Privacy Policy

Last updated: June 2026

This is a translation provided for your convenience. The legally binding version is the German privacy policy.

1. General information and mandatory disclosures

I take the protection of your personal data very seriously. I treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. This website is a purely non-commercial private and hobby project.

Controller (responsible party):
Andreas Holzschneider
c/o Impressumservice Dein-Impressum
Stettiner Straße 41
35410 Hungen, Germany
Email: kontakt@moin-moin.it

2. Processing of the forwarded emails (phishing check)

The core of this service is the automated inspection of emails for phishing and spam. When you forward an email for inspection to spam-check-en@moin-moin.it, I process the following data:

Purpose: The processing is carried out exclusively for the technical analysis of the email for malware, phishing indicators and fraud attempts, and to send the result to you.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in promoting IT security). You actively initiate the processing by forwarding the email.

Storage period:

Data processing through use: By submitting an email, you acknowledge that it will be processed automatically as described in this privacy policy β€” including the possible disclosure of indicators to external services (section 3). Anyone who does not agree to this processing must not use the service.

3. Disclosure of data to external analysis services

In order to provide you with an accurate and secure result, I do not analyse emails only locally, but also compare extracted technical indicators (such as URLs, IP addresses, file hashes) and text fragments against established IT security databases and AI models via automated interfaces (APIs). In doing so, parts of the data you submit may be transmitted to the following third-party providers (some of them based in the USA or outside the EU):

Community reporting for confirmed threats: If an email is classified as a confirmed threat (phishing/malware), the following data may additionally be actively passed on to security databases or reporting bodies in order to protect the general public:

Community reporting is carried out exclusively for submissions that have been clearly classified as suspicious and serves the legitimate interest of the general public in combating phishing (Art. 6(1)(f) GDPR). Further rules on using the service can be found in the terms of use (DE).

Important note on transfers to third countries: Through the use of these external APIs and through the manual report to the APWG, IP addresses, extracted links, text content and β€” in the case of the APWG β€” the complete phishing email including all data contained therein may be transferred to countries outside the European Economic Area (in particular to the USA). For the USA, an adequacy decision of the EU Commission exists (EU-U.S. Data Privacy Framework), provided the respective companies are certified there; otherwise the transfer is based on standard contractual clauses (Art. 46 GDPR) or on the public interest (Art. 49(1)(d) GDPR). Please do not submit any emails that contain highly sensitive personal data in plain text (e.g. passwords, banking details, trade secrets), as I cannot fully control the flow of data at the external providers.

4. Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host. The provider is ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. The use of ALL-INKL.COM is based on Art. 6(1)(f) GDPR (legitimate interest in a reliable provision of my website). I have concluded a data processing agreement (DPA).

5. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser transmits automatically. These include, among others, browser type/version, operating system, referrer URL, hostname of the accessing computer and the time of the server request.

This data is not merged with other data sources. The collection is carried out under Art. 6(1)(f) GDPR. The log files are deleted after 7 days.

6. Cookies

This website sets exclusively a technically necessary session cookie (PHPSESSID) as soon as you access the homepage or the contact form. It serves solely to protect the contact form against automated abuse (CSRF protection), contains no personal content and is deleted at the latest after one hour or when the browser is closed. The cookie is set to HttpOnly and SameSite=Strict (with HTTPS additionally Secure). As it is technically required, no consent is needed (Β§ 25(2) no. 2 TDDDG, formerly TTDSG).

There is no tracking and no reach measurement. No external fonts, scripts, analysis tools or content delivery networks (CDNs) are loaded — all resources are delivered directly from this server, so that no visitor data (e.g. IP addresses) is passed on to third parties.

7. Contact form

If you send me an enquiry via the contact form (or directly to kontakt@moin-moin.it), your details from the form, including the contact data you provide there, are stored for the purpose of processing the enquiry. I do not pass this data on without your consent. The processing is based on Art. 6(1)(f) GDPR (legitimate interest in effective processing).

Storage period: The data is deleted as soon as it is no longer required to fulfil the purpose (processing the enquiry) and no statutory retention periods conflict with this.

8. Your rights

You have the right at any time to obtain information free of charge about the origin, recipients and purpose of your stored personal data (Art. 15 GDPR), as well as a right to rectification (Art. 16), erasure (Art. 17) and restriction of processing (Art. 18 GDPR). As the processing is based on a legitimate interest (Art. 6(1)(f) GDPR), you also have a right to object at any time (Art. 21 GDPR).

An informal email to kontakt@moin-moin.it is sufficient to exercise these rights. On request, I will also provide you with the data stored for your address in a machine-readable format (JSON). As this data is deleted automatically at the latest 30 days after your last submission anyway, any information or erasure can only relate to data that still exists at the time of your request.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. You may contact the supervisory authority of your habitual residence or any other competent data protection authority. A list of all German supervisory authorities can be found at: bfdi.bund.de.