Skip to content
Marcel R. G. Berger
Newsletter

Privacy

Privacy Policy

In compliance with the General Data Protection Regulation (GDPR / DSGVO). Last updated May 2026.

1. Controller

The controller (Verantwortlicher) within the meaning of Art. 4 (7) GDPR is:

Marcel R. G. Berger
Berger & Rosenstock GbR
Dieselstr. 22e, 61231 Bad Nauheim, Germany
hello@marcelrgberger.com

2. Scope of This Policy

This policy covers personal data processed in connection with this website (marcelrgberger.com), its newsletter, and any direct contact with the controller via email.

3. Hosting and Logs

This site is hosted on GitHub Pages, operated by GitHub, Inc. When you visit the site, your IP address and basic request metadata may be processed by GitHub to deliver the page and protect against abuse. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in providing a stable service).

4. Cookies

This site sets no cookies before you give consent via the cookie banner. After you click "Accept", the following third-party services are loaded:

  • Google Analytics (see section 5)
  • MailerLite newsletter form (see section 6)

Clicking "Reject" prevents both. Your choice is stored in localStorage on your device and can be changed at any time by clearing local site data.

5. Google Analytics 4 with Consent Mode v2

This site uses Google Analytics 4 (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for aggregated traffic measurement. We implement Google Consent Mode v2 — meaning the tag is loaded on every page, but consent state is set to denied by default for all categories. Only after you click "Accept" in the cookie banner is analytics_storage updated to granted.

Before consent (cookieless pings): while consent is denied, Google still receives so-called cookieless pings — without cookies, without a client ID, without persistent identifiers. They contain only aggregated, non-identifying signals (page URL, anonymised geolocation at country level, browser/device class). These pings rely on Art. 6 (1) (f) GDPR (legitimate interest in basic aggregated reach measurement).

After consent (full analytics): once you accept, a client ID cookie is set, full event data is collected, and standard Google Analytics tracking runs.

  • Legal basis: Art. 6 (1) (a) GDPR + § 25 (1) TTDSG for cookie-based analytics after consent; Art. 6 (1) (f) GDPR for the cookieless ping in denied state.
  • Data processed: page URL, referrer, anonymised IP, device/browser metadata, interaction events. After consent additionally: client ID cookie, session ID, full event parameters.
  • Purpose: traffic measurement to understand which content reaches an audience.
  • Retention: 14 months for event-level data (GA4 default); aggregated reports indefinitely.
  • International transfer: Google Ireland processes data within the EU and may transfer to the United States. Google LLC is certified under the EU-US Data Privacy Framework (DPF), providing an adequacy decision under Art. 45 GDPR.
  • Withdrawal: change your choice at any time via the cookie settings link in the footer, or use a browser-level opt-out / ad-blocker. The Google opt-out browser add-on is available at tools.google.com/dlpage/gaoptout.

Google's own privacy policy: policies.google.com/privacy.

6. Newsletter (MailerLite)

The newsletter signup form on this page is provided by MailerLite (UAB "MailerLite", Paupio 46, 11341 Vilnius, Lithuania). When you submit the form, MailerLite processes your email address and any optional fields you fill in. This processing happens on MailerLite's servers in the EU.

  • Legal basis: Art. 6 (1) (a) GDPR — your explicit consent given by submitting the form.
  • Purpose: sending the newsletter and related occasional product updates.
  • Storage: until you unsubscribe (one-click link in every email).
  • Double opt-in: after signing up you receive a confirmation email; you are only subscribed after you confirm.

Read MailerLite's own privacy policy at mailerlite.com/legal/privacy-policy.

7. Embedded Content

App icons and metadata shown on this page may be loaded from Apple's App Store CDN (is1-ssl.mzstatic.com) and GitHub's API (api.github.com). These third-party services may process your IP address when their resources load. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in showing accurate product data).

8. Direct Contact

If you contact us by email, your message and contact details will be stored for the purpose of processing your request and for follow-up. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual / contractual processing) or Art. 6 (1) (f) GDPR (legitimate interest in responding).

9. Your Rights

Under the GDPR you have the right to:

  • Access (Art. 15) — request a copy of the data we process about you.
  • Rectification (Art. 16) — correct inaccurate data.
  • Erasure (Art. 17) — request deletion of your data.
  • Restriction (Art. 18) — request restriction of processing.
  • Portability (Art. 20) — receive your data in a structured machine-readable format.
  • Object (Art. 21) — object to processing based on legitimate interest.
  • Withdraw consent (Art. 7) — at any time, with effect for the future.
  • Complain (Art. 77) — with the competent supervisory authority. In Germany this is the Hessischer Beauftragter für Datenschutz und Informationsfreiheit (Wiesbaden).

To exercise any of these rights, email hello@marcelrgberger.com.

10. Data Protection Officer

A formal DPO has not been appointed; the controller does not meet the threshold criteria for mandatory appointment under Art. 37 GDPR / § 38 BDSG. For all data-protection inquiries please email hello@marcelrgberger.com.

11. Changes to This Policy

We may update this policy when our processing changes or when laws require it. The current version is always available on this page. Material changes will be announced via the newsletter where appropriate.

© 2026 Marcel R. G. Berger · Berger & Rosenstock GbR.