Privacy Policy

Last updated: May 2026

Note: This policy names the services actually in use (hosting, analytics, booking via Calendly; fonts are self-hosted). Before launch, a data-protection/legal professional should confirm two points: (1) the legal basis for analytics (legitimate interest vs. consent, see section 4) and (2) the applicable jurisdiction given a Swedish establishment (see the note in the imprint).

1. Controller

The controller responsible for data processing on this website is:
Andre Jahn · Jahn Consulting
Solbrännan 14, 383 92 Mönsterås, Sweden
E-mail: info@jahnconsulting.io

2. Hosting

This website is hosted on a server operated by me. The server infrastructure is provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; the server is located in Finland (Helsinki data centre). Personal data collected on this website is stored on this server. In doing so, Hetzner processes personal data (e.g. server log files) as a processor on the basis of a data processing agreement (DPA) pursuant to Art. 28 GDPR.

3. Access data / server log files

When you access this website, information is automatically stored in server log files that your browser transmits (including IP address, date and time of the request, page accessed, volume of data transferred, referrer URL, browser type). The legal basis is Art. 6 (1) (f) GDPR; the legitimate interest lies in the secure and stable operation of the website.

4. Analytics (OpenPanel)

I use OpenPanel to analyse how this website is used. This records, among other things, page views, clicks on outgoing links and individual interaction events (e.g. button clicks and the reading depth of blog posts). The analysis is aggregated and serves to improve content and usability. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in privacy-friendly reach measurement). The script is loaded from openpanel.dev; in doing so, your device's IP address is transmitted. TODO (legal review): specify OpenPanel's provider (legal name/registered office) and any DPA; confirm whether client-side identifiers (cookies/localStorage) are set — if so, consent (Art. 6 (1) (a) GDPR) plus a cookie banner is required instead of legitimate interest.

5. Contacting me

If you write to me by e-mail, I process your details to handle your enquiry. The legal basis is Art. 6 (1) (b) GDPR (steps prior to entering into a contract) or (f) GDPR (legitimate interest in responding). The data is deleted as soon as it is no longer required for the purpose and no statutory retention obligations apply.

6. Booking (Calendly)

To book an introductory call I link to Calendly (Calendly LLC, USA). Only when you actively follow that link are you taken to Calendly; any data you enter there (e.g. name, e-mail address, preferred time) is processed by Calendly, involving a transfer to the USA. Calendly's privacy policy applies. No Calendly content is loaded on this website itself for the link. TODO (legal review): safeguard the US transfer (standard contractual clauses / Calendly's DPF certification) and conclude a DPA if required.

7. Your rights

You have the right at any time to:

access your stored data (Art. 15 GDPR),
rectification of inaccurate data (Art. 16 GDPR),
erasure (Art. 17 GDPR),
restriction of processing (Art. 18 GDPR),
data portability (Art. 20 GDPR),
object to processing (Art. 21 GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority.