Privacy Policy
Last updated: September 29, 2025
1. Data Controller
Responsible for data processing on this website:
Jean Claude Munyakazi
Nazarethkirchstr. 37
13347 Berlin
Germany
Email: [email protected]
2. General Information
This privacy policy explains how we collect, use, and protect your personal data when you visit our website https://munyakazi.org. We take data protection seriously and process your data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
3. Hosting and Server
This website is self-hosted on a Raspberry Pi server located in Berlin, Germany. The server runs Ubuntu Server with a LAMP stack (Apache, MariaDB, PHP). All data is processed and stored within Germany.
Server Logs
When you visit our website, our server automatically collects the following information:
- IP address (anonymized after 7 days)
- Date and time of access
- Browser type and version
- Operating system
- Referrer URL (the page you came from)
- Pages visited on our site
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring system security and improving our service)
Retention period: Log files are automatically deleted after 14 days
4. SSL/TLS Encryption
This website uses SSL/TLS encryption (HTTPS) for secure data transmission. All data transmitted between your browser and our server is encrypted. We use Let's Encrypt certificates managed by Certbot.
5. Cloudflare CDN
We use Cloudflare as a Content Delivery Network (CDN) and security service to improve website performance and protect against malicious attacks.
When you visit our site, your request may pass through Cloudflare's network. Cloudflare may process:
- Your IP address
- System configuration information
- Page visited
Cloudflare is certified under the EU-US Data Privacy Framework. More information: Cloudflare Privacy Policy
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security and performance)
6. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies to help analyze how users interact with the website.
Data Collected by Google Analytics:
- Pages viewed
- Time spent on pages
- Browser and device information
- Anonymized IP addresses (IP anonymization is enabled)
- Geographic location (country/city level)
We have configured Google Analytics with IP anonymization, which means your full IP address is shortened within the EU before transmission to Google's servers.
Data transfer to USA: Google may transfer data to the USA. Google is certified under the EU-US Data Privacy Framework.
Legal basis: Art. 6(1)(a) GDPR (your consent via cookie banner)
Opt-out: You can prevent Google Analytics from collecting data by:
- Declining analytics cookies in our cookie banner
- Installing the Google Analytics Opt-out Browser Add-on
- Enabling "Do Not Track" in your browser settings
More information: Google Privacy Policy
7. Cookies
Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device.
Types of Cookies We Use:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality, login sessions, and security | Session or up to 2 weeks |
| Comment Cookies | Save your name and email when leaving comments | 1 year |
| Analytics Cookies | Google Analytics tracking (requires consent) | Up to 2 years |
You can control and delete cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
8. Contact Form
When you submit our contact form, we collect:
- Your name
- Email address
- Message content
- Timestamp and IP address (for spam prevention)
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (pre-contractual measures)
Purpose: To respond to your inquiries
Retention period: Contact form submissions are retained until your inquiry is resolved, then deleted unless we have a legal obligation to retain them
9. Comments
When you leave comments on our site, we collect:
- Comment text
- Your name and email address
- IP address and browser user agent (for spam detection)
- Timestamp
If you use Gravatar, an anonymized hash of your email address may be sent to Gravatar to display your profile picture. See Gravatar Privacy Policy.
Legal basis: Art. 6(1)(a) GDPR (consent by submitting the comment)
Retention period: Comments are retained indefinitely unless you request deletion
10. Media Uploads
If you upload images to the website, avoid including embedded location data (EXIF GPS) as visitors can download and extract this information from images.
11. Embedded Content
Articles on this site may include embedded content (videos, images, etc.) from external websites like YouTube, Vimeo, or Twitter. When you view embedded content, these external sites may collect data about you, use cookies, and track your interaction.
We have no control over data processing by these third parties. Please refer to their respective privacy policies.
12. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR): Request information about your personal data we process
- Right to rectification (Art. 16 GDPR): Request correction of inaccurate data
- Right to erasure (Art. 17 GDPR): Request deletion of your data
- Right to restriction (Art. 18 GDPR): Request limitation of data processing
- Right to data portability (Art. 20 GDPR): Receive your data in a structured format
- Right to object (Art. 21 GDPR): Object to data processing based on legitimate interests
- Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time
To exercise these rights, contact us at [email protected]
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority if you believe your data is being processed unlawfully.
German Federal Commissioner for Data Protection and Freedom of Information (BfDI):
https://www.bfdi.bund.de
14. Data Retention
We retain your personal data only as long as necessary for the purposes stated in this policy or as required by law:
- Server logs: 14 days
- Comments: Indefinitely (unless deletion requested)
- Contact form data: Until inquiry resolved
- Analytics data: Up to 26 months (Google Analytics default)
15. Automated Decision-Making
We do not use automated decision-making or profiling as defined in Art. 22 GDPR.
16. Data Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data transmission
- Regular security updates and patches
- Firewall and intrusion detection
- Access controls and authentication
- Regular backups
17. Third-Party Services Summary
This website uses the following third-party services that may process your data:
- Cloudflare: CDN and security (USA)
- Google Analytics: Website analytics (USA)
- Gravatar (Automattic): Profile pictures in comments (USA)
- Let's Encrypt: SSL certificates (USA)
18. Children's Privacy
This website is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.
19. Changes to This Privacy Policy
We may update this privacy policy from time to time. The current version is always available at this page. Significant changes will be announced on our website.
20. Contact
For questions about this privacy policy or your personal data, contact:
Jean Claude Munyakazi
Email: [email protected]
Note: This privacy policy is designed to comply with GDPR and German data protection law. If you have concerns about how your data is processed, you can contact us at any time or file a complaint with the supervisory authority.