Kevin Luck
DE / EN
PRIVACY // DATENSCHUTZ

Privacy

Privacy notice on how personal data is processed on this website.

Last Updated Mai 2026

1. Data Controller

Kevin Luck – Kevin Luck PHOTOGRAPHY\nOdensehof 5\n30457 Hannover\nGermany\nEmail: hello@kevinluck.de

2. Data Protection Officer

There is no statutory obligation to appoint a data protection officer.

3. Hosting and technical provision

This website is operated on a Hostinger VPS with server location in Germany. Technical server logs are processed (e.g. IP address, timestamp, requested URL, user agent, referrer) to ensure stability and security.

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website operation).

4. Contact form

When using the contact form, we process name, email address, company, message and technically required metadata (pseudonymized IP fingerprint, optionally shortened user agent and referrer origin) for handling requests, abuse prevention and service stability.

Legal basis is Art. 6(1)(b) GDPR (initiation and handling of requests) and Art. 6(1)(f) GDPR (abuse prevention and operational stability).

5. Email delivery (SMTP)

Contact requests are delivered via SMTP infrastructure on the Hostinger VPS. Data required for message delivery is processed.

Legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

6. Analytics with Umami (self-hosted)

This website uses a self-hosted Umami instance on the own Hostinger VPS (server location Germany). Umami runs without cookies and without personal user profiles. Processed are pseudonymized usage data (e.g. visited page, referrer, device type, browser, country).

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in audience measurement and content optimization). Do-Not-Track settings are respected.

7. CMS and integrations

For content and editorial processes, Directus is operated on the own Hostinger VPS (server location Germany). Integration and observability events are also processed via the CostControl gateway, likewise on the own Hostinger VPS (server location Germany).

Legal basis is Art. 6(1)(f) GDPR (legitimate interest in structured operational and quality assurance of digital processes).

8. Recipients/categories of recipients

Recipients are only parties required for operation and communication, especially hosting/infrastructure, mail delivery, CMS and integration components. Systems run on the own Hostinger VPS (Germany); access is limited to the controller.

9. Retention periods

• Contact requests: 12 months
• Mail queue/retry data: 30 days
• Server logs: 14 days
• Umami analytics: 12 months
• Backups: 30 days (rolling)

Deletion periods for contact requests and mail queue data are technically enforced via regular retention jobs.

10. Third-country transfers

Transfer of personal data to third countries is not intended as long as the self-hosted systems used here are involved. When external communication services are used (e.g. Telegram), processing outside the EU cannot be ruled out.

11. Your rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).

Please send requests to: hello@kevinluck.de

You also have the right to lodge a complaint with a data protection supervisory authority.

12. Automated decision-making

Automated decision-making including profiling according to Art. 22 GDPR does not take place.

Version: May 2026

Direct Inquiry

Questions regarding privacy?

hello@kevinluck.de