Last updated: August 10, 2025
Controller / Who we are
Vastkind is operated by Dorian Stefaniuk, Kirchenstraße 6, 21224 Rosengarten, Germany.
Privacy contact: social [at] vastkind [dot] com (preferred: contact form).
Scope
This policy explains how we process personal data when you visit vastkind.com, subscribe to our newsletter, contact us, or interact with third‑party embeds.
Personal data we process
- Usage data: IP address (shortened where possible), timestamps, pages visited, referrer, device/browser info, approximate location derived from IP.
- Communication data: email address, message content, newsletter preferences.
- Third‑party embeds/links: When you load external content (e.g., X/Twitter, YouTube), those providers may collect data under their own policies.
Sources of data
We collect data directly from you (e.g., newsletter signup), automatically via our site (technical/usage data), and from third‑party services you activate (e.g., analytics, embeds).
Purposes & legal bases (GDPR)
- Operating and securing the site (Art. 6(1)(f) GDPR — legitimate interests).
- Analytics to improve content and reach (Art. 6(1)(a) consent; or Art. 6(1)(f) where cookie‑free/aggregated).
- Newsletter delivery, double opt‑in, performance measurement (Art. 6(1)(a) consent; Art. 6(1)(b) if part of a contract).
- Responding to inquiries (Art. 6(1)(b) and/or (f)).
Cookies & similar technologies (EU/EEA/UK)
We use non‑essential cookies only with your prior consent. Essential cookies needed to provide the service may be used without consent. You can change or withdraw consent at any time via Cookie Settings (see Cookie Policy).
Hosting & Newsletter (GhostPro)
We use Ghost(Pro) to host the site and send newsletters. Ghost processes data (e.g., server logs, subscriber emails) on our behalf under a data‑processing agreement. Ghost’s infrastructure may be located outside the EU; where required, we rely on EU Standard Contractual Clauses and additional safeguards.
Analytics
Ghost Native Analytics (first‑party, cookie‑free). We use Ghost’s built‑in web analytics to understand traffic and content performance. These analytics are first‑party and cookie‑free. Unique visitors are counted within 24‑hour windows (visits on different days are counted separately). For Ghost(Pro) sites, analytics data are stored in EU regions. When a logged‑in member visits, Ghost records their member ID and whether they’re free or paid, so we can filter analytics by audience segment. Metrics may include: unique visitors, total views, locations by country, top sources, real‑time visitors; for email: sends, opens, clicks and link‑level engagement; for growth: free signups, paid conversions, and MRR impact. These first‑party analytics do not require a cookie banner.
Google Analytics (third‑party, consent‑based in EU/EEA/UK). We also use Google Analytics to measure site usage only with your consent (for EU/EEA/UK visitors). IP anonymization is enabled; user & event data are retained for up to 14 months. You may withdraw consent any time via Cookie Settings or install Google’s browser add‑on. Without consent, Google Analytics is not activated.
Google Search Console
We use Google Search Console to monitor search performance. It does not place cookies on your device or collect personal data from site visitors; it reports to us using data already held by Google.
Contact forms & email
If you contact us, we will process the data you provide (e.g., name, email, message) to respond. Legal basis: consent (Art. 6(1)(a)) and/or contract/legitimate interests (Art. 6(1)(b)/(f)).
Data sharing
We share data with service providers (hosting, email/newsletter, analytics) under contracts that require them to process data only on our instructions. We do not sell personal data.
International transfers
Where data are transferred outside the EU/EEA, we rely on adequacy decisions (e.g., EU‑U.S. Data Privacy Framework) or EU Standard Contractual Clauses and implement supplementary measures as needed.
Retention
We retain data only as long as necessary for the purposes collected or as required by law, then delete or anonymize it.
Security
We apply appropriate technical and organizational measures (TLS encryption, access controls, least privilege). No method of transmission or storage is 100% secure.
Your GDPR rights
You have the rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and to lodge a complaint with your supervisory authority. Contact us to exercise your rights.
U.S. state privacy disclosures (incl. CA/CPRA)
We do not “sell” or “share” personal information for cross‑context behavioral advertising. If that changes, we will display a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals. California residents (and, where applicable, residents of CO/CT/VA/UT/TX and other states) may have rights to know, delete, correct, and opt out. You can submit requests via our contact form or email (see above). We will verify requests and respond within applicable timelines.
Children’s privacy
Our site is not directed to children under 13 (COPPA). We do not knowingly collect data from children.
Changes
We may update this Policy; the “Last updated” date reflects the current version.
Contact
For privacy requests, use the contact form or email: social [at] vastkind [dot] com.