Privacy Policy

1. Controller
Michael Wegner (private / hobby photography)
Bahnstr. 149a
41541 Dormagen, Germany
Email: web@michaellight.de

2. Purposes and Legal Bases
We process personal data in order to:

  • provide this website (Art. 6(1)(f) GDPR),
  • respond to enquiries and coordinate photo shoots (Art. 6(1)(b) GDPR, or Art. 6(1)(a) GDPR where consent is given),
  • prevent misuse and ensure the security of the website (Art. 6(1)(f) GDPR).

We do not currently use data for advertising or analytics purposes (no statistics/tracking tools).

3. Hosting / Processor
This website is hosted with IONOS on servers located in the EU. When you access the site, server log files (e.g. IP address, timestamp, user agent, requested URL) are processed. Our host IONOS SE stores these log data for technical provision and security for up to 8 weeks and then deletes them. A data processing agreement pursuant to Art. 28 GDPR is in place.

4. Cookies & Consent
We use cookies where required. You can find details, types and storage periods at any time in our Cookie Policy.
The consent banner is managed via the “Complianz” tool. You can withdraw your consent at any time via the “Cookie settings” link in the footer.

5. Services Used

5.1 Contact Form (WPForms)
If you use the form, we process the data you enter (name, place of residence, email, message; optional links to social profiles) to handle your enquiry and/or plan a photo shoot.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps) or Art. 6(1)(a) GDPR (consent).
Retention: We delete enquiries once they have been dealt with, at the latest after 6 months, unless statutory retention obligations apply.
Note: Without file upload, the form itself does not set its own cookies.

5.2 Spam Protection: Cloudflare Turnstile & Antispam Bee
We use “Cloudflare Turnstile” (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) to protect against spam and automated requests in comment forms, and where applicable, login/registration and contact forms. For this purpose, technically necessary information (e.g., IP address, browser and device information) is transmitted to Cloudflare to distinguish between human users and bots. The contents of the form entries are not transmitted to Cloudflare. Processing is based on our legitimate interest in securing our website against misuse (Art. 6 (1) lit. f GDPR). Further details can be found in the Cloudflare Privacy Policy

We use the “Antispam Bee” plugin to detect and filter spam comments. For this purpose, comments are automatically checked to block unwanted content. To verify the language (only comments in German and English are permitted), the comment text is transmitted in encrypted form to the external service franc for language detection. No other personal data (such as name, email, or IP address) is transferred. Processing is based on our legitimate interest in protecting the comment function and preventing spam (Art. 6 (1) lit. f GDPR).

5.3 Blog Comments (WordPress)
If you comment on the blog, WordPress stores the information you voluntarily provide (name, email), as well as the IP address and user agent (for spam detection). Optionally, a cookie can be set to remember your details for future comments.
Legal basis: Art. 6(1)(a) GDPR (consent to remember details) and Art. 6(1)(f) GDPR (prevention of spam and misuse).

5.4 Fonts
To comply with the GDPR, all web fonts used are loaded locally from our server. No retrieval from Google Fonts or other third-party providers takes place.

5.5 Social Links
Our icons merely link to external profiles (e.g. Instagram, TikTok, Facebook, 500px, DeviantArt). No data are transmitted to these providers before you actively click a link. From that point on, the privacy policies of the respective platform apply.

5.6 Plugins / Third-Party Content
We use, among others, Smart Slider 3, the “Before/After” Slider (BEAF) and Spectra blocks to display content. No external media (e.g. YouTube, Google Maps) are embedded automatically. Should such embeddings be introduced in future, we will inform you here and in the Cookie Policy, and content will only load after consent.

6. Email Transmission
Incoming messages (e.g. via the contact form) are delivered to us by email and processed in our mailboxes. Sending/receiving takes place via the mail servers of our host IONOS SE, Elgendorfer Straße 57, 56410 Montabaur (processing under Art. 28 GDPR). Transmission is protected by transport encryption (TLS). IONOS uses spam and antivirus filters to block abusive content.
Storage location/third-country transfer: Processing generally takes place in data centres in Germany/EU (the “Email made in Germany” initiative). No transfer to third countries takes place—except where this results from the communication itself (e.g. emails to recipients outside the EEA).
Note for website emails: Technical system/form emails from our website are sent via the IONOS SMTP service; an authenticated sender address from our domain is used.

7. Retention Periods
Unless otherwise stated in this policy, we process personal data only as long as necessary for the respective purpose or as long as statutory retention obligations exist. Thereafter, the data are deleted or anonymised.

8. Recipients / Categories of Recipients
Hosting/server operations: IONOS SE (processor)
Email/IT services: IONOS SE (processor)
Cloudflare Turnstile: Cloudflare, Inc. (possible third-country transfer with SCCs)

9. Data Transfers to Third Countries
When using Cloudflare Turnstile, a transfer to the USA may occur. The legal basis is the EU Standard Contractual Clauses (SCCs) and Art. 46 GDPR. See section 5.2 for details.

10. Your Rights
You have the rights under Art. 15–21 GDPR at any time:

  • access to the personal data we store about you,
  • rectification, erasure, restriction of processing,
  • data portability,
  • objection to processing based on Art. 6(1)(f) GDPR,
  • withdrawal of consent with effect for the future.

You also have the right to lodge a complaint with a data protection supervisory authority (e.g. the LDI NRW).
Contact for exercising rights: web@michaellight.de.

11. Obligation to Provide Data
There is no legal obligation to provide data. However, certain details are required for contacting us or planning a photo shoot; without these we may not be able to process your enquiry.

12. Minors
Our offer is intended for adults. Enquiries from minors should only be made with the consent of their legal guardians.

13. Changes
We will adapt this privacy policy if the website, the services used or legal requirements change. The current version can be accessed here at any time.
Last updated: 15 September 2025

Scroll to Top