WAYNE RESEARCH

Privacy Policy

Information on how we collect and process personal data in accordance with the General Data Protection Regulation (GDPR).

Non-legally binding TL;DR (you should read): We don't track you across the web, we don't use cookies beyond user preferences and we don't sell your data.

1. Controller

The controller responsible for data processing on this website is:
Moritz Maibaum & Luca Matteo Lüthje GbR
Rosensteinstraße 3
70191 Stuttgart
Germany

Email: hi@wayneresearch.com

2. Hosting & Infrastructure

Our website is hosted on Cloudflare (provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA). Cloudflare delivers pages securely and optimizes load times.

Data processing is based on our legitimate interest in providing a reliable, performant, and secure web service (Art. 6(1)(f) GDPR). We have concluded a Data Processing Agreement (DPA) with Cloudflare to ensure GDPR-compliant data handling.

For transfers of personal data to the United States, Cloudflare states that it is certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. Cloudflare's DPA also incorporates standard contractual clauses as an additional transfer safeguard where required.

3. Web Analytics

We use Cloudflare Web Analytics to analyze visitor traffic and improve the website.

The processing is based on our legitimate interest in obtaining aggregate statistics about website usage to improve our service (Art. 6(1)(f) GDPR).

4. Cookies

This website does not use cookies beyond basic functionality (e.g. dark mode preference).

5. Contact by Email or Contact Form

If you contact us by email, we process your message and contact details (e.g., name, email address, message history) to handle your inquiry.

If you use the contact form on the imprint page, we collect the name, phone number, and message you provide. We use this information only to respond to your request and, where appropriate, call you back.

Contact form submissions are sent to us as a push notification via Pushover, a notification service operated by Pushover, LLC. For this purpose, the submitted name, phone number, and message are encrypted on our server using AES-256-GCM before they are transmitted to Pushover's API servers. The encryption key is kept by us and is not sent to Pushover. The Pushover notification contains only the encrypted contact form content, together with the technical parameters needed by us to decrypt it (initialization vector, authentication tag, and ciphertext). Pushover states that it uses TLS for communication and provides further information in its privacy policy at https://pushover.net/privacy.

Processing is based on our legitimate interest in responding to contact requests and operating a reliable notification workflow (Art. 6(1)(f) GDPR). We store contact data only as long as necessary to fully process your request. Once the communication is finished and the matter is resolved, personal data will be deleted unless legal retention periods apply.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure / "to be forgotten" (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)