Last updated: June 5, 2026
1. Overview
We take the protection of your personal data very seriously. This privacy policy informs you about how we handle your personal data when you visit our website and your rights under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
2. Data Controller
Henry van de Vorming
c/o AutorenServices.de
Birkenallee 24
36037 Fulda, Germany
Email: hello@arrimundo.com
3. Data Collection on Our Website
3.1 Server Log Files
Our hosting provider automatically collects and stores information in server log files, which your browser transmits automatically:
- Browser type and version
- Operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address (anonymized)
This data cannot be attributed to specific persons. It is stored for security purposes and deleted after 14 days. Legal basis: Art. 6(1)(f) GDPR.
3.2 SSL/TLS Encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the "https://" prefix and the lock icon in your browser.
4. Cookies & Local Storage
Our own website code does not set cookies for marketing or session management. Your theme preference (light/dark) is stored in your browser's localStorage, which is not a cookie and is never transmitted to our servers.
The following services set first-party cookies on our domain only after you consent via our cookie banner:
- Google Analytics 4 (via Cloudflare Zaraz) — stores a pseudonymous client ID and session data in a first-party cookie (see Section 5.3).
- Mediavine Grow — audience-engagement widget that may set first-party cookies and local storage (see Section 5.4).
A strictly necessary cookie also stores your consent choices. You can withdraw your consent at any time via the cookie banner and block or delete cookies via your browser settings.
| Storage Key | Purpose | Storage Type |
|---|---|---|
| theme | Stores your dark/light mode preference | localStorage (not a cookie) |
localStorage entries are kept locally in your browser only. You can clear them at any time via your browser's site data settings.
5. Analytics & Audience Tools
Our cookieless analytics tools in Sections 5.1–5.2 (Plausible, PostHog) set no cookies, collect no personal data, and cannot identify individual visitors. We additionally use Google Analytics 4 via Cloudflare Zaraz (Section 5.3) and the audience-engagement tool Mediavine Grow (Section 5.4); both set cookies and run only on the basis of your consent, as described below.
5.1 Plausible Analytics
Plausible Analytics (Plausible Insights OÜ, Estonia) is a lightweight, open-source web analytics tool. It does not use cookies, does not collect personal data, and does not track individual visitors across sites. All data is aggregated. Plausible is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent. Data is processed within the EU.
5.2 PostHog
PostHog (PostHog, Inc.) is used for product analytics in cookieless and anonymized mode. No cookies are set, IP addresses are not stored, and no personally identifiable information is collected. All data is aggregated and cannot be traced back to individual visitors.
5.3 Google Analytics 4 (via Cloudflare Zaraz)
We use Google Analytics 4 (GA4), a service of Google Ireland Ltd. / Google LLC, loaded through Cloudflare Zaraz (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA) in a server-side configuration. GA4 helps us understand how visitors use our website (pages viewed, sessions, returning vs. new visitors).
GA4 via Zaraz sets a first-party cookie on our domain (e.g. cfz_google-analytics_v4, plus the session cookie cfzs_google-analytics_v4) that stores a pseudonymous client ID and session data so that returning visits are recognized and sessions are measured. Event data is forwarded to Google.
Legal basis: your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (formerly TTDSG) for the storage of and access to this cookie. GA4 is activated only after you consent via our cookie banner, and you can withdraw your consent at any time with effect for the future. The processing may involve EU↔US data transfers, covered by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs).
More information: Cloudflare Privacy Policy.
Legal basis for the cookieless analytics tools in Sections 5.1–5.2 (Plausible, PostHog): Art. 6(1)(f) GDPR (legitimate interest in understanding website usage). Since no personal data is processed and no cookies are set, no consent is required for these under the ePrivacy Directive. Google Analytics 4 (Section 5.3) and Mediavine Grow (Section 5.4) instead run on the basis of your consent (Art. 6(1)(a) GDPR), as described in their respective sections.
5.4 Mediavine Grow (Audience Engagement)
We use Mediavine Grow (the "Grow" / "Faves" widget), a service provided by Mediavine, Inc., 30 Wall Street, 8th Floor, New York, NY 10005, USA, to offer audience-engagement features (such as saving and bookmarking articles) and to support the operation and future monetization of our content.
When the Grow script loads, it may set first-party cookies and local storage entries, generate a device or visitor identifier, and process usage data (such as pages viewed and interactions with the widget). If you create a Grow profile or sign in to the Faves feature, Mediavine additionally processes your account data, such as your email address and profile information.
Legal basis: your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (formerly TTDSG) for the storage of and access to information on your device; and Art. 6(1)(f) GDPR (legitimate interest in audience engagement and content monetization) for the subsequent processing. You can withdraw your consent at any time with effect for the future and can block or delete cookies and local storage via your browser settings.
Mediavine is based in the USA. Any associated data transfers are safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs). More information: Mediavine Privacy Policy.
6. Contact Form & Email
When you contact us via email or a contact form, the data you provide (name, email, message) will be stored for the purpose of processing your inquiry. We will not share this data without your consent. Legal basis: Art. 6(1)(b) GDPR.
Data is deleted once your inquiry has been fully resolved, unless statutory retention obligations apply.
7. Newsletter
If you subscribe to our newsletter, we collect your email address and, optionally, your name. We use double opt-in to confirm your subscription. You can unsubscribe at any time via the link in each email. Legal basis: Art. 6(1)(a) GDPR.
8. Insurance Applications
When you apply for insurance through our platform, we collect personal data necessary for the insurance contract (name, date of birth, address, university, etc.). This data is shared with the respective insurance provider for contract processing. Legal basis: Art. 6(1)(b) GDPR.
9. Netlify Forms & Hosting
Our website is hosted on Netlify (Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA). When you submit a form on our website (contact form, newsletter signup, insurance application), the data is processed and stored by Netlify Forms.
9.1 Data Processing by Netlify
Netlify processes form submissions on our behalf as a data processor. The following data is collected:
- Form field contents (name, email, message, etc.)
- Submission timestamp
- IP address (for spam prevention)
- User agent (browser information)
Form submissions are stored on Netlify's secure servers and are accessible to us via the Netlify dashboard. We have entered into a Data Processing Agreement (DPA) with Netlify to ensure GDPR compliance.
9.2 Data Retention
Form data is retained for as long as necessary to fulfill the purpose for which it was collected:
- Contact inquiries: Deleted after resolution of your inquiry (typically 30-90 days)
- Newsletter signups: Retained until you unsubscribe
- Insurance applications: Retained in accordance with legal retention requirements (typically 10 years)
9.3 Spam Protection
Netlify Forms includes built-in spam filtering. This processing is necessary to protect our legitimate interests in preventing abuse. Legal basis: Art. 6(1)(f) GDPR.
9.4 Data Transfers to the USA
Netlify is based in the USA. Data transfers to the USA are covered by the EU-US Data Privacy Framework and Netlify's compliance with Standard Contractual Clauses (SCCs). More information: Netlify Privacy Policy
10. Your Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR) — Request information about your stored data
- Right to rectification (Art. 16 GDPR) — Correct inaccurate data
- Right to erasure (Art. 17 GDPR) — Request deletion of your data
- Right to restriction (Art. 18 GDPR) — Restrict processing of your data
- Right to data portability (Art. 20 GDPR) — Receive your data in a machine-readable format
- Right to object (Art. 21 GDPR) — Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3) GDPR) — Withdraw consent at any time
To exercise these rights, contact us at hello@arrimundo.com.
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority is the data protection authority of the state where our company is registered.
12. Changes to This Policy
We may update this privacy policy from time to time. The current version is always available on this page.