Privacy Policy

Last updated: March 23, 2026

1. Introduction and Responsible Body (Data Controller)

Welcome. I take the protection of your personal data very seriously. This Privacy Policy informs you about the nature, scope, and purpose of the collection and use of personal data on this website and in connection with related services.

Personal data is treated confidentially and in accordance with the applicable data protection laws, in particular the GDPR, the German Federal Data Protection Act (BDSG), and the TTDSG, as well as this privacy policy.

2. Data Collection and Processing

a) When Visiting This Website (Server Log Files)

When you access this website, the hosting provider may automatically collect and store information in server log files that your browser transmits. This can include:

• browser type and version
• operating system used
• referrer URL
• hostname of the accessing computer
• time of the server request
• IP address (anonymized or shortened where applicable)

This data is not merged with other data sources. The basis for this processing is the legitimate interest under Art. 6(1)(f) GDPR in ensuring the security, stability, and error-free operation of the website.

b) Cookies and Similar Technologies

This website may use cookies or similar technologies. These are small data files stored on your device.

• Technically necessary cookies or similar technologies may be used to make the website functional and user-friendly. The legal basis is legitimate interest under Art. 6(1)(f) GDPR and, where applicable, § 25(2) TTDSG.
• If non-essential technologies are used, they are only used on the basis of your consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG.

c) Contacting Me (Email or Contact Form)

If you get in touch via email or the contact form, the information you provide, such as your name, email address, and message, will be stored to process your request and for possible follow-up questions. If your request is related to a contract or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. In all other cases, processing is based on legitimate interest under Art. 6(1)(f) GDPR in handling inquiries effectively.

Depending on what you provide, this data may include your first name, last name, email address, phone number, LinkedIn URL, company, subject, message, technical metadata related to the request, and anti-spam/security signals such as reCAPTCHA verification and request metadata.

d) Optional Voice Intake

This website may offer an optional browser-based voice intake feature to help prepare a contact request. If you use that feature, audio and the information you provide during the voice conversation may be processed to generate a contact-form draft for your review before submission. The legal basis is Art. 6(1)(b) GDPR for processing requested pre-contractual communication and Art. 6(1)(f) GDPR for providing an efficient contact experience.

e) reCAPTCHA / Abuse Prevention

To protect the website and contact form against spam and abuse, security services such as Google reCAPTCHA may be used. This can result in technical data, usage data, and interaction data being processed by Google to assess whether a request is made by a human. The legal basis is Art. 6(1)(f) GDPR in protecting this website and its communication channels against misuse.

f) AI-Supported Features

If you use optional AI-supported features on this website, for example the voice intake flow, the data you provide for that feature may be processed by third-party AI service providers strictly to deliver the requested functionality. Please do not submit highly sensitive personal data unless clearly necessary.

3. Data Recipients and Third-Party Transfers

Personal data may be shared with trusted service providers where needed to operate this website and process inquiries, including:

• hosting and infrastructure providers
• security and anti-spam providers such as Google reCAPTCHA
• AI service providers if you use optional AI-supported features
• email delivery or website communication infrastructure where required to process inquiries

If data is transferred outside the European Union or European Economic Area, appropriate safeguards are used, such as the EU-U.S. Data Privacy Framework for certified companies or EU Standard Contractual Clauses, where required.

4. Your Rights as a Data Subject

Under the GDPR, you have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to withdraw consent (Art. 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You also have the right to object at any time, on grounds relating to your particular situation, to processing based on Art. 6(1)(e) or Art. 6(1)(f) GDPR. Objections can be sent informally to hi@tilmanresch.com.

5. Data Retention

Personal data is stored only as long as necessary for the relevant purpose or as required by law.

• contact request data may be stored as long as needed to process and follow up on the request
• security and anti-abuse data may be retained for as long as needed to protect the website and investigate misuse
• data may be retained longer where statutory retention obligations apply

6. Data Security

Appropriate technical and organizational measures are used to protect data against manipulation, loss, destruction, or unauthorized access. SSL/TLS encryption is used where appropriate to protect transmitted information.

7. Changes to this Privacy Policy

This privacy policy may be updated from time to time to reflect legal, technical, or operational changes. The current version on this website applies.