Privacy Policy

Last updated: 2026-05-15

This page explains how personal data is handled when you visit www.headless-fs.org. The site is a private research project; data processing is kept to the minimum required to deliver a static web page.

Controller

See the Imprint for the controller responsible for data processing under the GDPR.

Hosting

This site is hosted on GitHub Pages, operated by GitHub, Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, United States. When you visit the site, GitHub processes technically required data (in particular IP address, user agent, timestamp, requested URL) in server logs to deliver the page and ensure operational security.

This involves a transfer of personal data to the United States. The transfer is based on the EU Standard Contractual Clauses and the EU-US Data Privacy Framework (adequacy decision of 10 July 2023). GitHub’s own privacy statement is available at docs.github.com/site-policy.

What this site does not do

• No cookies are set.
• No tracking, no analytics, no advertising networks.
• No external fonts are loaded.
• No embedded third-party content (no videos, no social widgets, no maps).
• No contact forms; no data is submitted by your browser to this site.

Email contact

If you contact the project by email, the data you provide (email address, message content, any further details) is processed for the sole purpose of handling your inquiry. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). The data is deleted once the inquiry has been resolved and no statutory retention obligation applies.

No further sharing

Apart from the hosting described above, no personal data is shared with third parties.

Your rights under the GDPR

You have the right to:

• request access to personal data concerning you (Art. 15 GDPR),
• request rectification of inaccurate data (Art. 16 GDPR),
• request erasure (Art. 17 GDPR),
• request restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• object to processing based on legitimate interest (Art. 21 GDPR), and
• lodge a complaint with a supervisory authority (Art. 77 GDPR).

Supervisory authority

The controller is resident in Hesse, Germany. The competent data protection supervisory authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
https://datenschutz.hessen.de/

← Back to home