Privacy Policy for the Website

Last updated: May 2026

Responsibility for Data Processing

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection provisions is:

Tom Giessel
Samoastr. 22
13353 Berlin
Germany

Email: [email protected]
Web: https://fully-stacked.dev

Introduction and Scope of this Privacy Policy

The protection of your personal data is important to me. This privacy policy informs you about the processing of personal data when you visit my website (https://fully-stacked.dev).

This policy is addressed to all visitors of my website, in particular prospective clients and individuals who wish to learn about my services or get in touch with me.

I process your data exclusively in accordance with applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR) as well as the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

Legal Bases for Data Processing

Consent (Art. 6(1)(a) GDPR)

You have given your consent for the processing of your personal data for a specific purpose as explained by me. You may withdraw your consent at any time with effect for the future. Please contact me at the email address provided above.

Contract or Pre-Contractual Measures (Art. 6(1)(b) GDPR)

Where a contractual relationship is being prepared or initiated via my website (e.g. by contacting me for a potential project collaboration), data processing is carried out for the performance of pre-contractual measures or for the fulfilment of a contract.

Legitimate Interests (Art. 6(1)(f) GDPR)

Processing may also be based on my legitimate interests — for example, to ensure the technical security of the website or to improve my online offering. In doing so, I always ensure that your interests worthy of protection do not prevail.

Your Rights as a Data Subject

Where your personal data is being processed, you are considered a data subject within the meaning of the General Data Protection Regulation (GDPR). You have the following rights vis-à-vis the controller.

1. Right of Access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed. If so, you have the right to access this data and the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data has been or will be disclosed, the planned retention period or the criteria for determining it, the existence of the rights to rectification, erasure, restriction of processing and objection, and the existence of a right to lodge a complaint with a supervisory authority.

2. Right to Rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data — including by means of a supplementary statement.

3. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data where one of the following conditions is met: you contest the accuracy of the personal data, the processing is unlawful and you oppose erasure, I no longer need the data but you require it for the establishment of legal claims, or you have objected to processing pursuant to Art. 21(1) GDPR.

4. Right to Erasure (Art. 17 GDPR)

You have the right to request the immediate erasure of your personal data where one of the following grounds applies: the data is no longer necessary for the purposes for which it was collected, you withdraw your consent and there is no other legal basis for the processing, you object to the processing and there are no overriding legitimate grounds, or the data has been unlawfully processed.

Exceptions to the Right to Erasure: The right to erasure does not apply where processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise or defence of legal claims.

5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data you have provided to me in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller or — where technically feasible — to have me transmit it directly.

6. Right to Object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where such processing is based on Art. 6(1)(f) GDPR. Profiling within the meaning of Art. 22 GDPR does not take place on my website.

7. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.

You may contact, in particular, the supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

International Data Transfers

For the operation and provision of my website, I use external service providers who may be based or operate servers outside the European Union (EU) or the European Economic Area (EEA). In such cases, I ensure that an adequate level of data protection is guaranteed in accordance with the requirements of the GDPR. This is achieved in particular through:

If you would like further information about the safeguards in place, you may contact me at any time at the email address provided above.

Data Retention and Deletion of Personal Data

Principle of Storage Limitation

I store personal data only for as long as is necessary for the respective processing purposes or as required by law. Once the purpose of processing ceases to apply, the data is deleted or — where possible — anonymised, unless other statutory retention obligations apply.

Retention Periods

The following retention periods apply to specific data categories:

Deletion upon Request: Regardless of the above periods, you have the right to request the deletion of your personal data at any time, provided that no statutory or contractual retention obligations prevent this. For further information, please refer to the section "Your Rights as a Data Subject" in this privacy policy.

Provision of the Website

Description and Scope of Data Processing

My website is hosted by DigitalOcean, LLC, 101 6th Avenue, New York, NY 10013, USA. When you access my website, DigitalOcean, as the technical service provider, processes personal data that is necessary for the delivery and operation of the website.

The data processed includes in particular:

This data is stored in server log files and is not merged with other data sources.

Purposes of Data Processing

Legal Basis for Data Processing

Art. 6(1)(f) GDPR — legitimate interest in the secure and technically stable operation of my website.

Further Information

Privacy policy of DigitalOcean: https://www.digitalocean.com/legal/privacy-policy

Use of Cookies and Comparable Technologies

Description and Scope of Data Processing

My website uses only technically necessary cookies that enable basic functions (e.g. session management). No optional cookies for analytics or marketing purposes are used.

Legal Basis for Data Processing

The use of technically necessary cookies is based on Art. 6(1)(f) GDPR, as they are essential for the secure and functional operation of my website.

Retention Period

Depending on the cookie type, until the end of the session or for a technically determined retention period.

Contact via the Contact Form

Description and Scope of Data Processing

My website provides a contact form. When you use it, the personal data you submit is processed, in particular:

The data is processed via the backend of my website and forwarded to me by email. No permanent storage in a database takes place and no data is shared with third parties.

Purposes of Data Processing

Legal Basis for Data Processing

Retention Period

Your data is deleted after your inquiry has been fully processed, unless statutory retention obligations apply or I am required to retain the data for legal reasons.

Your Rights

You may object to the further processing of your data at any time. In this case, communication may not be able to continue.

Integrated Third-Party Services

To optimise my website, I use a selected external service. This service supports me in evaluating usage data in anonymised form.

External Links: My website may contain links to external websites — for example, to professional networks. When you click on these links, you leave my website. The respective providers are solely responsible for data processing on the linked websites. Please refer to the applicable privacy policies of the respective providers:

a) Use of plausible.io

Provider Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia

Purposes of Data Processing I use plausible.io to collect aggregated usage statistics (e.g. page views, time on site, devices used). This serves the technical and content optimisation of my website. Plausible does not process cookies, IP addresses or other personal identifiers.

Categories of Data Processed

Legal Basis for Data Processing Art. 6(1)(f) GDPR — legitimate interest in improving my website. Since Plausible does not process personal data and does not use cookies, consent under the TDDDG is not required.

Retention Period Data is stored exclusively in aggregated form and cannot be attributed to any individual person.

Further Information https://plausible.io/data-policy

Changes to This Privacy Policy

I reserve the right to update this privacy policy as needed to reflect changes in legal requirements or modifications to the website. The current version published on the website shall apply at all times.