Privacy Policy – sleep.monster

Privacy Notice pursuant to Articles 13 and 14 GDPR

Last updated: 30 October 2025

1. Controller

Matthias Böhm
Moorstraße 1A
15526 Bad Saarow, Germany
Email: hello@sleep.monster

2. Hosting and Processor

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. A data processing agreement pursuant to Article 28 GDPR is in place. Processing occurs on servers located in Germany.

3. Provision of the website / server log files

When you access the website, the hosting provider automatically processes log data (server log files): IP address, date/time of access, requested URL/file, transferred data volume, referrer URL (if transmitted), HTTP status code, browser type/version and operating system.

Purposes: operation, security (e.g., attack detection), stability, error analysis.
Legal basis: Article 6(1)(f) GDPR (legitimate interests).
Storage period: As a rule, up to 7 days; longer storage only where required for evidence in specific incidents.

4. Communication by email

If you contact us by email, we process your email address, message content and any transmitted contact/sender details to handle your enquiry.

Legal bases: Article 6(1)(b) GDPR (contractual/pre-contractual communication) or Article 6(1)(f) GDPR (legitimate interests).
Storage period: For the duration of the correspondence and according to statutory retention periods.
Recipients: Technical service providers for email/server operations within the EU/EEA.

5. No cookies, tracking or third-party embeds

We set no cookies for analytics, marketing or profiling. We use no web analytics services, no external fonts/CDNs and no embedded third-party content. Any future changes will be reflected in this notice.

6. Data transfers to third countries

No personal data is transferred to countries outside the EU/EEA.

7. Technical and organisational measures

We use TLS/SSL encryption and appropriate security measures in line with Article 32 GDPR.

8. Data subject rights

Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

9. Obligation to provide data

Server/access data is required for technical operation. Providing email data is voluntary; without it we cannot process your enquiry.

10. No automated decision-making / profiling

No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.

11. Updates

We may update this privacy notice if the legal framework, technology or our services change. The current version is available here.