Privacy policy

This privacy policy informs about the nature, scope, and purpose of the processing of personal data when visiting this website pursuant to the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG).

1. Controller

Controller within the meaning of the GDPR and other national data protection laws:

Michael Freiherr Roeder von Diersburg
Knobelsdorffstraße 21
14059 Berlin
Germany
Email: mail@michaelvonroeder.com

A data protection officer is not required, as the prerequisites of Art. 37 GDPR in conjunction with § 38 BDSG are not met.

2. General notes on data processing

This website is a statically generated personal profile. It does not use cookies, tracking, advertising or analytics pixels, retargeting, newsletter functions, contact forms, or login mechanisms. Third-party content is not embedded on plain page load; individual YouTube recordings are provided as click-to-play placeholders and are loaded as an iframe (youtube-nocookie.com) only after active user confirmation through a click — see the YouTube section below. Links to external platforms are pure hyperlinks and are only opened through an active click.

Processing of personal data therefore only takes place to the technically unavoidable extent described below — in particular when the page is delivered via the hosting provider and when contacting us directly by e-mail.

3. Hosting and server logfiles

This website is hosted on the platform of Netlify, Inc., 512 2nd Street, Fl 2, San Francisco, CA 94107, USA (hereinafter: "Netlify"). Netlify operates a globally distributed edge network and ensures the delivery and technical stability of this website.

With every page request, Netlify automatically stores the following technical access data in logfiles:

  • IP address of the requesting device
  • Date and time of access
  • Requested URL and HTTP status code
  • Volume of data transferred
  • Referring URL (referrer)
  • Browser used, browser version, operating system

These data are processed exclusively to ensure error-free operation, to improve network and content performance, and to defend against abusive requests. They are not combined with other data sources or evaluated for marketing or profiling purposes.

According to Netlify, the full IP address is automatically deleted after 30 days; subsequently, aggregated and non-personally-identifiable statistics may be retained for longer.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technically error-free provision of the website).

Data processing agreement: A data processing agreement (Data Processing Addendum) pursuant to Art. 28 GDPR is in place with Netlify. Delivery of content takes place primarily via edge nodes within the European Union; transfers to the United States only occur to the extent technically required to operate the CDN. Netlify, Inc. is an active participant in the EU-U.S. Data Privacy Framework; additionally, EU Standard Contractual Clauses are used.

Netlify privacy policy ↗ · Netlify GDPR/CCPA notes ↗

4. Cookies, local storage, and tracking

This website does not set any cookies and uses neither localStorage nor sessionStorage to store personal data. No tracking, analytics, or advertising technologies are deployed (no Google Analytics, no Meta Pixel, no Plausible, no Matomo, no Hotjar, no A/B-testing tool). Consent under § 25 TDDDG is therefore not required; a cookie banner is intentionally omitted for this reason.

5. Fonts and static assets

The fonts used on this website (Source Serif 4, Inter, JetBrains Mono) are loaded exclusively from our own server (self-hosted via @fontsource packages). No request is made to the Google Fonts API or other external font providers; accordingly, no IP addresses or browser information are transmitted to Google or third parties.

Likewise, all images, logos, and documents (e.g. press photo download) are served directly from this site. No external image CDNs, avatar services, or Gravatar endpoints are queried.

6. Contact by email

When you contact us by email (e.g. via the mailto link in the bio or in the footer), the personal data transmitted (at minimum email address, optionally name, content of the message) are used exclusively to handle the enquiry and for any subsequent correspondence.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to legitimate enquiries) and, insofar as the enquiry aims at a contractual relationship, Art. 6(1)(b) GDPR.

Retention: Email correspondence is retained for as long as required for the processing purpose and otherwise for as long as statutory retention obligations (in particular under commercial and tax law, e.g. § 257 HGB, § 147 AO) require. The data are deleted thereafter.

7. External links

This website contains links to external third-party sites — in particular publishers, conference sites, podcast platforms (Spotify, Apple Podcasts, YouTube, Podigee), professional profiles (LinkedIn), and corporate sites of associated endeavors. By clicking such a link you leave this site. We have no influence on how the respective third-party processes your personal data; the privacy notice of the respective provider applies exclusively. The service provider recommends consulting these before use.

8. Rights of the data subject

You have the right at any time to:

  • Access (Art. 15 GDPR) — information about the data processed about you.
  • Rectification (Art. 16 GDPR) — rectification of inaccurate or completion of incomplete data.
  • Erasure (Art. 17 GDPR) — erasure of your data ("right to be forgotten").
  • Restriction of processing (Art. 18 GDPR).
  • Data portability (Art. 20 GDPR) — receipt of your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21 GDPR) — objection to processing on grounds arising from your particular situation.
  • Withdrawal of consent (Art. 7(3) GDPR) — withdrawal takes effect for the future and does not affect the lawfulness of processing carried out beforehand.

An informal message to the e-mail address listed under section 1 is sufficient to assert these rights.

9. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for the service provider is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Email: mailbox@datenschutz-berlin.de
Web: www.datenschutz-berlin.de

10. Data security

This website is delivered exclusively in encrypted form via HTTPS (TLS 1.2 / 1.3). The TLS certificate is automatically provided by Let's Encrypt through Netlify's CDN and is renewed regularly. Personal data are therefore transmitted using transport encryption that reflects the current state of the art.

11. No automated decision-making

No automated decision-making within the meaning of Art. 22 GDPR takes place; in particular, no profiling is carried out.

12. Audience measurement with Plausible Analytics (self-hosted)

For statistical analysis of visitor behaviour this website uses the open-source service Plausible Analytics (Community Edition, AGPL-3.0). Plausible runs on a server instance operated by the service provider itself within the European Union (data centre Frankfurt am Main, Germany); no data is transmitted to Plausible Insights OÜ or any other third party. This is therefore not data processing on behalf within the meaning of Art. 28 GDPR but processing carried out solely by the controller.

Plausible does not use cookies, cross-site, or cross-device tracking. No information is stored on or read from the user's device within the meaning of § 25 TDDDG; consent is therefore not required.

Only aggregated, non-personally-identifiable metrics are processed:

  • Requested URL and timestamp
  • Referring URL (referrer)
  • Browser family and operating-system family
  • Screen size class (e.g. "Mobile", "Tablet", "Desktop")
  • Country, derived from the IP address (e.g. "DE")
  • Anonymous custom events on interactions such as bio copy, press-photo download, and clicks on external references

The user's IP address is never stored. To distinguish recurring visits within a single day, Plausible generates a daily-rotating, non-reversible hash from IP address, user agent, hostname, and a daily-changing salt. This hash is automatically discarded after 24 hours; recognition beyond that day is technically impossible.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in a privacy-friendly measurement of reach and usage on the controller's own website without cookies or third-party trackers.

Further information on the Plausible data model: plausible.io/data-policy ↗. The source code is publicly available at github.com/plausible/community-edition ↗.

13. Embedding of third-party videos (YouTube, Instagram) — click-to-play

On some detail pages (in particular Speaking and Conversations), videos and reels are embedded — as YouTube recordings or Instagram reels. These contents are NOT loaded when the page is opened; instead a click-to-play placeholder is shown — a preview box with title and play button. Only after an active click on this button is the respective player loaded as an iframe.

On click, an iframe from the youtube-nocookie.com domain is loaded. This is YouTube’s privacy-enhanced mode, in which tracking cookies are only set when a video is actually played. From that moment, personal data (in particular IP address, device and browser information, playback behaviour) is transmitted to Google Ireland Limited / Google LLC. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for processing is Art. 6(1)(a) GDPR (consent), provided through the active click on the play placeholder, and Art. 6(1)(f) GDPR (legitimate interest in presenting one’s own public appearances). Data may be transferred to the United States; Google is certified under the EU-US Data Privacy Framework. Further information is available in Google’s privacy policy: policies.google.com/privacy ↗.

For Instagram reels (short versions of individual conversations), an iframe from the instagram.com domain is loaded on click. The service provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When the iframe is loaded and played, personal data (IP address, device and browser information, account data if logged in to Instagram, playback behaviour) is transmitted to Meta and may be transferred to the United States; Meta is certified under the EU-US Data Privacy Framework. Legal basis is likewise Art. 6(1)(a) GDPR (consent via click) and Art. 6(1)(f) GDPR (legitimate interest). Further information is available in Meta’s privacy policy: facebook.com/privacy/policy ↗.

14. Currency and changes to this privacy policy

This privacy policy reflects the current status (see date below). It may become necessary to adjust the privacy policy as this website evolves or as legal or regulatory requirements change. The most recent version is available on this page at any time.

As of: May 2026