Skip to content

PatchFlux

PatchFlux

Privacy Policy

PatchFlux stores only metadata needed to display news headlines: title, publication date, source name, and link. Article bodies, excerpts, images, or videos are never copied. This policy explains which personal data is processed when you visit the site.

1. Controller under the GDPR

The controller responsible for processing personal data on this website within the meaning of Art. 4 no. 7 GDPR is:

René Omlor
Zinzendorfstraße 3
01069 Dresden
Deutschland

Email for data-protection enquiries: contact@patchflux.de

2. Data Protection Officer

A DPO is not required for this non-commercial private operation (§ 38 BDSG, Germany). Requests are handled directly by the controller.

3. What data we process

When you access the site, the following technical data is processed: the requesting device's IP address, date and time of the request, the requested path, HTTP status code, bytes transferred, referrer (if sent by your browser) and the User-Agent string. The site sets no cookies, loads no client-side analytics or advertising trackers, and creates no user profiles. Comments and helpful votes use a browser-local pseudonymous identity stored in localStorage (random user id and secret). If you post a comment, PatchFlux stores the display name, comment text, related news item, timestamps, moderation status, and a hash of the browser-local secret. If you mark an article as helpful, PatchFlux stores the related news item, pseudonymous user id, vote status, and timestamps. No email address, password, IP address, or device fingerprint is stored by the comment or vote system. In addition, the site stores a purely aggregate visit counter (today / all time) without saving IP addresses or personal profiles.

4. Legal bases and purposes

The access data above is processed on the basis of Art. 6 (1) (f) GDPR (legitimate interests). The legitimate interest lies in the reliable, secure and abuse-free operation of the website and in short-term error and capacity analysis. Should future features process data for the performance of a contract (e.g. contact forms), the legal basis is Art. 6 (1) (b) GDPR.

5. Retention

Platform-side access logs (Azure Static Web Apps, Azure Functions) are retained for up to 7 days. Azure Application Insights stores anonymised telemetry (path, response time, HTTP code, User-Agent category) for up to 30 days; the IP address is used only for coarse geolocation (country/region) and is masked to 0.0.0.0 immediately (DisableIpMasking remains off). Visible comments are retained until they are removed by the operator or by a valid deletion request. Hidden or rejected comments may be retained for moderation evidence and abuse prevention. The operator cannot re-identify individuals from telemetry alone.

6. Processors

The following processor under Art. 28 GDPR is used to operate the site: Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hosting: Azure Static Web Apps + Azure Functions + Azure Table Storage + Application Insights; region ‘West Europe’, data centre: Netherlands).

7. Transfers to third countries

Processing primarily takes place in the EU data centre ‘West Europe’ (Netherlands). Microsoft Corporation (USA), the parent company, may in individual cases (e.g. support, abuse detection) access telemetry data. Transfers to the USA are based on the European Commission's Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and the EU-US Data Privacy Framework (Commission adequacy decision of 10 July 2023); Microsoft Corporation is certified under that framework.

8. Third-party links

Every news item links out to the original publisher. Opening such a link transfers you to that publisher's site; their privacy policy applies from that point. The operator has no influence over their processing.

9. Your rights

Under the GDPR you have the right to information (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection to processing based on legitimate interests (Art. 21). You can exercise these rights informally by emailing the controller above.

10. Right to lodge a complaint

Without prejudice to other remedies, every data subject has the right to lodge a complaint with a data-protection supervisory authority (Art. 77 GDPR), in particular the authority of your habitual residence or the controller's establishment.

11. Automated decision-making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

12. Changes to this policy

This policy is updated when there are legal or technical changes to the operation of the website. The current version is always available on this page.