Processing of personal data

Why is personal data processed and how does it happen?

Retrieval of web pages

When accessing these web pages, the visitor's browser automatically transmits data about the desired resource, the IP address to which the data needs to be transmitted, as well as specific data from previous requests (cookies, referers, forms, etc.).

Parts of this data is automatically logged to ensure technical operation. This data is basically only used for manual post-mortem analysis, otherwise automatically deleted after seven days.


Unregistered users do not receive any cookies from the web server.

At explicit request of the user, details for the comment field's comment data are stored in the browser via a cookie. This is used to enter this data when you later use the comment field again. This cookie is deleted by the browser at the latest after one year, a manual deletion is possible at any time by the user in his browser preferences. The cookie is not stored on the server side.

At the beginning of a registration or login, a session cookie is set, which serves to recognize the user until logging out. This cookie is automatically deleted when the browser is closed. The cookie is not stored on the server side.

For authenticated users further cookies can be set to technically implement different workflows. A storage of these cookies on server side does not take place.

Only for administrative tasks a login is necessary, the normal use is generally without login.

Embedding external content

Basically, all content is delivered directly from the server.

An embedding of external content occurs automatically when the content can not be provided technically locally. This generally applies to the browser-dependent provision of Javascript / CSS / font data for a consistent presentation of the web content. Typically, this data is cached by the browser and fetched only once. A correlation between the individual website visits and the reloading of these resources is therefore not mandatory.

By way of example, videos can also be embedded in order to access the externally available streaming resources.

In all these cases, the browser of the visitor himself sends corresponding data to the respective external server.

Interactive content

The website offers interactive content. These are - as far as technically possible - executed as Javascript in the browser of the user.

If certain contents are determined dynamically on the server side, then basically no further log is led over these actions. If processing errors occur, you can run any detailed logs for troubleshooting purposes. These are automatically deleted after seven days.

Individual active content may also itself access other external resources, eg a security scan via user-defined network areas.


It is basically possible to comment on provided content. These comments are publicly available and are indexed by search engines.

When creating a comment, the user is asked to provide their name and email address. A web link is optional.

  • The specified name and optional URL are displayed along with the comment. This serves to improve the communication, as this allows the assignment of the contributions in a discussion. The name and the URL are not validated.
  • The email address is not displayed. It is used exclusively for contacting the commentator for administrative purposes. It is not validated during input.
  • The IP address of the commentator is automatically entered and saved as the other information along with the comment. This serves to unambiguously assign a comment to a source. This IP is issued when law enforcement agencies request. In addition, the IP is used to automatically block the comment spam.

There is no claim to publication of comments. Comments are deleted administratively if they are annoying or foreign. A manual deletion of comments is possible if the deletion request was sent with the appropriate e-mail address and the deletion does not destroy a thematic context.

Supervisory authority

In case of complaints, please contact the Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI) (link to Google Translate).