data protection

about this website


This is a personal, non-commercial website, established for personal and academic blogging and information about my academic activity. It is not involved in business models such as webshops or advertising, it does not generate any revenue. Its content represents personal opinions and gives personal and academic profile information about myself.

contact information (website owner, responsible)

contact means contact information
mail Thorsten Ries Nederkouter 71-C 9000 Gent Belgium
phone +32-487566642

in short: data protection and your privacy

  1. During your visit, the server hosting this website logs your IP address, browser type as well as url, date, time of your access for security reasons (GDPR Art. 6 (1) f). This server-log will be automatically deleted after 14 days. The website owner has access to these logs for one day after your visit (which is the minimum setting).
  2. This website does by design not use cookies and does not incorporate any other third party services or functionality that track you online. It does not save or process any personal data beyond the logging that takes place on server level.


the long read: general data protection policy

categories of processed data

If you visit the website: on the server of the sharehosting service Combell:

On the shared-server-account of the website owner:

If you decide to write an email to us:

categories of data subjects

purpose of the data processing

We inform you about the lawfulness and legal basis of the data processing in compliance with Art. 13 GDPR. Unless other legal basis is cited in this data protection policy, the following applies: The legal basis for the data processing in the context of the implementation and service of this website and response to requests is Art. 6 (1) lit. b GDPR, the legal basis for data processing to comply with legal obligations is Art. 6 (1) lit. c GDPR, the legal basis for data processing according to our legitimate interests is Art. 6 (1) lit. f GDPR. In case vital interests of data subjects are affected, Art. 6 (1) lit. d GDPR applies.

security measures

In compliance with Art. 32 GDPR, we are applying appropriate technical and organisational measures, taking into account the state of the technology, costs and effort, to deliver an appropriate security level for users and minimise data processing to the necessary, in order to reduce possible risks for the data subjects, their rights and freedoms.

These measures, most importantly, include those ensuring privacy, integrity and accessibility of the data by controlling physical access to the data, by controlling the access concerning the user acces, upload, sharing, saving, accessibility and selective access. Furthermore, we have a policy in place for you to exercise your rights as a user concerning deletion and response to data breaches.

This website has been designed with privacy and data protection by design in mind, by choosing appropriate hardware and software technology that adhere to the principles of data protection by technical design and privacy-friendly defaults (Art. 25 GDPR).

collaboration with the sharehoster

If we share data about you with third parties or order them to process it (“Auftragsverarbeitern oder Dritten”), this happens based on a legal basis that allows us to offer our services (e.g. Art. 6 (1) lit. b GDPR), you have given us consent, to fulfil a legal requirement or on the legal basis of our legitimate interests (“legitimate interests”, GDPR Art. 6 (1) f.1

The legal basis of “legitimate interests” according to GDPR Art. 6 (1) f1 applies as basis for our collaboration with the sharehosting provider Combell in delivering our website and their logging.

The collaboration with Combell concerning data processing is secured by a legal agreement, according Art. 28 GDPR.

data transfer to other countries

If we process any data in another country outside of the EU, this happens on the condition of a legal basis of contractual responsibilities, on the legal basis of your informed consent, on legal requirements or on our legitimate interests. If we do so, special regulations of data protection in that country apply (e.g. in the USA „Privacy Shield“) and other legal responsibilities („Standardvertragsklauseln“).

in detail: data processing and data security on this website

data processing and protection policy of the shared server provider: server logs

The hosting provider of the shared webspace account, Combell, notified me that the server on which my webspace is located logs the following personal data about users and their activity on my website domain in order to secure the server against cyberattacks, conform with legal requirements, and improve their services (“legitimate interests”, GDPR Art. 6 (1) f).1

This log data is kept on the server for a maximum of 14 days, after this time period the logged data will be automatically deleted. The owner of the website has access to these logs for one day for security reasons, which is the minimum possible setting that the sharehoster offers. The settings of the shared server account are set to not write any statistics about user activity.

The handling of this data on the side of Combell is part of the legal agreement about data processing between Combell and the owner of the website who rents the server space.

Users are informed about the general data protection policy and about the server logging in short terms when visiting the website with a toggleable “privacy notice”.

data processing and protection policy of the website owner

This website is non-commercial and is designed to protect user’s data and privacy by design by reducing user data collection and processing to the absolute minimum required for operation and by design avoids exposure of user data and data about user behavior to third parties.

This website does not collect any user data on its shared server account. This is to my knowledge the maximum extent to which I can ensure no unnecessary data is collected or processed.

This means:

Users are informed about the general data protection policy and about the server logging in short terms when visiting the website with a toggleable “privacy notice”.

embedded content

Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. These websites may collect data about the visitor, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Users should be aware that if they click on a social media link, this link takes them to a social media service which will probably save a cookie in their browser and track it.

I offer a (passive) link to my twitter account in order to give users the opportunity to engage in a conversation with me. This link is passive and does not track users on my website. Users have to know though that the click on any external link, and especially to social media, may involve tracking.

The link leads to the social media service Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). Twitter is certified under Privacy Shield and guarantees to abide to EU data protection rights. See also ttps://, Opt-Out:

user rights

Users have the right to inquire via the contact information provided above and below whether any and which data by or about them was collected by my server account and, if there is any, request to hand it over in a portable format to transmit them to other platforms (Art. 15, 20 GDPR).

They also have the right to request that I erase any personal data on the server account that might have been saved about them (Art. 17 GDPR) or restrict access to this data (Art. 18 GDPR). The right to require deletion does not include any data that is obliged to keep for administrative, legal, or security purposes.

They have the right that I rectify false information stored about or by them (Art. 16 GDPR).

Users have the right to at any point lodge an objection against storage or processing of their data (Art. 77 GDPR).

Users have the right to object against future data processing (Art. 21 GDPR) and withdraw their opt-in permissions (Art. 7 (3) GDPR).

To exercise these rights, users can contact the website owner (see contact above, below) or the sharehosting provider:

sharehosting provider contact information
name Combell
contact contact form

protection and data breaches

data protection

This website follows the approach to not use cookies, not collect user data and limit exposure of users to third parties to the absolute minimum. A simple website / blog like this one does not require any user data for operation, it just serves webpages. That is the philosophy, its implementation is described above.

The sharehoster Combell is a hosting company and has - to my knowledge - professional data protection policies and technological implementation in place. The server logs of user access and activity on are deleted automatically 14 days after the access. The website owner has access to these logs for the minimum time period that the settings allow: one day. This task (logging and deletion) is performed by Combell based on a data processing agreement between Combell and the website owner and legally based on GDPR Art. 6 (1) f (“legitimate interests”).1

data breach procedure

The best protection against data breaches is: no data collection. See above.

Should the server account of be compromised or a data breach on the server is noticed, I will be in touch with the provider and go through the breach and protection protocols and notify users as soon as possible via the website and twitter - as I have no personal data that would allow me to inform them individually.

contact information

contact means contact information
mail Thorsten Ries Nederkouter 71-C 9000 Gent Belgium
phone +32-487566642

  1. See Art. 6 GDPR (1) f: “Processing shall be lawful only if and to the extent that at least one of the following applies: […] f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, […].” ↩︎