data protection

about this website

website url:

This is a personal, non-commercial website, established for personal blogging and information about my artistic activity. It is not involved in business models such as webshops or advertising, it does not generate any revenue. Its content represents artistic content and information. Work of other artists is not mentioned for commercial reasons, but because I personally like the work.

contact information

mail: Nederkouter 71-C, 9000 Gent, Belgium
phone: +32-494049474

data protection and privacy

  1. During your visit, the server hosting this website logs your IP address, browser type as well as url, date, time of your access for security reasons (GDPR Art. 6 (1) f). This server-log will be automatically deleted after 14 days. The website owner has access to these logs for one day after your visit (which is the minimum setting).
  2. This website does by design not use cookies and does not incorporate any other third party services or functionality that track you online. It does not save or process any personal data beyond the logging that takes place on server level.


  • As soon as you click on a link on this website that leads to an external location, other websites or social media, these may give you cookies and track you. This is out of the reach and responsibility of the website owner.
  • If you send me an email, your email address and any data that you share with the email will be saved as long as necessary to deal with your question.
  • For data protection purposes, I usually avoid embedding third party content. Should this be necessary in exceptional cases, I will place a warning that this content might deliver cookies or web-beacons which might track user behavior (see below “embedded content / links to social media”)

general data protection policy

categories of processed data

If you visit the website: on the server of the sharehosting service Combell:

  • usage data (visited url’s, time and date of the access).
  • meta- and communication data about the user (ip-address, information about browser type).

On the shared-server-account of the website owner:

  • none.

If you decide to write an email to us:

  • your email address and any contact and personal data that you share, will be deleted after it is not needed anymore to respond to your question, legal basis: Art. 6 Abs. 1 lit. f GDPR and Art. 28 GDPR.

categories of data subjects

purpose of the data processing

  • providing access to the website, its content and functionality.
  • online security.

We inform you about the lawfulness and legal basis of the data processing in compliance with Art. 13 GDPR. Unless other legal basis is cited in this data protection policy, the following applies: The legal basis for the data processing in the context of the implementation and service of this website and response to requests is Art. 6 (1) lit. b GDPR, the legal basis for data processing to comply with legal obligations is Art. 6 (1) lit. c GDPR, the legal basis for data processing according to our legitimate interests is Art. 6 (1) lit. f GDPR. In case vital interests of data subjects are affected, Art. 6 (1) lit. d GDPR applies.

security measures

In compliance with Art. 32 GDPR, we are applying appropriate technical and organisational measures, taking into account the state of the technology, costs and effort, to deliver an appropriate security level for users and minimise data processing to the necessary, in order to reduce possible risks for the data subjects, their rights and freedoms.

These measures, most importantly, include those ensuring privacy, integrity and accessibility of the data by controlling physical access to the data, by controlling the access concerning the user acces, upload, sharing, saving, accessibility and selective access. Furthermore, we have a policy in place for you to exercise your rights as a user concerning deletion and response to data breaches.

This website has been designed with privacy and data protection by design in mind, by choosing appropriate hardware and software technology that adhere to the principles of data protection by technical design and privacy-friendly defaults (Art. 25 GDPR).

collaboration with sharehoster

If we share data about you with third parties or order them to process it (“Auftragsverarbeitern oder Dritten”), this happens based on a legal basis that allows us to offer our services (e.g. Art. 6 (1) lit. b GDPR), you have given us consent, to fulfil a legal requirement or on the legal basis of our legitimate interests (“legitimate interests”, GDPR Art. 6 (1) f.1

The legal basis of “legitimate interests” according to GDPR Art. 6 (1) f1 applies as basis for our collaboration with the sharehosting provider Combell in delivering our website and their logging.

The collaboration with Combell concerning data processing is secured by a legal agreement, according Art. 28 GDPR.

data transfer to other countries

If we process any data in another country outside of the EU, this happens on the condition of a legal basis of contractual responsibilities, on the legal basis of your informed consent, on legal requirements or on our legitimate interests. If we do so, special regulations of data protection in that country apply (e.g. in the USA „Privacy Shield“) and other legal responsibilities („Standardvertragsklauseln“).

in detail: data processing and data security on this website

data processing and protection policy of the shared server provider: server logs

The hosting provider of the shared webspace account, Combell, notified me that the server on which my webspace is located logs the following personal data about users and their activity on my website domain in order to secure the server against cyberattacks, conform with legal requirements, and improve their services (“legitimate interests”, GDPR Art. 6 (1) f).1

  • accessed url, date and time of any access to this website.
  • ip-address, operating system and browser that accessed the url.

This log data is kept on the server for a maximum of 14 days, after this time period the logged data will be automatically deleted. The owner of the website has access to these logs for one day for security reasons, which is the minimum possible setting that the sharehoster offers. The settings of the shared server account are set to not write any statistics about user activity.

The handling of this data on the side of Combell is part of the legal agreement about data processing between Combell and the owner of the website who rents the server space.

Users are informed about the general data protection policy and about the server logging in short terms when visiting the website with a post on the main page.

data processing and protection policy of the website owner

This website is non-commercial and is designed to protect user’s data and privacy by design by reducing user data collection and processing to the absolute minimum required for operation and by design avoids exposure of user data and data about user behavior to third parties.

This website does not collect any user data on its shared server account. This is to my knowledge the maximum extent to which I can ensure no unnecessary data is collected or processed.

This means:

  • the website domain is configured with letsencrypt-SSL https to ensure secure communication between user and server.
  • this website operates in static page mode without a database like mysql, mariadb etc. behind it.
  • this website does not use cookies, persistent cookies or hashes to identify or track users. It does not incorporate functionality that might need this kind of data (contact-forms, login-forms, comment-forms, gravatar).
  • this website does not allow users to upload any files with which they could reveal personal data.
  • this website does not collect or store any personal user data (email-addresses, ip-addresses, etc.). It does not incorporate functionality that might need this kind of data (newsletters, login-forms, comment-forms).
  • this website does not incorporate any external, third party advertisement, statistical analytics plugins or spam-protection services that collect user data and track them.
  • this website does not incorporate any active social media buttons that track users. The twitter-buttons are merely graphical links to the twitter service.
  • this website further minimizes exposure of visitors to third party tracking by using only assets (fonts, scripts) ‘locally’ stored on its shared server for displaying the content (no cdn’s, no googleapis etc.).
  • this website does not implement a newsletter functionality, it does not ask for or save any of its user’s email addresses.
  • this website does not share user data with any other service or third party. Also not outside of the EU. It also does not receive any data from other services that would enable user data processing.
  • no automated decision making and/or profiling is done with the user data that was not recorded.

Users are informed about the general data protection policy and about the server logging in short terms when visiting the website with a post on the main page.

embedded content
  • the author of this website strives to avoid embedding third party content (e.g. videos, images, articles, etc.) linked to external services due to privacy reasons.
  • If he does, this will happen on the legal basis of our legitimate interest to deliver our services as an exception and with an embedded warning for users about cookies and web beacons.

Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. These websites may collect data about the visitor, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Users should be aware that if they click on a social media link, this link takes them to a social media service which will probably save a cookie in their browser and track it.

user rights

Users have the right to inquire via the contact information provided above and below whether any and which data by or about them was collected by my server account and, if there is any, request to hand it over in a portable format to transmit them to other platforms (Art. 15, 20 GDPR).

They also have the right to request that I erase any personal data on the server account that might have been saved about them (Art. 17 GDPR) or restrict access to this data (Art. 18 GDPR). The right to require deletion does not include any data that is obliged to keep for administrative, legal, or security purposes.

They have the right that I rectify false information stored about or by them (Art. 16 GDPR).

Users have the right to at any point lodge an objection against storage or processing of their data (Art. 77 GDPR).

Users have the right to object against future data processing (Art. 21 GDPR) and withdraw their opt-in permissions (Art. 7 (3) GDPR).

To exercise these rights, users can contact the website owner (see contact above, below) or the sharehosting provider:

name: Combell
contact: contact form

protection and data breaches

data protection

This website follows the approach to not use cookies, not collect user data and limit exposure of users to third parties to the absolute minimum. A simple website / blog like this one does not require any user data for operation, it just serves webpages. That is the philosophy, its implementation is described above.

The sharehoster Combell is a hosting company and has - to my knowledge - professional data protection policies and technological implementation in place. The server logs of user access and activity on are deleted automatically 14 days after the access. The website owner has access to these logs for the minimum time period that the settings allow: one day. This task (logging and deletion) is performed by Combell based on a data processing agreement between Combell and the website owner and legally based on GDPR Art. 6 (1) f (“legitimate interests”).1

data breach procedure

The best protection against data breaches is: no data collection. See above.

Should the server account of be compromised or a data breach on the server is noticed, I will be in touch with the provider and go through the breach and protection protocols and notify users as soon as possible via the website and twitter - as I have no personal data that would allow me to inform them individually.

contact information

mail: Nederkouter 71-C, 9000 Gent, Belgium
phone: +32-494049474

  1. See Art. 6 GDPR (1) f: “Processing shall be lawful only if and to the extent that at least one of the following applies: […] f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, […].” [return]