Privacy Policy

1. Controller

The controller responsible for processing personal data in connection with this website within the meaning of the General Data Protection Regulation (GDPR) is:

Mykhailo Kozyrev
c/o IP-Management #7654
Ludwig-Erhard-Straße 18
20459 Hamburg
Germany

The site is operated as a private, non-commercial project by a small group of friends/students (not a registered association or company).

Email for privacy-related requests: contact@the-pum.com.

2. What data we process & why

• Server log data: When you visit our website, our hosting provider automatically processes technical data such as your IP address, date and time of access, URL accessed, referrer URL, and basic browser information. This is necessary to deliver the website and to ensure stability and security (for example, to detect misuse). Legal basis: our legitimate interests in running a secure website (Art. 6(1)(f) GDPR).
• Contact requests: If you contact us (for example via email or the contact form), we process the information you provide (such as name, email address, role and your message) in order to handle your request. Legal basis: depending on the context, this is either steps prior to entering into a contract or answering your enquiry (Art. 6(1)(b) GDPR) or our legitimate interests in responding to requests (Art. 6(1)(f) GDPR); where you clearly consent, Art. 6(1)(a) GDPR.
• Accounts, member profiles & portfolio content: If the site allows you to log in or create a member profile, we process login data (for example, email and password), basic profile information and optional content you choose to share (such as profile photos, project descriptions, event participation or uploaded documents/CVs). This is used to provide the account and display your content on the site. Legal basis: performance of a contract / user relationship (Art. 6(1)(b) GDPR) and, for public profile visibility or optional details, your consent (Art. 6(1)(a) GDPR).
• Technical integrations & maps: If we embed maps or similar third-party services, the providers of those services may receive technical data (such as IP address and request details) when content is loaded. Legal basis: our legitimate interests in providing a modern, informative website (Art. 6(1)(f) GDPR); where required, we will ask for your consent beforehand (Art. 6(1)(a) GDPR).
• Preferences (theme & language): We store your chosen dark/light theme and language (English/German) in your browser (for example, using local storage) so the website remembers your preference on the same device. This does not create a personal profile and is not used for tracking. Legal basis: our legitimate interests in providing a user-friendly website (Art. 6(1)(f) GDPR).

3. Cookies, local storage & analytics

We try to run this website with as few cookies as possible:

• We may use necessary cookies (for example, a session cookie and CSRF protection) to keep you logged in to your account and to protect forms. These are required for the site to function securely.
• We use local storage in your browser to remember your chosen theme (dark/light) and interface language (English/German). This information stays on your device unless you clear it in your browser.
• We currently do not use third-party analytics or advertising trackers (such as Google Analytics or ad networks) on this site. If this changes in the future, we will update this policy and, where required, ask for your consent before placing such cookies.

You can control and delete cookies and local storage entries yourself via your browser settings. However, the site or login may not work correctly without technically necessary cookies.

4. Recipients & data transfers

We use external service providers to host this website and, where applicable, to send emails or store files. These providers act as data processors on our behalf and are contractually obliged to handle personal data only according to our instructions and to implement appropriate security measures.

In general we aim to use providers within the EU/EEA. If data is transferred to countries outside the EU/EEA (for example because a service provider is based there), this is done on the basis of appropriate safeguards such as EU Standard Contractual Clauses, or on the basis of your explicit consent where required by law.

5. Retention

We keep personal data only for as long as necessary for the purposes described above or as required by law:

• Server log data is typically kept only for a short period (for example, a few weeks) for security and troubleshooting, and then deleted or anonymised.
• Contact requests are kept as long as needed to handle your enquiry and for any follow-up questions, and may be retained for longer where legal retention periods apply.
• Account and profile data is stored for as long as you have an account on this site. If you delete your account or ask us to delete it, we will remove or anonymise the associated data, unless legal obligations require longer storage.
• Preferences stored locally in your browser (theme/language) remain there until you clear them via your browser settings.

6. Your rights

Under the GDPR, you have the following rights with respect to your personal data, subject to the conditions set out in the law:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing based on consent before its withdrawal.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

For example, in Bavaria the competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).

7. Contact

For questions about this privacy policy or to exercise your rights, please contact us via contact@the-pum.com or use our contact form.