Flypsi | Philipp

Data Protection Policy

Last Updated: January 1, 2026

1. Introduction

We are committed to protecting your personal data and your right to privacy in accordance with the General Data Protection Regulation (GDPR). This Data Protection Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://flyp.si.

Please read this policy carefully. If you do not agree with the terms of this policy, you have the right to opt out of data collection (see Section 6 for details) or discontinue use of our website.

2. Controller Information

Philipp Sonntag is the data controller responsible for your personal data. We have implemented appropriate technical and organizational measures to ensure the protection of your data in accordance with GDPR requirements.

Contact Information:
Email: contact@flyp.si

3. Information We Collect

3.1 Analytics Data

We use Umami Analytics (self-hosted on our servers in Germany) to collect information about your use of our website. This includes:

  • Hashed IP address (anonymized using secure hashing, cannot identify you personally)
  • Pages you visit on our website
  • Time spent on each page
  • Referring websites
  • Browser type and version
  • Operating system
  • Device information
  • Screen resolution

Important: We do not collect or store full IP addresses. All IP addresses are immediately hashed upon collection, making it impossible to identify individual users.

3.2 Technical Data

We automatically collect certain technical information when you visit our website, including:

  • Hashed internet protocol (IP) address
  • Browser type and version
  • Operating system
  • Time zone setting
  • Referrer URL
  • Device type (desktop, tablet, mobile)

No cookies or tracking technologies: Our analytics system does not use cookies, localStorage, sessionStorage, or any other persistent tracking technologies.

4. Legal Basis for Processing

4.1 Legitimate Interest (Article 6(1)(f) GDPR)

We process your data based on our legitimate interest in:

  • Improving our website and user experience
  • Understanding how visitors use our website
  • Monitoring and analyzing trends and usage patterns
  • Detecting and preventing technical issues

We have conducted a Legitimate Interest Assessment (LIA) and determined that:

  • The processing is necessary for our legitimate interests
  • The processing does not override your fundamental rights and freedoms
  • We have implemented appropriate safeguards (anonymization, data minimization)

4.2 Your Right to Object

You have the right to object to this processing (see Section 6 for details on how to exercise this right).

5. Umami Analytics Implementation

Our website uses Umami Analytics, a privacy-focused, self-hosted analytics service. Key features of our implementation:

  • Self-hosted: All data is stored on our servers located in Germany (EU)
  • No cookies: We do not use any cookies or tracking technologies
  • No personal data: We only collect anonymized, aggregated data
  • No third-party access: Data is not shared with or sold to third parties
  • No cross-site tracking: We only track activity on our own website
  • Data retention: Analytics data is retained for 30 days before automatic deletion

For more information about Umami Analytics, please visit: https://umami.is

6. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

6.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you. Since we only process anonymized data, we will provide you with information about our data processing practices.

6.2 Right to Rectification (Article 16 GDPR)

If you believe any information we hold about you is inaccurate, you have the right to request correction. Since we only process anonymized data, this right is limited to ensuring our processing activities are accurate.

6.3 Right to Erasure ("Right to be Forgotten") (Article 17 GDPR)

You have the right to request that we erase your personal data. Since we only process anonymized data that cannot be linked to you, this right primarily applies to our obligation to delete data when it is no longer needed.

6.4 Right to Restrict Processing (Article 18 GDPR)

You have the right to request that we restrict processing of your personal data. You can exercise this right by opting out of analytics tracking (see Section 6.8 below).

6.5 Right to Data Portability (Article 20 GDPR)

Since we only process anonymized data that cannot be linked to you individually, the right to data portability does not apply.

6.6 Right to Object (Article 21 GDPR)

You have the right to object to our processing of your data based on legitimate interests. You can exercise this right by:

  • Using our opt-out mechanism (see Section 6.8)
  • Contacting us at contact@flyp.si

6.7 Right Not to be Subject to Automated Decision-Making (Article 22 GDPR)

We do not use automated decision-making or profiling that produces legal effects concerning you.

6.8 How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at: contact@flyp.si

We will respond to your request within one month of receipt, as required by GDPR. In some cases, we may need to verify your identity before processing your request.

Opt-out of Analytics Tracking: Since we don't use cookies, you can opt out by:

  • Using browser settings to block JavaScript (though this may affect website functionality)
  • Contacting us to request exclusion from analytics (we can implement server-side filtering)

7. Data Retention

We retain analytics data for 30 days before automatic deletion. This retention period allows us to:

  • Analyze website usage trends
  • Monitor for technical issues
  • Improve user experience

After the retention period, all data is permanently deleted from our servers.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption: All data is transmitted over HTTPS (TLS 1.2 or higher)
  • Access controls: Only authorized personnel have access to analytics data
  • Server security: Our servers are located in secure data centers in Germany
  • Regular audits: We conduct regular security audits of our systems
  • Data minimization: We only collect data that is necessary for our stated purposes

9. Data Transfers

All personal data we collect is processed and stored exclusively on servers located in Germany (European Union). We do not transfer data to third countries or international organizations.

10. Data Breaches

In the unlikely event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours (if required under GDPR)
  • Inform affected users without undue delay if there is a high risk to their rights and freedoms
  • Take immediate steps to mitigate the breach and prevent future occurrences

11. Children's Data

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Providing a notice on our website's homepage
  • Sending an email notification to our subscribers (if applicable)

We encourage you to review this policy periodically to stay informed about how we are protecting your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Data Protection Policy or our privacy practices, please contact us at:

Email: contact@flyp.si
Responsible Person: Philipp Sonntag

For data protection concerns, you also have the right to lodge a complaint with the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local data protection authority.