Privacy Policy

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data when you visit this website (randolt.com). The German version is the legally binding one; this English translation is provided for convenience only.

Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Peter Faust
Peterion Solutions (sole proprietorship)
Schmittstr. 4
53123 Bonn
Germany

Email: info@randolt.com

Further details can be found in the Legal Notice.

Overview

This is a static website with no user accounts, no login, and no payment or ordering functions. We therefore process personal data only to the extent necessary to operate the site securely, to obtain your consent for embedded content, and to handle any contact you initiate. We do not sell data and we do not use any cross-site advertising tracking. No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

Provision of the website and web hosting

This website is hosted by Cloudflare, Inc. (Cloudflare Workers, static-assets hosting). The same provider — the Cloudflare R2 storage service under cdn.randolt.com — also delivers media files (e.g. covers, audio snippets, press material); this is exclusively first-party content with no third-party tracking.

When you access the site and when these files are retrieved, the host processes technically necessary access data in server log files, in particular your IP address, the date and time of access, the page requested, the volume of data transferred, and information about your browser and operating system. This processing is necessary to deliver the website and to ensure its stability and security.

The legal basis is our legitimate interest in providing a secure and efficient website (Art. 6(1)(f) GDPR). A data processing agreement (Art. 28 GDPR) is in place with Cloudflare. Cloudflare operates a global network and generally serves requests from the nearest location; for visitors from Germany this is typically a location within the EU. Cloudflare, Inc. is based in the USA, so processing in third countries (in particular the USA) cannot be ruled out. Such transfers are safeguarded by appropriate guarantees — EU Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

Data security

This website is served exclusively over an encrypted HTTPS (TLS) connection. This protects the transmission of your data against unauthorised access by third parties.

To manage your consent for embedded third-party content (see below), we use the consent management feature of Cloudflare Zaraz. Your choice is stored locally in your browser so that it is honoured on future visits; the storage period is up to six months. You can change or withdraw your consent at any time, with effect for the future, via the “Privacy settings” button in the footer.

Storing your consent decision is technically necessary in order to document and implement your consent or objection (Art. 6(1)(c) and (f) GDPR).

Embedded third-party content (Spotify, YouTube, TikTok)

In places we embed content from third-party providers to make music and videos playable directly:

This content is loaded only after you have given your explicit consent. Until then you see only a placeholder at the relevant spot, and no data is transmitted to the providers. Once you activate an embed, your browser establishes a direct connection to the respective provider. At a minimum, your IP address and technical information are transmitted to the provider, and the provider may set its own cookies or comparable technologies. We have no influence over this processing by the provider; the provider’s own privacy notices apply.

A transfer to third countries (including the USA) is possible here and is safeguarded by EU Standard Contractual Clauses or an applicable adequacy decision.

The legal basis is your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG). You can withdraw your consent at any time with effect for the future (see the “Privacy settings” button in the footer).

Fonts

All fonts used are served locally from this website. There is no connection to third-party font CDNs (e.g. Google Fonts); no data is transmitted to third parties for this purpose.

Contact

The website provides email addresses for various purposes (e.g. general enquiries, press, licensing/track requests). These are implemented as mailto: links and open your own email program — there is no contact form, no form backend, and no tracking. If you write to us, we process the data you provide (e.g. name, email address, content of the message) solely to handle your enquiry.

The legal basis is Art. 6(1)(b) GDPR (pre-contractual or contractual communication) or Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). We store your enquiry until it has been fully dealt with and no statutory retention obligations apply.

Newsletter

This website currently does not offer a newsletter. As soon as a newsletter service is integrated, we will update this Privacy Policy with the relevant information (in particular regarding the double-opt-in procedure and the service provider used).

Retention

We process personal data only for as long as is necessary for the respective purposes stated. Server log files are deleted or anonymised after a short time. Consent decisions are stored for up to six months. Email enquiries are deleted once they have been resolved and no retention obligations exist.

Your rights

In relation to the controller, you have the following rights regarding your personal data:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing based on legitimate interests (Art. 21 GDPR)

Where processing is based on your consent, you may withdraw it at any time with effect for the future (Art. 7(3) GDPR); the lawfulness of processing carried out before the withdrawal remains unaffected.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data (Art. 77 GDPR). The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), ldi.nrw.de. You may also contact the supervisory authority of your habitual residence.

Changes to this Privacy Policy

We update this Privacy Policy whenever the underlying processing changes (e.g. when new services are integrated). The current version published here applies in each case; the date of the last update is shown above.