Cloudflare
Our website uses the services of Cloudflare Inc. (USA) for secure encrypted data transmission on the Internet (SSL), to improve worldwide website performance through the Cloudlflare Content Delivery Network (CDN) and to improve security and protection against hacker attacks through the Cloudflare Web Application Firewall (WAF). It is possible that Cloudflare uses its own cookies to provide these services. With Cloudflare a corresponding GDPR-compliant contract for commissioned data processing exists. More detailed information about GDPR and Cloudflare can be found on the GDPR pages of Cloudflare: https://www.cloudflare.com/gdpr/introduction/
a) What is Cloudflare?
A Content Delivery Network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world to bring websites faster to your screen. Simply put, Cloudflare makes copies of our website and places them on their own servers. When you visit our website now, a load balancing system ensures that the majority of our website is delivered from the server that can display our website the fastest. The distance of the data transfer to your browser is considerably shortened by a CDN. Thus the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers all over the world. The use of Cloudflare is especially helpful for users from abroad, because here the page can be delivered from a server nearby. Besides the fast delivery of websites Cloudflare also offers various security services like DDoS protection or the Web Application Firewall.
b) Why we use Cloudflare on our website?
Of course we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare offers us web optimizations as well as security services such as DDoS protection and web firewall. This includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website in local data centers and blocking spam software, Cloudflare allows us to reduce our bandwidth usage by about 60%. Delivering content from a data center near you and some web optimizations performed there reduces the average loading time of a website by about half. According to Cloudflare, the setting “I’m Under Attack Mode” can be used to mitigate further attacks by displaying a JavaScript calculation task that must be solved before a user can access a web page. Overall, this makes our website much more powerful and less susceptible to spam or other attacks.
c) Which data is stored by Cloudflare?
Cloudflare generally only forwards those data that are controlled by website operators. The contents are therefore not determined by Cloudflare, but always by the website operator himself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received appropriate instructions. In most cases, cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS protocol data and performance data for web pages derived from browser activity. For example, log data helps cloudflare to detect new threats. So Cloudflare can guarantee a high security protection for our website. Cloudflare processes these data within the framework of the services in compliance with the applicable laws. This naturally includes the General Data Protection Regulation (GDPR).
For security reasons Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is very useful, for example, if you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognize this by the cookie. So you can surf through our website unhindered, despite infected PCs in the area. It is also important to know that this cookie does not store any personal data. This cookie is essential for the cloudflare security features and cannot be disabled.
Cloudflare also works together with third party providers. They may only process personal data under instructions from Cloudflare and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare will not pass on any personal data without our explicit consent.
Cookies from Cloudflare:
- “__cfduid” Expiry time: 1 month – Use: Used to identify individual users behind a shared IP address
d) How long and where is the data stored?
Cloudflare stores your information mainly in the USA and the European Economic Area. Cloudflare can transmit and access the above described information from all over the world. In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours.
e) How can I delete my data or prevent data storage?
Cloudflare keeps data logs only as long as necessary and in most cases these data are deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are saved at developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. All data that Cloudflare collects (temporary or permanent) will be cleaned from all personal data. All permanent logs are also anonymized by Cloudflare.
Cloudflare will mention in your privacy policy that they are not responsible for the content they receive. For example, if you ask Cloudflare whether they can update or delete your content, Cloudflare always refers to us as the website operator. You can also completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by including a script blocker in your browser.
Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework which regulates the correct and secure transfer of personal data. You can find more information on www.privacyshield.gov/participant.
