Privacy policy
Required disclosures under the EU General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG).
This website collects as little data about you as technically possible. No accounts, no cookies, no analytics, no tracking pixels, no fonts from third parties, no social-media plugins. What we do collect, why, and for how long, is described below in detail.
1. Who is responsible
The controller for the processing of personal data on this website, within the meaning of Art. 4 No. 7 GDPR, is:
Creative Mayhem UG (haftungsbeschränkt)
Alte Jakobstraße 92
10179 Berlin
Deutschland
E-mail: [email protected]
Managing director: Christopher Karl Neitzert
2. Principle of data minimisation
This website is a static information site. It does not set cookies, does not use analytics or tracking tools, does not embed third-party content (no social-media plugins, no external fonts, no video embeds, no chat widgets), and does not maintain user accounts. There are no forms that accept personal data; the only way to contact us is by e-mail at the address listed above.
3. Hosting
This website is hosted on servers operated by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. Hetzner processes technical connection data on our behalf under a Data Processing Agreement pursuant to Art. 28 GDPR. The legal basis for this processing is our legitimate interest in the secure and reliable provision of our website (Art. 6 para. 1 lit. f GDPR).
4. Server log files
When you access this website, our web server automatically collects and stores the following information in log files, which your browser transmits to us:
- the IP address of the requesting device
- the date and time of the request
- the URL that was requested and the HTTP status code returned
- the volume of data transferred
- the referrer (the page from which you arrived, if transmitted)
- the user agent (browser and operating-system information)
This data is processed to ensure trouble-free operation, to defend against attacks, and for error analysis. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest). This data is not merged with other data sources and is not passed to third parties. Log files are retained for a maximum of 30 days and are automatically deleted thereafter. In the event of a concrete security incident, affected log entries may be retained longer for the duration of the investigation.
Before log entries are written, client IP addresses are anonymized: the final octet of IPv4 addresses (and the final group of IPv6 addresses) is removed and replaced with zero. Stored log entries therefore identify a network range, not an individual visitor.
5. SSL / TLS encryption
For security reasons, this website uses SSL/TLS encryption on all connections. You can recognise an encrypted connection by the “https://” prefix in your browser's address bar and the lock icon. While encryption is active, the data you transmit to us cannot be read by third parties.
6. Contact by e-mail
If you contact us by e-mail, the details you provide (at minimum your e-mail address, plus any content you send) are processed for the purpose of handling your inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual or contractual communication) or Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to your inquiry). We delete this information as soon as the purpose of processing has been fulfilled, unless statutory retention obligations apply.
7. External links
This website contains links to external websites (for example to our GitHub organisation (see the GitHub privacy statement), to Discord (see the Discord privacy policy), to the Steam store, and to reference documents such as c2pa.org). When you click such a link, you leave our area of responsibility. We have no control over how those third parties process your data. Their respective privacy policies apply.
8. No automated decision-making
We do not engage in automated decision-making (including profiling) within the meaning of Art. 22 GDPR.
9. Your rights
Under the GDPR you have, among others, the following rights with respect to personal data about you that we process:
- Right of access (Art. 15 GDPR), to know what we hold about you
- Right to rectification (Art. 16 GDPR), to have inaccurate data corrected
- Right to erasure (Art. 17 GDPR), the “right to be forgotten”
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw a previously granted consent with effect for the future (Art. 7 para. 3 GDPR)
To exercise any of these rights, contact us at the e-mail address given in Section 1.
10. Right to lodge a complaint
You have the right to lodge a complaint with a data-protection supervisory authority about our processing of your personal data (Art. 77 GDPR). The competent authority for our company is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin, Germany
www.datenschutz-berlin.de
11. International transfers
Personal data we process on our own infrastructure stays on servers located within the European Union. Where you interact with us through third-party platforms (for example by opening an issue on GitHub, contacting us on Discord, or installing software via Steam), the data you submit is processed by the respective platform operator, which is established in the United States. Those operators rely on the EU-US Data Privacy Framework as the legal mechanism for transfers out of the EEA. Valve Corporation (operator of Steam) is established in Bellevue, WA, USA; GitHub Inc. and Discord Inc. are likewise US-based. The platforms’ own privacy policies, linked in section 7, govern their processing.
12. Changes to this policy
This privacy policy is current as of the date shown below. As we further develop our website or in response to changes in law or regulatory guidance, it may become necessary to update this policy. The current version is always available on this page.
This privacy policy is provided in English because vAIdeo.bot is an English-language service. Under Art. 12 GDPR, we may address data subjects in a language they understand; for our audience, that language is English.