention duties or legitimate reasons require longer storage. IONOS SE is based in Germany; third-country transfers of parts or all of the service require a GDPR-compliant basis under the provider documents.

Cookies, browser storage, and TDDDG

These notices also include information about access to end-user devices under the German TDDDG. Mathegakker itself does not use cookies and does not use Local Storage or Session Storage for settings, identifiers, pupil names, or exercise results. Cloudflare Web Analytics works without cookies and without Local Storage for web analytics according to Cloudflare. Cloudflare hosting, security, and abuse-prevention functions may trigger technically necessary access or protective mechanisms where required for security, availability, and abuse prevention. In the currently planned basic operation without additional bot, challenge, Access, Waiting Room, or rate-limiting features, Cloudflare is not expected to set such protection cookies.

Security, JavaScript, and legal disclosures

Mathegakker is delivered over HTTPS. Security measures include security headers, a restricted Content Security Policy, and provider measures against abuse and overload attacks. The exercises run as JavaScript applications in the browser and may not work, or may work only with limitations, if JavaScript is disabled. Personal data is disclosed to authorities, courts, or other bodies only where legally required, necessary to assert or defend legal claims, or necessary to investigate and prevent security incidents.

Your rights

Under the GDPR, visitors have rights of access, rectification, erasure, restriction of processing, data portability, and objection, where the legal requirements are met. Where processing is based on Art. 6(1)(f) GDPR, visitors may object on grounds relating to their particular situation. To exercise rights, contact kontakt@mathegakker.de.

Visitors also have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the Bavarian Data Protection Supervisory Authority, Promenade 18, 91522 Ansbach, Germany, https://www.lda.bayern.de/de/index.html.

Data provision, automated decisions, and unavailable features

Providing personal data is neither legally nor contractually required. To retrieve the website, however, the browser must transmit the usual request data; without it the website cannot be delivered. The exercises can be used without names, user accounts, or email addresses. An email address and message content are required only if visitors contact Mathegakker by email and want a reply.

No automated decision-making and no profiling take place. Mathegakker does not offer registration, login, user accounts, or submission of exercise results on this public website. If additional functions are added later, separate privacy information will be provided.