Malik Arbab

Privacy Policy

This is a convenience translation. Only the German version of this privacy policy is legally binding.

This policy explains which personal data is processed when you visit malikarbab.de. This website is a portfolio; no goods or services are sold here.

1. Controller

Malik Arbab [POSTANSCHRIFT, bitte eintragen] E-mail: ai@malikarbab.de

No data protection officer has been appointed, as there is no legal obligation to do so.

2. No cookies, no tracking

This website sets no cookies and uses no tracking scripts and no analytics services such as Google Analytics. Fonts are served locally from my own server; no connection to Google Fonts or other font providers is established. A cookie banner is therefore not required. Should Cloudflare Web Analytics be introduced in the future, it would operate without cookies and without building individual user profiles; this policy would then be updated accordingly.

3. Hosting and delivery via Cloudflare

This website is operated on Cloudflare Workers (Static Assets) provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. All website traffic is routed through Cloudflare’s network; images are likewise delivered through Cloudflare via the subdomain cdn.malikarbab.de.

When you access the website, Cloudflare processes technically necessary connection data, in particular your IP address, date and time of the request, requested resource, user agent, and referrer (server logs). This processing serves the delivery of the content as well as security and stability (including defense against attacks). I myself have no or only limited access to these logs and do not use them to identify visitors.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and performant provision of the website). A data processing agreement (Art. 28 GDPR) including EU Standard Contractual Clauses is in place with Cloudflare; see also section 8.

4. Locally hosted fonts

All fonts are hosted on my own server. No connections to third-party servers are established when fonts are loaded.

5. Video embedding via Mux

Videos on this website are delivered via the streaming service Mux (Mux, Inc., San Francisco, California, USA). When you open a page containing an embedded video, your browser connects to stream.mux.com (video stream) and image.mux.com (preview images). In doing so, your IP address and technical request data (e.g. user agent, requested resource) are transmitted to Mux; without this transmission, the video cannot technically be delivered. These connections are only established on pages that actually contain videos.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in presenting artistic video works directly on my own website). For third-country transfers, see section 8.

6. Contact form (Cloudflare Worker, Turnstile, Resend)

When you use the contact form, the data you enter (name, e-mail address, message) is transmitted via a Cloudflare Worker to the e-mail delivery service Resend (resend.com, USA), which delivers the message to my mailbox. The data is used exclusively to process and answer your inquiry and is not passed on for any other purpose.

Legal basis: Art. 6(1)(b) GDPR where your inquiry is aimed at entering into a contract or commission; otherwise your consent pursuant to Art. 6(1)(a) GDPR, which you give by submitting the form and may withdraw at any time with effect for the future.

To protect against spam and abuse, the form is secured with Cloudflare Turnstile, a CAPTCHA mechanism that works without cookies. Turnstile processes technical characteristics of your browser and your IP address to verify that the request originates from a human. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protecting the form against automated abuse).

7. E-mail communication and forwarding

E-mails sent to addresses under the malikarbab.de domain are received via Cloudflare Email Routing and forwarded to a Gmail mailbox (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company Google LLC, USA). The content and metadata of your e-mails are thereby processed by Cloudflare and Google. The data is used exclusively to handle the correspondence.

Legal basis: Art. 6(1)(b) GDPR for contract-related inquiries; otherwise Art. 6(1)(f) GDPR (legitimate interest in the efficient handling of incoming communication).

8. Transfers to third countries

The service providers named in this policy, namely Cloudflare, Mux, Resend, and Google (or their parent companies), are based in the USA or process data there. These transfers are safeguarded by EU Standard Contractual Clauses (Art. 46(2)(c) GDPR); Cloudflare and Google are additionally certified under the EU-US Data Privacy Framework (adequacy decision of the EU Commission, Art. 45 GDPR).

9. Storage periods

Server and security logs are retained by Cloudflare only for a short period for security purposes and are deleted automatically. I delete inquiries received via the contact form or by e-mail once the matter has been fully dealt with and no reasons for further retention exist; statutory retention obligations remain unaffected.

10. Your rights

With regard to your personal data, you have the following rights vis-à-vis me as the controller:

To exercise these rights, an informal message to ai@malikarbab.de is sufficient.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), in particular with the authority responsible for me: Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Alt-Moabit 59-61, 10555 Berlin, Germany, www.datenschutz-berlin.de.

11. No automated decision-making

No automated decision-making, including profiling (Art. 22 GDPR), takes place.

Last updated: 11 June 2026