Privacy Policy
Last updated July 3, 2026
This is a static personal website, built to collect as little as possible about you. There is no advertising, no tracking cookies, no contact form, and no newsletter on this site, and fonts are self-hosted, so loading a page makes no request to Google Fonts or any other third-party font provider. This policy explains the little that is processed when you visit, and your rights under the GDPR.
Who is responsible (controller)
Stephan Christopher Kuehn
Achlada Maleviziou 157
715 00 Heraklion, Crete
Greece
Email:
A Data Protection Officer is not required for a website of this nature and has not been appointed. You can contact the controller directly at the address above on any data-protection matter.
Hosting and server logs (Mittwald)
The website is hosted by Mittwald CM Service GmbH & Co. KG, Germany (EU). When you load a page, the hosting provider automatically processes standard technical data in its server logs—your IP address, the page requested, the date and time, and your browser and operating system. This is necessary to deliver the site securely and to detect abuse. Legal basis: our legitimate interest in the secure, stable operation of the website (Article 6(1)(f) GDPR). These logs are retained for 60 days and then deleted.
Delivery and security (Cloudflare)
DNS, content delivery, and basic security (bot and DDoS protection) run through Cloudflare, Inc. (United States) in front of the hosting. To route and protect requests, Cloudflare processes technical connection data such as your IP address and may set a single strictly necessary security cookie; it is not used for tracking or to build a profile. Cloudflare is certified under the EU–U.S. Data Privacy Framework, and transfers are additionally covered by the European Commission’s Standard Contractual Clauses. Legal basis: legitimate interest (Article 6(1)(f) GDPR).
Website analytics (Umami)
To understand aggregate visitor traffic—such as page views, referring sites, and approximate region at country level—this site uses Umami, a privacy-friendly analytics tool hosted on our own server at Mittwald in Germany (EU). Umami sets no cookies, does not store your IP address, and collects nothing that identifies you personally; the data is aggregated and anonymous, and no third-party analytics company receives it. Legal basis: legitimate interest (Article 6(1)(f) GDPR). Because no cookies are set and no personal data is stored, no consent is required.
Cookies and local storage
This site uses only the single strictly necessary Cloudflare security cookie described above; it sets no tracking, advertising, or analytics cookies of any kind. It may keep a small amount of campaign-referral information in your browser’s local storage for attribution—this stays on your device and is never transmitted to us or to anyone else. Because nothing here tracks you, no cookie-consent banner is required.
Contact by email
If you email , your message and address are used only to reply to you, and are not added to any mailing list.
International data transfers
Hosting and the self-hosted analytics run entirely within the EU (Mittwald, Germany), so no transfer outside the EEA takes place for either. Cloudflare is located in the United States, so some technical connection data may be transferred there; this is safeguarded by the EU–U.S. Data Privacy Framework and the Standard Contractual Clauses.
Your rights
Under the GDPR you have the right to:
- access the personal data held about you (Art. 15);
- have inaccurate data corrected (Art. 16);
- have your data erased (Art. 17);
- restrict processing in certain circumstances (Art. 18);
- receive your data in a portable format (Art. 20); and
- object to processing based on legitimate interests (Art. 21).
To exercise any of these, email .
Right to lodge a complaint
If you believe your data has been processed unlawfully, you may lodge a complaint with a supervisory authority—in particular in the EU country where you live or work, or with the Hellenic Data Protection Authority in Greece, where this site is based (Kifissias Avenue 1-3, 115 23 Athens; www.dpa.gr).
External links
This site links to external websites—including CRETAN®, Fisher of Kids, Responsible Tourism, LinkedIn, and Instagram. Once you leave this site, those sites’ own privacy policies apply.
Changes to this policy
This policy may be updated to reflect changes in practice or the law. The current version is identified by the date shown at the top.
© 2010–2026 Steven Keen. All rights reserved.