Privacy Policy
Notice regarding translations: The legal information on this website is made available in several languages for your convenience. However, only the German version of our legal documents (in particular the legal notice, privacy policy, terms and conditions and disclaimer) is legally binding. In the event of any discrepancies, contradictions or translation errors, the German version shall always prevail.
Introduction & Scope
With this Privacy Policy, we inform you in clear and understandable language about which personal data we process on dominicschmiel.com including all subdomains (hereinafter collectively referred to as “Website”), for what purposes this is done, and what rights you have in this regard. Personal data includes all information relating to an identified or identifiable person, for example, name, email address, or IP address.
This policy is modular. Sections regarding services not currently in use are marked accordingly and will be updated as soon as such use actually takes place. This ensures that the information remains up-to-date, transparent, and comprehensible for you.
Responsible Party (Controller) & Contact
Responsible for data processing on this website is:
Dominic Schmielc/o C. Fischer
Pestalozzistr. 53
D-10627 Berlin
Germany
Phone: +49 (0)30 3464687-80
Fax: +49 (0)30 3464687-81
Email:
A Data Protection Officer has not been appointed. The c/o address provided is a valid address for service; mail is received and forwarded daily.
Note for Minors (under 16 years)
Our website can generally be used by minors. We do not currently offer functions that would require explicit consent.
If minors contact us, it may be necessary for legal guardians to confirm the request. We formulate answers so that they remain age-appropriate and understandable. Registration for the online games, however, is always carried out by an adult (e.g., parents or legal guardians), see section “Registration & User Account”.
Hosting & Operation of the Website
Our website is hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. We have concluded a Data Processing Agreement (DPA) with the hosting provider in accordance with Art. 28 GDPR. This contract specifies technical and organizational measures to protect your data. Access to the website occurs directly via the servers of our hosting provider in Germany.
The host employs industry-standard security measures, such as firewalls, intrusion detection systems, and access controls, to prevent unauthorized access and ensure the availability of the website.
Further information on data protection at ALL-INKL.COM can be found at https://all-inkl.com/datenschutz/.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and functional operation of our website).
Server Log Files
Server log data is automatically generated every time our website is accessed. This includes, in particular, the accessed URL, date and time of access, amount of data transferred, referrer URL (the page you came from), browser and device information, status codes, and – in shortened or complete form – the IP address. This information is indispensable for the technical operation of the site.
We use log data to ensure the stable provision of the website, defend against attacks, detect malfunctions, and troubleshoot errors. This data is not combined with other data sources.
Log data is stored for 7 days and then deleted or anonymized. Longer retention only occurs if necessary for security reasons (e.g., to investigate misuse).
Legal basis: Art. 6(1)(f) GDPR.
Contact (Form, Email, Phone)
When you contact us, we process the information you provide to understand, verify, and respond to your request. This applies regardless of whether you reach us via form, email, phone, or fax.
In the contact form, we request the following details: First name, last name, email address, subject, and message. Transmission takes place server-side via our hosting provider (SMTP).
Legal bases: Art. 6(1)(b) GDPR, insofar as your request is aimed at the conclusion or performance of a contract; otherwise Art. 6(1)(f) GDPR, as we have a legitimate interest in efficient and reliable communication.
Storage duration: We store inquiries until final processing and then delete them. For evidence and follow-up purposes, we retain correspondence for up to 6 months, unless longer statutory retention periods apply.
Cookies & Local Storage
We use cookies and similar technologies to provide our website, enable security features (e.g., login protection), offer convenience and accessibility functions, and – with your consent – analyze website usage anonymously (web analysis with Google Analytics and Matomo).
Our cookie categories correspond to the information in the consent banner:
- Essential: Technically required cookies (e.g., login, security features, consent proof)
- Functional & Preferences: Settings such as language, font size, contrast, or color mode
- Statistics: Anonymous or pseudonymous usage analysis (Google Analytics, Matomo)
- Marketing: Currently not in use
| Name | Purpose | Provider | Type | Duration |
|---|---|---|---|---|
_ga |
Distinguishing unique users for statistical evaluation (Google Analytics 4) | Google LLC | Cookie (Statistics, consent only) | up to 2 years |
_ga_3JETH24ZE5 |
Stores session and campaign attribution for Google Analytics 4 | Google LLC | Cookie (Statistics, consent only) | up to 2 years |
_pk_id.1.8079 |
Recognizes returning visitors and stores a pseudonymous visitor ID (Matomo) | Own Website (Matomo On-Premise) | Cookie (Statistics, consent only) | up to 13 months |
_pk_ses.1.8079 |
Short-term storage of actions within a session (Matomo) | Own Website (Matomo On-Premise) | Cookie (Statistics, consent only) | approx. 30 minutes |
ds_site_lang |
Stores the language selection | Own Website | Cookie (Functional) | 1 year |
ds_color_mode |
Stores your light/dark mode preference (Theme) | Own Website | Cookie (Functional) | approx. 6 months |
ds_colorblind |
Activates a high-contrast mode for color-blind users | Own Website | Cookie (Functional/Accessibility) | approx. 6 months |
ds_dyslexia |
Activates a font that is easier to read for users with reading or concentration difficulties | Own Website | Cookie (Functional/Accessibility) | approx. 6 months |
ds_font_scale |
Stores the selected font size level | Own Website | Cookie (Functional/Accessibility) | approx. 6 months |
ds_high_contrast |
Activates a high-contrast mode for better readability | Own Website | Cookie (Functional/Accessibility) | up to 12 months |
ds_consent_id |
Stores a pseudonymous ID and your selection in the consent banner (Proof/Preference) | Own Website | Cookie (Essential) | up to 13 months |
wfwaf-authcookie-… |
Checks if a user is legitimately logged in and protects against unauthorized access attempts (Wordfence Firewall) | Own Website / Defiant, Inc. (Wordfence) | Cookie (Security, Essential) | approx. 12 hours |
wordpress_logged_in_… |
Stores the login status of registered users | Own Website (WordPress) | Cookie (Essential) | Session duration or up to 14 days |
wordpress_sec_… |
Additional security cookie for protected login (Admin/Login area) | Own Website (WordPress) | Cookie (Security, Essential) | Session duration |
wordpress_test_cookie |
Checks if the browser accepts cookies | Own Website (WordPress) | Cookie (Essential) | Session duration |
Legal bases: For technically strictly necessary cookies and similar entries, § 25(2) TDDDG and Art. 6(1)(f) GDPR (legitimate interest in secure and functional operation) apply. We use statistics cookies (Google Analytics, Matomo) only with your consent, Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You can revoke your consent at any time via the cookie banner or the link Cookie Settings.
Consent Banner
On your first visit, we ask you – if necessary – for your selection regarding cookie categories (e.g., “Essential”, “Functional & Preferences”, “Statistics”). We store the status of your decision (e.g., “allowed”, “rejected”, or “custom”) as well as the technically necessary details to implement the decision and provide legally secure proof.
Essential cookies and certain functional entries are required for the operation of the site and cannot be deactivated. Statistics cookies for Google Analytics and Matomo are only set after you have expressly consented to the “Statistics” category.
Legal basis: Art. 6(1)(c) GDPR in conjunction with § 25 TDDDG (fulfillment of legal obligation to provide proof) and Art. 6(1)(f) GDPR (documentation and IT security). If you activate additional categories, the legal basis is your consent according to Art. 6(1)(a) GDPR.
You can change your selection at any time via the “Cookie Settings” link on our website.
Web Analysis with Google Analytics
We use – provided you have consented – the web analysis service Google Analytics (current version, typically Google Analytics 4) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that enable an analysis of the use of the website, such as which pages are accessed how often and from which regions access occurs.
We have configured Google Analytics so that IP addresses are processed only in shortened form (IP anonymization). The last octet of an IPv4 address or the last bits of an IPv6 address are truncated before the address is stored.
Google processes the data on our behalf to evaluate the use of the website, compile reports on website activities, and provide other services related to website use and internet use. Usage data may be linked to other Google services, for example, for cross-device analysis, if you have made corresponding settings in your Google account.
Data categories: Pseudonymous usage data (e.g., shortened IP address, device and browser information, accessed pages, duration of visit, click paths, approximate region, technical events) as well as user-related IDs used by Google to recognize sessions.
Legal basis: Your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Without consent, Google Analytics will not be loaded.
Data transfer to third countries: Google may also transfer data to the USA. We have concluded Standard Contractual Clauses with Google. However, access by US authorities cannot be completely ruled out.
Storage duration: The cookies set by Google Analytics (_ga, _ga_*) can be stored for up to 2 years. We have configured the retention period for event data in Google Analytics to be as short as possible. Further details on cookie durations can be found in the cookie table above.
Further information on data protection at Google can be found at https://policies.google.com/privacy.
Revocation: You can revoke or adjust your consent at any time via the “Cookie Settings”. Additionally, you can install a browser add-on to deactivate Google Analytics.
Web Analysis with Matomo
We use – also only with your consent – the web analysis software Matomo. Matomo is hosted on the same server as our website (On-Premise), ensuring that analysis data remains completely within our area of responsibility.
Matomo uses cookies with the prefix _pk_ (e.g., _pk_id, _pk_ses) to recognize returning visitors and create usage statistics, such as which pages are accessed how often, from which regions access originates, and which devices are used to access our website.
Data categories: Pseudonymous usage data (e.g., shortened IP address, device and browser information, accessed pages, duration of visit, click paths, referrer URL) as well as a pseudonymous visitor ID. Direct identification of individual persons does not take place.
Legal basis: Your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Without consent, Matomo will not be loaded, and no corresponding cookies will be set.
Storage duration: The cookie _pk_id can be stored for up to 13 months, _pk_ses typically for 30 minutes. We retain analysis data only as long as necessary for statistical evaluations and website optimization.
Revocation: You can revoke your consent at any time via the “Cookie Settings” or deactivate the “Statistics” category.
Security Plugin Wordfence
To secure the website against attacks, we use the security plugin Wordfence, a service of Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA. Wordfence offers, among other things, a Web Application Firewall (WAF), a malware scanner, and protection mechanisms against brute force attacks.
Wordfence checks incoming traffic against defined security rules. In doing so, IP address, accessed URLs, browser information, timestamp, login attempts, and suspicious patterns may be processed. Security logs are kept on our server for this purpose, and queries containing data (e.g., IP address, User Agent) may be sent to Defiant servers to compare the request against known attack patterns.
To recognize logged-in users and defend against abusive access, Wordfence uses the cookie wfwaf-authcookie-… (see cookie table). This cookie is necessary to distinguish between legitimately logged-in users and potential attackers.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in securing our website, defending against attacks, and protecting stored data).
Data transfer to third countries: Wordfence uses servers in the USA. According to its own statements, Defiant relies on current Standard Contractual Clauses and further measures to ensure an appropriate level of data protection. However, access by US authorities cannot be completely ruled out.
Further information on data protection at Wordfence/Defiant can be found at https://www.wordfence.com/help/general-data-protection-regulation/.
Fonts & Media
For consistent presentation, we use locally hosted web fonts. When accessing pages, no connection is made to external font CDNs. Images, downloads, and other media are also delivered from our own server.
External Content (currently not in use)
Currently, we do not embed external maps, video players, social plugins, captcha/turnstile solutions, chat or scheduling tools, cloud-based web analysis, or comparable services that establish a direct connection to third-party platforms. As soon as we wish to use such offerings, we will supplement this section in advance with the responsible providers, processing purposes, legal bases, storage periods, and any third-country transfers. If applicable, we will obtain your consent beforehand.
Registration & User Account (Online Games)
Use of the online games related to Dominic Schmiel’s books requires registration for a user account. Access is unlocked via a QR code or individual access code included in the book (see also our T&Cs).
During registration, we process the information requested in the form, in particular email address, a self-chosen password, and the assignment to one or more unlock codes (QR codes). Additionally, we store technical metadata, such as time of registration, confirmation status, account status (active, blocked, deleted), and, if applicable, legally required log entries.
Registration and acceptance of the T&Cs is performed exclusively by adults (e.g., parents or legal guardians). They may subsequently allow their children access and remain responsible for use by minors.
The online games themselves store no personal game states, such as level progress or high scores, on our servers.
Purposes of processing: Provision and management of your user account, execution of the free user contract for the online games (including authentication and technical access control), communication regarding your account or the games (e.g., important changes, security notices), and enforcement of terms of use (e.g., limiting abusive account sharing according to our T&Cs).
Legal basis: Art. 6(1)(b) GDPR (performance of the user contract for the online games and management of the user account) and Art. 6(1)(f) GDPR (legitimate interest in safe and abuse-free operation of the platform, particularly to prevent unauthorized multiple use of access data). Insofar as we are legally obliged to retain certain information, we also rely on Art. 6(1)(c) GDPR.
Storage duration: We generally store account data for the duration of the user account’s existence. If you delete your account or if the user relationship ends (e.g., after the guaranteed period expires and subsequent termination), the associated personal data will be deleted or anonymized, provided there are no statutory retention obligations or legitimate interests (e.g., defense or assertion of legal claims) to the contrary.
Login Area & Session Management
For registered users logging into the protected area of the website, we employ additional security mechanisms. The goal is to prevent abusive multiple use of access data (account sharing) and make unauthorized access more difficult.
Upon login, in addition to username/email and password, we check from which internet connection the access originates. For this purpose, the IP address used is processed technically for a short time and converted into a non-directly readable hash value (IP + secret salt value) using a cryptographic process. In session management, we store only this hash value (ip_hash), not the plaintext IP address.
If an account logs in from a new internet connection (new IP hash), existing active sessions of this account are automatically terminated. This reduces the risk of access data being used simultaneously by multiple people or from unexpected locations. If an IP cannot be determined in exceptional cases, login proceeds without this additional IP-based restriction.
Data categories: Hash value from IP address and internal salt value (ip_hash), linked to the respective login session. The plaintext IP address is not stored for this purpose.
Storage duration: The IP hash is stored only for the duration of the respective login session, corresponding to the duration of login cookies (usually session duration or up to 14 days if the “Remember Me” function is activated), and deleted upon termination of the session.
Legal basis: Art. 6(1)(b) GDPR (provision of a protected user account and enforcement of terms of use, particularly limiting parallel use of an account) and Art. 6(1)(f) GDPR (legitimate interest in securing our offering and protecting user accounts from abusive use of access data).
Your Rights under GDPR
You have the right to obtain information about the processing of your personal data at any time, to have incorrect data corrected, and – unless statutory reasons prevent this – to demand deletion or restriction of processing. Furthermore, you can receive data you provided to us in a structured, common, and machine-readable format or request transmission to another controller.
You may object to processing based on Art. 6(1)(e) or (f) GDPR for reasons arising from your particular situation. If we have obtained consent, you may revoke it at any time with effect for the future.
Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.
To exercise your rights, please write to us via email at mail@dominicschmiel.com or by post to the address above. We usually respond to inquiries within one month. In complex cases, this period may be extended by up to two months; we will inform you separately. Exercising your rights is generally free of charge. Only in the case of manifestly unfounded or excessive requests may we charge a reasonable fee or refuse the request (Art. 12(5) GDPR).
Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. This is usually the authority of your habitual residence, your place of work, or the place of the alleged infringement. For us, the supervisory authority in the State of Brandenburg is relevant (Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg, Stahnsdorfer Damm 77, 14532 Kleinmachnow, Germany, Tel. +49 33203 356-0, Email: poststelle@lda.brandenburg.de).
Recipients & Potential Third Country Transfers
Within our responsibility, only those persons receive access to data who need it for contract fulfillment or processing your request. External service providers (e.g., hosting, security providers like Wordfence, web analysis providers) process data exclusively on our instructions and on the basis of a Data Processing Agreement, where required.
Transfer to countries outside the EU/EEA may occur, in particular when using Google Analytics (Google LLC, USA) and Wordfence (Defiant, Inc., USA). In such cases, we use recognized protection mechanisms, in particular EU Standard Contractual Clauses, and ensure strict data minimization. A residual risk due to access by foreign authorities cannot be completely excluded.
Storage Duration & Deletion
We store personal data only as long as necessary for the respective purposes or as required by statutory retention obligations. Subsequently, we delete or anonymize the data.
Specific periods: We retain server log data for 7 days; contact inquiries are stored until final processing and thereafter for up to 6 months for evidence and follow-up purposes. For cookies and similar entries, the durations mentioned in the section “Cookies & Local Storage” apply. For data in your user account (registration for online games), the periods described in the section “Registration & User Account” apply.
Technical & Organizational Measures
We protect your data through established security measures. The website is delivered exclusively encrypted via TLS/HTTPS. Additionally, firewalls, a Web Application Firewall, strict access concepts, logging and monitoring, as well as regular updates and backups are used. Our service providers are contractually obliged to maintain a high level of protection.
Governing Language
In case of discrepancies between translations and the German version, the German version is exclusively legally binding. Translations serve only for better understanding.
Changes to this Privacy Policy
We update this Privacy Policy as soon as the underlying processing, the technical conditions, or the legal situation change. You can find the current version on this page at any time. Version: 20.11.2025
Glossary (brief & understandable)
Personal Data: Information relating to a person (e.g., name, email, IP address).
Processing: Any handling of data, e.g., collection, storage, use, transmission, or deletion.
Controller: The entity deciding on purposes and means of processing (e.g., a company or person).
Processor: Service provider processing data exclusively on our instructions and with whom we conclude a contract under Art. 28 GDPR.
IP Address: A sequence of numbers allowing your device to be addressed on the internet or a network. It works similarly to a postal address, but for computers.
Hash value / Hash: Result of a one-way calculation function. A short code is calculated from an input (e.g., an IP address). This code can usually not be reversed, so the original input is not easily recognizable from the hash itself.
Session: Limited period in which you are logged in on a website or perform related actions. Technically, a session is usually recognized via a cookie or similar identifier.
User Account: Personal access to a protected area (login with email and password) where settings and access rights are managed.
Web Analysis: Evaluation of usage data to improve content and technology of a website, e.g., which pages are accessed frequently or which devices are used.
Cookie: Small file in the browser storing settings, session information, or certain states.
CDN: “Content Delivery Network”. A distributed network of servers delivering content like images or scripts faster. No external CDNs for fonts or similar content are currently used on this website.
WAF: “Web Application Firewall”. Security component protecting web applications against attacks by filtering suspicious requests.
Consent: Voluntary, informed, and unambiguous agreement to specific data processing, which you can revoke at any time with effect for the future.
Legitimate Interest: Balancing of interests according to Art. 6(1)(f) GDPR: Processing is necessary, and our interests or the interests of third parties do not override your interests requiring protection.
Third Country: State outside the European Union (EU) or the European Economic Area (EEA). Special protection mechanisms apply to data transfers to third countries.
Standard Contractual Clauses (SCC): Model contracts provided by the EU Commission intended to offer additional guarantees for an adequate level of data protection in data transfers to third countries.
GDPR: General Data Protection Regulation of the European Union regulating the processing of personal data.
TDDDG: German Telecommunications-Digital-Services-Data-Protection-Act. It regulates, among other things, when cookies and similar technologies may be used.
TLS/HTTPS: Encryption technology for secure website access. You usually recognize this by “https://” and a lock symbol in the address bar.
Data Processing Agreement (DPA): Contract with a service provider processing personal data on our behalf. It specifies tasks, security measures, and responsibilities.
Presence on Social Networks (Social Media)
We maintain publicly accessible profiles on social networks to communicate with readers, parents, interested parties, and business partners, and to provide information about our books, online games, and offers.
Currently, we maintain the following presences:
Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Profile: https://www.facebook.com/dominicschmielcom/
Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Profile: https://www.instagram.com/dominicschmiel/
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Profile: https://www.tiktok.com/@dominicschmiel/
When you visit our profiles on social networks, we and the respective platform operators process personal data. This includes in particular:
The platform operators also independently collect usage data (e.g., your interactions with other content, device information, technical identifiers, interest profiles) and may use this data for their own purposes, in particular for advertising and market research. We have no complete influence on this independent data processing.
Purposes of our processing: Public relations and communication (information about our books, online games, and content, responding to inquiries, interaction with the community), reach measurement, and optimization of our content.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in modern public relations and communication with users). Insofar as you send us inquiries about contracts, orders, or similar matters via the platforms, the legal basis is additionally Art. 6(1)(b) GDPR (performance of a contract or steps prior to entering into a contract).
Joint Controllership (especially for Meta “Page Insights”): For certain statistical evaluations (e.g., Page Insights), we and the respective platform operator act as joint controllers within the meaning of Art. 26 GDPR. The essential contents of the joint controllership agreements and supplementary information on data processing can be found here:
https://www.facebook.com/legal/terms/page_controller_addendum
https://www.tiktok.com/legal/page/eea/privacy-policy/en
Your Rights: You can assert your data subject rights (access, rectification, erasure, restriction, objection, data portability) both against us and against the respective platform operator. In many cases, it is most efficient to contact the platform operator directly, as they have direct access to usage data and can technically implement appropriate measures (e.g., deletion of posts or profiles).
Further information on the data processing by the platform operators and your setting options to protect your privacy can be found in the privacy policies of the respective providers, in particular: