1. Controller

Petrit Isufi
Paradestr. 50
42107 Wuppertal, Germany
E-Mail: kontakt@zoopa.org

2. Hosting

This website is hosted on a virtual machine at Amazon Web Services (AWS):

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg

The actual server region is us-east-1 (Northern Virginia, USA). As a consequence, personal data such as IP addresses contained in server logs is technically transferred to the United States. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the website). The transfer relies on EU Standard Contractual Clauses and the EU-US Data Privacy Framework, to which AWS is certified. Note that despite these safeguards US authorities may, under the CLOUD Act, access data without EU-equivalent legal remedies.

On each request, the web server (nginx) automatically logs:

• IP address of the requesting client
• Date and time of the request
• Name and URL of the requested file
• Bytes transferred and HTTP status
• Browser type and version, operating system
• Referrer URL

Server logs are deleted after 7 days.

3. Domain & DNS

The domain petrit.dev is registered with the US-based registrar Namecheap, Inc. (4600 East Washington Street, Suite 305, Phoenix, AZ 85034, USA). DNS lookups for the domain transmit your IP address to Namecheap's nameservers. Legal basis: Art. 6(1)(f) GDPR. The same Schrems-II considerations as in the Hosting section apply.

4. Analytics

This website uses a self-hosted, privacy-friendly analytics script served directly from this domain (petrit.dev/m.js). Data is collected via a first-party endpoint /m/c, which is internally forwarded to a backend service operated by the controller above. Only anonymous, aggregated data is collected:

• Page path (without query parameters)
• Referrer (domain only, no path)
• Screen resolution, browser family + major version, OS family
• Time spent on page
• Custom events (e.g. mailto-link click, language switch, card open)

What we do not collect: no cookies, no localStorage, no fingerprinting, no personal identifiers, no cross-device or cross-day identifiers. Your IP address is not stored on the analytics endpoint; it is only briefly hashed together with the User-Agent string using a daily-rotating salt for same-day deduplication. Cross-day tracking is therefore impossible.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in cookie-less reach analysis without personal profiles). Because the data is fully anonymous aggregate data without identifiers, no opt-out mechanism is provided.

Aggregate analytics data is retained for at most 24 months.

5. External fonts

Fonts are loaded from this site only — no calls to Google Fonts or comparable external services.

6. Email contact

If you send an email to kontakt@zoopa.org, your information is stored for the purpose of handling your request. This address is operated through the German hosting provider manitu GmbH (Welvertstraße 2, 66606 St. Wendel); the mail servers are located in Germany. Legal basis: Art. 6(1)(b)/(f) GDPR. Data is deleted after the request is closed, unless statutory retention requirements apply.

7. Your rights

You have the right to, at any time:

• Access your stored data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Erase your data (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)

To exercise your rights, an email to kontakt@zoopa.org is sufficient.

8. Right to lodge a complaint

You may lodge a complaint with a data-protection supervisory authority. The competent authority for this site is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf, Germany
www.ldi.nrw.de