The controller responsible for the processing of personal data on this website is:

A separate Data Protection Officer (DPO) is not required and has not been appointed (§ 38 BDSG).

This website is a personal portfolio. It does not run a shop, a booking flow, a member area, a comments section, or any paid feature. There is no sign-up and no payment.

Personal data is only processed where it is technically unavoidable (server access logs) or where you actively initiate it yourself (sending an email). All data processing follows the principles of data minimization and purpose limitation set out in Art. 5 GDPR.

When you visit this website, my hosting provider STRATO automatically collects information that your browser transmits to the server, and stores it in so-called server log files. The following data is recorded:

Legal basis: Art. 6 (1)(f) GDPR. The legitimate interest is to ensure the security and stability of the site, troubleshoot errors, and defend against abuse.

Retention: Raw IP addresses are kept by STRATO for a maximum of 7 days for attack detection and defence; afterwards they are deleted. Depending on the hosting package, log files may also be accessible to me via the STRATO Kunden-Login for the same period.

The data is not merged with any other data sources and is not used to identify visitors.

This site provides only a mailto: link — there is no on-page contact form. If you send an email to mail@andreasriesener.com, your message and the data it contains (name, email address, message body, any attachments) is transmitted to my email provider and stored there in order to process your request.

Legal basis: Art. 6 (1)(b) GDPR if the contact is related to a (potential) contract; otherwise Art. 6 (1)(f) GDPR for the legitimate interest of replying to inbound business correspondence.

Retention: Correspondence is retained for as long as the business relationship requires, and afterwards in accordance with statutory retention obligations (§ 147 AO, § 257 HGB — up to 10 years for tax-relevant correspondence).

All fonts used on this website are served from the same origin as the site itself, as locally bundled .woff2 files via @font-face. No request is made to fonts.googleapis.com, fonts.gstatic.com, or any other third-party font CDN.

This means: no external party receives your IP address simply for the purpose of loading a typeface.

This website links to external profiles (Vimeo, Behance, LinkedIn, YouTube, X / Twitter). These are plain text links — no social-plugin scripts, no share buttons, no pixel, no Insight Tag. No data is transmitted to those platforms unless you actively click a link and navigate to them.

The “Play Showreel” button on the homepage opens an embedded Vimeo player in a modal overlay — but only after you actively click it. No Vimeo request is made on the initial page visit. When you trigger the player, it loads from player.vimeo.com with Vimeo’s Do-Not-Track parameter (?dnt=1) enabled, which disables analytics and audience tracking for that playback. Vimeo will still receive standard request data (IP address, User-Agent, referrer) for the duration of the playback session — this is unavoidable for any video stream. For details, see Vimeo’s privacy policy.

I have no influence over the data handling of these third-party platforms once you click through to them.

The following processor handles personal data on my behalf within the meaning of Art. 28 GDPR. A separate Auftragsverarbeitungsvertrag (AVV) is currently being concluded via the STRATO Kunden-Login.

You have the following rights with respect to your personal data:

To exercise any of these rights, please contact me via email (mail@andreasriesener.com). I will respond without undue delay and at the latest within one month.

You have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for me is:

Personal data is only stored for as long as is necessary for the respective purpose or as long as statutory retention obligations require:

I may update this Privacy Policy to reflect changes in technical practices or in the legal framework. The current version is always the one published on this page; the date of the last update is shown at the top of this document.