$cat /etc/legal/privacy-policy

PRIVACY POLICY

Information about the processing of personal data

This statement describes what data we process when you visit this website and use the features we offer. Please update it whenever you add services such as newsletters, analytics, embedded social content, or similar.

CONTROLLER

The controller responsible for processing personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Niesmann-Pflug ZEMA GbR

Hardenburgweg 19

76187 Karlsruhe, Germany

Represented by its partners: Philippe Simon Pflug and Daniel Niesmann.

Email (general): hello@zema.gg

Email (privacy): privacy@zema.gg

Phone: +49 (0) 721 2766337-0

We have not appointed a statutory data protection officer. For privacy matters, requests under Articles 15–21 GDPR, and complaints, please contact privacy@zema.gg.

PURPOSES OF PROCESSING

  • Providing and operating this website (delivering content, security, error analysis).
  • Handling contact requests sent by email (content of your message, metadata such as sender address and time of transmission).
  • Providing the Looking Glass (network diagnostics): running ping/traceroute and limiting abuse (rate limiting).
  • Optionally enriching IP addresses that appear in output with publicly available routing/location hints (see below), when this feature is enabled on the server.

LEGAL BASIS

  • Article 6(1)(f) GDPR (legitimate interests): operating, securing, and preventing misuse of the website and Looking Glass; communication with interested parties and partners.
  • Article 6(1)(b) GDPR, where processing is necessary for pre-contractual steps or performance of a contract.
  • Article 6(1)(a) GDPR, where you consent to specific processing (e.g. future newsletters).

CATEGORIES OF DATA

  • When you visit the site: e.g. IP address, date and time of the request, requested resource, HTTP status, amount of data transferred, referrer, browser and operating system (User-Agent), if logged by the server or hosting environment.
  • Email contact: sender address, message content, time of transmission, and metadata required to handle the request.
  • Looking Glass: targets you enter (IP or hostname), technical diagnostic results, and an identifier for rate limiting (e.g. from proxy headers such as X-Forwarded-For / X-Real-IP, if present).
  • Optional IP-related information for IPs shown in output via an external provider (see “Recipients”), when configured on the server.

RETENTION

Server and access logs are kept only as long as needed for security, troubleshooting, or legal retention—typically a few weeks, unless a longer retention obligation applies.

Emails and related data are deleted once the request is completed and no legal retention duties conflict.

Looking Glass rate-limiting data is discarded after the configured time windows expire (in-memory).

RECIPIENTS

  • Hosting / infrastructure: Operating the website may involve hosting providers or data centres; they may process data on our behalf as processors where applicable.
  • Looking Glass – optional IPinfo: If an IPinfo API configuration is active on the server, IP addresses identifiable from the output may be transmitted to IPinfo Inc., 300 Lenora Street #516, Seattle, WA 98136, USA to display ASN/country information (transfer to a third country outside the EU/EEA possible). Such transfers are carried out in accordance with Articles 44 et seq. GDPR where applicable. The provider’s privacy information: (https://ipinfo.io/privacy).
  • We do not transfer data to other third parties—except to the recipients described above and where we are legally required to disclose data (e.g. to authorities).
  • Third-country transfers (hosting / servers): Where personal data is processed in a third country, we do so only on a basis permitted under Chapter V GDPR, including in particular an adequacy decision of the European Commission pursuant to Article 45 GDPR, where one covers the destination, or appropriate safeguards pursuant to Articles 46 et seq. GDPR, where applicable.

YOUR RIGHTS

Where the legal requirements are met, you have the right to access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR), and to object to processing (Article 21 GDPR). You may also withdraw consent with effect for the future.

You have the right to lodge a complaint with a supervisory authority. Depending on your situation, another authority may be competent; for us, the supervisory authority at the controller’s establishment is primarily relevant.

SUPERVISORY AUTHORITY (OUR ESTABLISHMENT)

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg

Lautenschlagerstraße 20

70173 Stuttgart, Germany

Website: baden-wuerttemberg.datenschutz.de

WITHDRAWAL OF CONSENT

Where we process data on the basis of your consent, you may withdraw it at any time with effect for the future. Lawfulness of processing before withdrawal remains unaffected.

COOKIES, TRACKING, SOCIAL MEDIA

As of now, this website does not use marketing/analytics tools (e.g. Google Analytics), social plugins with automatic data transfer, or non-essential marketing cookies.

Technically necessary or session-related storage may still occur via your browser or the framework; update this section if you introduce specific cookies or consent banners.

SECURITY

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse (including TLS in transit, access restrictions, and keeping software reasonably up to date).

VERSION

Last updated: 7 May 2026 (07/05/2026)

We may update this privacy policy when legal requirements or our services change.