Orbita Media Publishing
Privacy Policy

Privacy Policy

Information about the processing of personal data on this website.

Preamble

With this privacy policy we inform you about which personal data (hereinafter "data") we process when you visit this website and use our services, for which purposes and on which legal basis, and which rights you have.

We have deliberately kept this policy lean and describe only the processing activities that actually take place on this website. This is a convenience translation; the legally binding version is the German privacy policy published at orbita-media.de. In the event of any discrepancy, the German version prevails.

Last updated: 16 June 2026

Table of contents

  • Preamble
  • Controller
  • Overview of processing activities
  • Relevant legal bases
  • Security measures
  • International data transfers
  • Retention and erasure of data
  • Rights of data subjects
  • Provision of the online service and web hosting
  • Protection against spam and abuse (Cloudflare Turnstile)
  • Storage on your device and consent management (cookie banner)
  • Contacting us
  • Newsletter, free bonus content and giveaways
  • Giveaways and prize draws
  • Reach measurement and web analytics
  • Embedded third-party content (YouTube)
  • Social media presences
  • No automated decision-making and no use of AI with your data
  • Changes and updates to this privacy policy

Controller

Orbita Media GmbH
Ericusspitze 4
20457 Hamburg, Germany

E-mail address: [email protected]
Privacy enquiries: [email protected]
Legal notice: https://orbita-media.de/impressum

We are not legally required to appoint a data protection officer. For any data protection questions, you can reach us at the contact details above.

Overview of processing activities

The following overview summarises the types of data processed, the purposes of processing and the categories of data subjects.

Types of data processed

  • Master data (e.g. name).
  • Contact data (e.g. e-mail address).
  • Content data (e.g. entries in contact and sign-up forms).
  • Usage data (e.g. pages visited, time of access, interest in content).
  • Meta, communication and procedural data (e.g. IP addresses, time stamps, proof of consent).

Categories of data subjects

  • Visitors to the online service (users).
  • Interested parties and communication partners.
  • Newsletter subscribers as well as participants in giveaways and bonus campaigns.

Purposes of processing

  • Provision of the online service and user-friendliness.
  • Security measures and prevention of abuse.
  • Communication and handling of enquiries.
  • Direct marketing (newsletter and e-mail dispatch with consent).
  • Running giveaways and prize draws.
  • Reach measurement and optimisation of our service.
  • Provision of contractual services and compliance with legal obligations.

Relevant legal bases

The following is an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the GDPR, the German Federal Data Protection Act (BDSG) and the German Act on Data Protection and Privacy in Telecommunications and Digital Services (TDDDG) also apply.

  • Consent (Art. 6(1)(1)(a) GDPR) – You have given your consent to the processing for one or more specific purposes (e.g. newsletter, statistics, external media).
  • Performance of a contract and pre-contractual enquiries (Art. 6(1)(1)(b) GDPR) – Processing is necessary for the performance of a contract or to carry out pre-contractual measures (e.g. participation in a giveaway, provision of requested bonus content).
  • Legal obligation (Art. 6(1)(1)(c) GDPR) – Processing is necessary to comply with a legal obligation, for instance to retain proof of consent (Art. 7(1) GDPR).
  • Legitimate interests (Art. 6(1)(1)(f) GDPR) – Processing is necessary to safeguard our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override them (e.g. secure and stable operation of the website, prevention of spam).

Note on national law (TDDDG): Where we store information on your device or access information already stored on it (e.g. statistics or media scripts), we do so on the basis of your consent pursuant to Section 25(1) TDDDG. Storing your cookie choice itself is strictly necessary and permitted without consent under Section 25(2) no. 2 TDDDG.

Security measures

In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. These include in particular the continuous encryption of data transmission via TLS/HTTPS, protection against unauthorised access, an upstream security layer to fend off attacks, as well as procedures to safeguard data subjects' rights and to erase data that is no longer required.

With all service providers who process data on our behalf, we have – where required – concluded data processing agreements pursuant to Art. 28 GDPR.

International data transfers

Our website is operated in a data centre in Germany. Some of the services used are provided by companies whose registered office or parent company is located in the USA (in particular Cloudflare and – only with your consent – Google). Insofar as data is transferred to the USA, we base this on the European Commission's adequacy decision regarding the EU-US Data Privacy Framework (Art. 45 GDPR) where the respective provider is certified, additionally on EU Standard Contractual Clauses (Art. 46 GDPR), and – for consent-based services – on your express consent pursuant to Art. 49(1)(a) GDPR.

Despite these safeguards, there is in principle a risk in the USA that authorities may access data for security and surveillance purposes without you having effective legal remedies against this to the same extent as in the EU. We expressly point this out to you here.

Retention and erasure of data

We erase personal data as soon as the purpose of its processing no longer applies and no statutory retention obligations prevent erasure. Server logs are deleted or anonymised after a short period. Newsletter and bonus campaign sign-ups are processed until you withdraw your consent; we retain the proof of consent thereafter for the duration of possible evidentiary obligations. We delete contact enquiries once they have been conclusively handled and no retention obligations exist. Statutory retention periods (e.g. under commercial and tax law) remain unaffected.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of your data carried out on the basis of Art. 6(1)(f) GDPR. Where data is processed for the purpose of direct marketing, you may object at any time without giving reasons.
  • Withdrawal of consent (Art. 7(3) GDPR): You may withdraw consent you have given at any time with effect for the future.
  • Right of access (Art. 15 GDPR): You may request information about the data we process about you.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data or the completion of data concerning you.
  • Right to erasure and restriction (Art. 17 and 18 GDPR): You may request the erasure of your data or the restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format.
  • Complaint to a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Ludwig-Erhard-Strasse 22, 20459 Hamburg, Germany.

Provision of the online service and web hosting

In order to provide this website, we process certain technical data. This processing is necessary to display the content to you securely and reliably.

Server hosting (Hetzner): Our website is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in a data centre in Germany. When you access the website, the server automatically processes access data (so-called server log files): the IP address of the requesting device, the date and time of access, the page accessed, the volume of data transferred, the previously visited page (referrer) as well as browser type and operating system. This data is technically required to deliver the website, ensure its stability and security and fend off attacks.

Content delivery network and security layer (Cloudflare): We use services of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, as an upstream content delivery network and to fend off attacks. In doing so, Cloudflare processes the connection data required for delivery, in particular your IP address. Cloudflare is certified under the EU-US Data Privacy Framework.

  • Types of data processed: usage data, meta/communication data (in particular IP address, time of access).
  • Purposes: provision of the online service, security and prevention of abuse.
  • Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR) and Section 25(2) no. 2 TDDDG for the operations strictly necessary for secure delivery.

Protection against spam and abuse (Cloudflare Turnstile)

To protect our forms (e.g. contact and sign-up forms) against automated entries (bots) and spam, we use "Turnstile" by Cloudflare, Inc. Turnstile is a privacy-friendly alternative to classic CAPTCHAs and works without setting advertising cookies. Technical characteristics of your browser and your interaction are checked in order to distinguish genuine users from bots.

  • Types of data processed: usage and meta/communication data (in particular IP address, browser information).
  • Purpose: security, prevention of spam and abuse.
  • Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR) in the trouble-free and abuse-proof operation of the forms.

Storage on your device and consent management (cookie banner)

For the operation of this website we use only a technically necessary minimum of storage on your device. Instead of classic cookies, we use your browser's local storage (localStorage) for this purpose.

Necessary storage: We store only your cookie choice and a randomly generated identifier that does not allow any conclusions to be drawn about your identity. This storage is necessary so that we can respect your privacy decision and is permitted without consent under Section 25(2) no. 2 TDDDG.

Optional content: Statistics services and external media (see below) are loaded only after you have given your consent via our consent banner. You can change or withdraw your choice at any time via the "Cookie settings" link in the footer.

Proof of consent (consent log): In order to comply with our accountability obligation under Art. 7(1) GDPR, we log the decision you make via the banner. We store the random consent identifier, the choice made, the page accessed, the language, the time and the IP address at the moment of the decision. This log is processed on our own server and is not used for advertising purposes.

  • Legal basis: consent (Art. 6(1)(1)(a) GDPR and Section 25(1) TDDDG) for optional content; legal obligation and legitimate interests (Art. 6(1)(1)(c) and (f) GDPR) for the proof of consent; Section 25(2) no. 2 TDDDG for the necessary storage of the choice.

Contacting us

When you contact us via the contact form or by e-mail, we process the data you provide (in particular name, e-mail address and the content of your message) in order to handle your enquiry. The technical transmission of the form runs via our own processing service operated on the Hetzner servers.

  • Types of data processed: master, contact and content data.
  • Purposes: handling enquiries and communication.
  • Legal basis: performance of a contract and pre-contractual enquiries (Art. 6(1)(1)(b) GDPR) where the enquiry is directed at a contract, otherwise legitimate interests (Art. 6(1)(1)(f) GDPR) in answering your request.

Newsletter, free bonus content and giveaways

Via our sign-up forms you can subscribe to our newsletter, request free bonus content relating to our books (e.g. additional materials, videos) and take part in giveaways.

Double opt-in procedure: After you sign up, we send you an e-mail containing a confirmation link. Only after you click this link do we add you to the distribution list and send the requested content. This is how we make sure the sign-up actually came from you. To document your consent, we store the time of sign-up, the IP address recorded at that time and the page via which the sign-up took place.

Services used: The management of recipient lists and the control of dispatch are handled via software that we operate ourselves on our Hetzner servers (Dittofeed). For the technical dispatch of the e-mails we use the Amazon Simple Email Service (SES) of Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg; dispatch takes place via a data centre within the EU (Stockholm region, Sweden).

Content and performance measurement: The newsletter informs you about our books, authors and offers. We do not analyse individual opening and click behaviour in order to create personal profiles.

  • Types of data processed: master data (name), contact data (e-mail address), usage and meta/communication data (proof of consent, IP address, time).
  • Purposes: direct marketing, provision of requested content, running giveaways.
  • Legal basis: consent (Art. 6(1)(1)(a) GDPR); for the proof of consent additionally legal obligation (Art. 6(1)(1)(c) GDPR).
  • Withdrawal: you can unsubscribe from the newsletter at any time, for instance via the unsubscribe link at the end of every e-mail. Withdrawing your consent does not affect the lawfulness of the processing carried out up to that point.

Giveaways and prize draws

When you take part in one of our giveaways or prize draws, we process the data required to carry it out (in particular name and e-mail address) in order to handle your participation, determine and notify winners and hand over any prizes. The applicable terms of participation may contain further information.

  • Types of data processed: master, contact and content data.
  • Purposes: running giveaways and prize draws.
  • Legal basis: performance of a contract (Art. 6(1)(1)(b) GDPR) to handle the participation, as well as consent (Art. 6(1)(1)(a) GDPR) insofar as you have at the same time agreed to be added to our newsletter.

Reach measurement and web analytics

In order to understand and improve our service, we measure the reach of our content. The following services are loaded only after you have consented to the "Statistics" category in the consent banner.

Plausible Analytics (self-hosted): We operate Plausible Analytics on our own server in Germany. Plausible works without cookies, does not create cross-device profiles and does not pass data on to third parties. Only aggregated, anonymous metrics are recorded (e.g. pages accessed, approximate region of origin, device type). Identification of individual persons is therefore not possible.

Google Analytics 4: In addition, we use Google Analytics 4, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, USA). Google Analytics uses cookies and similar technologies and in doing so also transfers data – including your truncated IP address – to Google servers in the USA. Google is certified under the EU-US Data Privacy Framework. We use Google Analytics only with your consent.

  • Types of data processed: usage data, meta/communication data (in particular truncated IP address, device and access information).
  • Purposes: reach measurement, optimisation of our service.
  • Legal basis: consent (Art. 6(1)(1)(a) GDPR and Section 25(1) TDDDG).
  • Withdrawal: at any time via the "Cookie settings" link in the footer.

Embedded third-party content (YouTube)

On individual pages we embed videos from YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This content is loaded only after you have consented to the "External media" category in the consent banner. Before your consent, no data is transferred to YouTube; instead you see a placeholder. Where possible, we use the more privacy-friendly mode ("youtube-nocookie"). When a video is played, YouTube may process data – including your IP address – and transfer it to servers in the USA.

  • Types of data processed: usage data, meta/communication data (in particular IP address).
  • Purposes: provision of embedded media content.
  • Legal basis: consent (Art. 6(1)(1)(a) GDPR and Section 25(1) TDDDG).

Social media presences

We maintain publicly accessible profiles on social networks (including YouTube and Facebook) in order to communicate with users who are active there and to provide information about our offers. The links on our website only open the respective networks after you click them; no data is transferred simply by accessing our page.

If you visit our profiles within the networks or interact with us, the data protection provisions and terms of use of the respective operator additionally apply. The data processing by the networks themselves is beyond our control.

  • Purposes: public relations and communication.
  • Legal basis: legitimate interests (Art. 6(1)(1)(f) GDPR) in effective information and communication.

No automated decision-making and no use of AI with your data

We do not use any decisions based solely on automated processing – including profiling – within the meaning of Art. 22 GDPR that produce legal effects concerning you or similarly significantly affect you.

We do not process your personal data with artificial intelligence systems and do not use it to train such systems. Should we use AI-supported functions that process personal data in the future, we will amend this privacy policy accordingly beforehand and – where required – ask for your consent.

Changes and updates to this privacy policy

We ask you to inform yourself regularly about the content of this privacy policy. We adapt it as soon as changes to the processing we carry out or to the legal framework make this necessary. Where your involvement is required (e.g. consent), we will notify you separately.