Privacy
Last updated: 09.07.2026
Protecting your personal data matters to me. This policy explains what data is processed when you visit weissexplorers.com, for what purpose, and on what legal basis.
1. Controller
Dr.-Ing. Sebastian Weiß, Hauptplatz 17/1, 8160 Weiz, Austria
Email: sebastian@weissexplorers.com
A data protection officer is not legally required and has not been appointed.
2. Your rights
You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). Any consent you give can be withdrawn at any time with effect for the future.
If you believe your data is being processed unlawfully, you may lodge a complaint with the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde Barichgasse 40–42, 1030 Vienna, Austria dsb.gv.at
3. Hosting and log files
This website runs on servers operated by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). No permanent access logs of all page views are kept.
Operational and error logs of the web server and the blog software are generated as part of normal operation. These may contain:
- the IP address of the requesting device
- the date and time of the request
- the page or file requested and the HTTP status code
- browser type and operating system
These logs are used solely for error analysis, maintaining operations, and defending against abusive access. The legal basis is a legitimate interest in the secure and stable operation of the website (Art. 6 (1) (f) GDPR).
Logs are deleted automatically after 14 days at the latest. They are not combined with other data and not evaluated for analytics purposes.
A data processing agreement under Art. 28 GDPR is in place with Hetzner Online GmbH.
4. Cookies and consent
On your first visit, a consent banner provided by CCM19 (Papoo Software & Media GmbH, Germany) is displayed. You use it to give or refuse consent to non-essential processing. Your choice is stored locally in your browser so that it does not have to be requested again on your next visit.
Strictly necessary cookies are set so that basic functions (such as member sign-in) can work. No consent is required for these (§ 165 (3) Austrian Telecommunications Act 2021).
You can withdraw or change your consent at any time via the cookie settings link in the footer.
5. Analytics with Matomo
Following your consent, Matomo Cloud (InnoCraft Ltd., New Zealand; servers located in Germany) is used to analyse how this website is used. Cookies are set and data such as a truncated IP address, pages viewed, time on page, referrer, and browser and operating system type are processed.
Your IP address is anonymised before storage. The data is not merged with other sources and is not passed on to third parties for advertising purposes.
The legal basis is your consent (Art. 6 (1) (a) GDPR, § 165 (3) TKG). A data processing agreement is in place with InnoCraft. Retention period: [insert value from your Matomo configuration].
6. Newsletter and member accounts
This website uses the newsletter and membership features of Ghost (self-hosted). Signing up requires your email address; providing a name is optional.
Sign-up uses a double opt-in procedure: after entering your address you receive an email containing a confirmation link. The time of sign-up and of confirmation are stored as proof of consent.
Delivery is handled by Brevo (Sendinblue GmbH, Germany / Brevo SAS, France) as a processor. Open and click rates may be recorded in order to improve content and deliverability.
The legal basis is your consent (Art. 6 (1) (a) GDPR). You can unsubscribe at any time using the link in every email; your data is then deleted.
7. Payments and paid memberships (Stripe)
Paid memberships are processed via Stripe (Stripe Payments Europe Ltd., Ireland; Stripe, Inc., USA). Stripe.js is loaded when the website is opened and sets cookies (__stripe_mid, __stripe_sid) for fraud prevention and to ensure payment functionality.
When you make a payment, your payment details are transmitted directly to Stripe; I do not receive full card details. The data processed may include your name, email address, payment method, IP address, and device information.
The legal basis is performance of a contract (Art. 6 (1) (b) GDPR) and a legitimate interest in fraud prevention (Art. 6 (1) (f) GDPR). Transfers to the USA are based on the EU Standard Contractual Clauses and the EU-US Data Privacy Framework.
More information: stripe.com/privacy
8. Fonts (Bunny Fonts)
Typefaces are loaded via Bunny Fonts (BunnyWay d.o.o., Slovenia). This establishes a connection to BunnyWay's servers, transmitting your IP address. According to the provider, no cookies are set and no personal data is logged; processing takes place within the EU.
The legal basis is a legitimate interest in a consistent and performant presentation of the website (Art. 6 (1) (f) GDPR).
9. Images from Unsplash
Some images are loaded from servers operated by Unsplash (Unsplash Inc., Canada / USA). This transmits your IP address to the provider. The legal basis is a legitimate interest in an appealing presentation of the website (Art. 6 (1) (f) GDPR).
10. External scripts (jsDelivr)
Some website functions (Ghost's sign-in and subscription interface) load scripts from the jsDelivr content delivery network. This transmits your IP address to the operator. The legal basis is a legitimate interest in providing the website's functionality (Art. 6 (1) (f) GDPR).
11. Embedded YouTube videos
This website embeds videos from YouTube (Google Ireland Ltd., Ireland). They are not loaded automatically: initially only a preview image is displayed, which is hosted on this website's own server. As long as you do not start the video by clicking it, no connection to Google is established and no data is transmitted.
Only when you click is the video loaded via the domain youtube-nocookie.com. At that point, data such as your IP address, device and browser information, and possibly cookie identifiers are transmitted to Google, including to the USA. If you are signed in to Google at the same time, the request may be associated with your account.
The legal basis is the consent you give by clicking (Art. 6 (1) (a) GDPR). Transfers to the USA are based on the EU-US Data Privacy Framework. More information: policies.google.com/privacy
12. Comments
Signed-in members can leave comments beneath posts. Your name, the content of the comment, the time of publication, and the link to your member account are stored. The comment feature is part of the self-hosted Ghost installation; no data is passed to third parties.
Your name and comment text are publicly visible to all visitors. Your email address is not published.
The legal basis is performance of the usage relationship (Art. 6 (1) (b) GDPR) and a legitimate interest in exchanging ideas with readers (Art. 6 (1) (f) GDPR). Comments are stored until you delete them, I delete them, or you close your member account.
13. Contacting me
If you write to me by email or through the contact form, your details are stored in order to process your enquiry. The legal basis is Art. 6 (1) (b) GDPR (pre-contractual measures) or (f) (legitimate interest in responding). The data is deleted once it is no longer needed and no statutory retention obligations apply.
14. Changes
This privacy policy will be updated whenever processing on this website changes. The version published here is the one that applies.