Privacy Policy

Please note that this translation was done with DeepL and that it wasn’t manually verified by an expert of this field. If the text triggers any questions, please contact me directly via

With this privacy policy I inform you about the storage and processing of your personal data on this website. With this I refer to the Data Protection Regulation, EU GDPR for short.

What is meant by processing? Processing includes all manual and automated operations in handling data: Collection, recording, storage, organization, retrieval, linking, matching, modification, use, disclosure, restriction and deletion.

On this website, this applies to all visual content, functions, texts, form inputs and links. The privacy policy also applies to my profiles on the social networks LinkedIn and ARTMO.


Person responsible for this website according to EU GDPR:

Naomi Oelker
Am Lustberg 19
22335 Hamburg

As the person responsible, I alone decide on the type and purpose of the collection of personal data on this website. The data is processed in Germany.

Personal Data

Personal data is understood to be all data that can lead to the identification of a natural person. This is mostly meta or communication data, inventory and contact data such as the following:

  • IP addresses
  • Device information
  • Names
  • E-mail addresses
  • Phone numbers
  • (Billing) addresses or location data
  • (Bank) account data

Content and usage data may also be processed, including:

  • Text input (e.g. by means of form fields)
  • Photos, graphics, videos
  • Accesses to individual web pages

The source of such personal data is the data subjects.

Processing Reasons

Personal data are processed on this website for the following reasons:

Legal Basis

If the legal basis for a specific point or part of the privacy policy is not mentioned, the following applies to the collection of consent (cf. Art. 6(1) & Art. 7 GDPR), various (pre-contractual) processing operations, compliance with legal obligations and the protection of my legitimate interests:

I expressly point out that the Internet contains security flaws in data traffic and that there is no guarantee of "all-round security."

However, in order to mitigate risks and to achieve an adequate level of protection (cf. Art. 32 GDPR), I take into account the state of the art, appropriate implementation costs as well as the type, scope and purpose of the processing operations, and take all technical and organizational measures.

This includes treating the transmitted data with confidentiality and respect and protecting it from third parties in every respect. This also includes the rights of the data subject, which includes deleting data and responding to any threats.

A disclosure of data to third parties occurs only with a legal permission or obligation, an explicit consent of the data subject or due to a legitimate interest of mine. Accordingly, processors may receive your data. The latter are, for example, security concerns by the web hosting provider.

If the processing is no longer necessary at a certain point in time, it will be stopped. You can find out more about this under "Restriction & deletion."

Data Subject Rights

You are considered to be affected when your personal data is processed. This happens, for example, when you contact me or sign up for my newsletter.

You have the right to obtain information at any time about whether, why and to what extent your data is being processed (cf. Art. 15 GDPR). You can also request that your stored data be completed or corrected (cf. Art. 16 of the GDPR) and accept this (cf. Art. 20 of the GDPR).

If the purpose of the data processing ceases to apply or consent is revoked, you have the right to be forgotten (Art. 17 & 18 GDPR), i.e. to have your personal data deleted and restricted or blocked.

At any time you have the right to revoke your consent (also in the context of profiling according to Art. 4 (4) & Art. 22 (3) GDPR) with effect for the future (see Art. 7 (3) GDPR) and to object to future processing (see Art. 21 GDPR). Unless there are compelling reasons that outweigh your particular reason for revocation, your personal data will then no longer be processed. For this purpose, an informal e-mail to me is sufficient:

Via your privacy settings in the cookie box, you can also revoke the data collection by individual, several or all non-essential cookies with effect for the future. Learn more about cookies.

You also have the right to file a complaint with the competent supervisory authority (see Art. 77 GDPR). This depends either on the federal state of your residence, on your work or on the alleged violation. You can also contact the national data protection authority.

However, I ask you to contact me first so that any discrepancies can be resolved quickly and unproblematically if possible.

In the event of a data protection incident, I will make a report to the supervisory authority within the prescribed 72 hours. I will also contact you during this time if your data is compromised by an incident.

Restriction & Deletion

If you request that I delete your data, I will get back to you with a response within the required 4 weeks. If I make the deletion, I will delete it within 4 more weeks (8 weeks in total).

If the data is still needed for processing or for other purposes, deletion is not possible.

As soon as the stored data have fulfilled their purpose (cf. Art. 17 & 18 GDPR), they will be deleted by me or restricted in their processing, unless there is an explicit request demanding otherwise.

If the data is still required for legal or other important purposes (cf. Art. 6 (1) GDPR), it will be restricted. They will then be blocked and no longer processed, for example for reasons of commercial or tax law.

Website Visit

As you read this part of my privacy policy, you will already be familiar with my cookie banner and will have chosen which cookies you are comfortable with. It is up to you to decide how long you view this banner, how long you stay on my website after your selection, and how you interact with it.

I just provide you with different interaction possibilities:

  • No registration is required to access the contents of my website. You can reach and view them all through the navigation elements and links on this website.
  • You can comment on blog posts if you wish.
  • If you want to be informed about news, new blog posts and offers, you can subscribe to my newsletter. You can specify the type of emails you want to receive from me already on the newsletter page or customize it later in the subscription management (via the corresponding link at the bottom of each email).
  • You can also send me a message via e-mail using the contact form.

In addition to these interaction possibilities, two processes that take place in the background should be noted:

  • You already know the first background process: the cookies you have consented to.
  • The second is the so-called "log files," the access data. The web hosting provider (cf. Art. 24ff. GDPR) stores IP addresses and log files on the server side for 7 days for reasons of connection (stability), functionality and security (cf. Art. 6 para. 1 lit. f GDPR), backups for 4 weeks. The storage does not occur in connection with (personal) data that you may have entered on this website and is not used to draw conclusions about your person.


You can easily (and voluntarily) contact me via e-mail ( or contact form. Your (full) name, a valid email address, if applicable your website address and your request will be transmitted. It is possible that order processors receive access to the necessary data.

Your data will be stored and processed on the basis of a legitimate interest (see Art. 6 (1) GDPR). This interest is to be able to receive your request and respond to it.

Your contact may subsequently lead to an electronic exchange of data by e-mail, for example for further questions or feedback. This information will also be stored and processed.

If the necessity of the data transmitted by you expires, it will be deleted after 6 months at the latest. This is the case, for example, if our (pre-contractual) communication has not led to an order.

However, if a contractual relationship arises in connection with chargeable services (cf. Art. 6 para. 1 lit. b GDPR), additional data will be requested by e-mail. This data is subject to the statutory retention periods (HGB) and will be stored, processed and retained accordingly for longer (6 or 10 years).

Your information will also be processed using an automated anti-spam plugin from WordPress to prevent spam.


At the end of blog posts, you have the opportunity to put your thoughts into comments.

This is done with your consent (Art. 6 para. 1 lit. a GDPR), without which you can not submit your comment. Not necessary, but possible is also the consent to store your name, email address and website in cookies (for 1 year). This is especially convenient if you plan to post more comments on my website in the future.

I am not liable for personal information and other sensitive data that you publish yourself. Instead, I give you the option to manage your comments afterwards.

  • The comments can be entered and viewed on the website without registration. They are therefore publicly accessible. So think carefully about what information you want to publish. Only your e-mail address in the designated field is private (or only visible to administrators and, if applicable, order processors).
  • You can edit your information yourself using the options available in the wpDiscuz commenting system. By default, editing is possible up to 15 minutes after saving. By moving your mouse cursor, the button in the form of a gear wheel will become visible.
  • To delete your comment(s), you will find the button "My content and settings" next to the comment count, which opens a pop-up. Even as a guest you can delete your comments on my website. You will then receive an email to confirm the process.
  • Furthermore, you have the option to subscribe to (1) comments for a specific blog post or (2) replies to your own comments. You must also confirm this process by e-mail. You will find the option under "Subscribe" above the form. You can delete your subscriptions there as well as via the button "My content and settings."

If you need help, I'll be happy to help you via e-mail.

If you do not take any action, your details, your IP address and your user agent string, which identifies your browser, will be stored permanently by the system on the basis of legitimate interests (cf. Art. 6 (1) GDPR) and displayed in the relevant area of the website until you revoke your consent.

This is done for the prosecution of inappropriate content (e.g. spam), because in these cases I can be prosecuted myself. For the same reason, I reserve the right to prevent the publication of comments that carry inappropriate content (spam, advertising, illegal, infringing, insults and personal attacks of any kind, etc.) by deleting them prematurely without giving any reason by means of an unlock function.

Your information will also be processed using an automated anti-spam plugin from WordPress to prevent spam.

A transfer to third parties is excluded and will only be used if this is necessary or required by law.

However, by commenting, your email address may be passed in an anonymized string to the service "Gravatar." This is to determine whether you use this service. In this case, your profile picture will be published within your comment.


To give you the possibility to personalize your comments, I use the provider Gravatar.

Gravatar lets you associate an avatar (a (profile) picture) of your choice with your email address. Unless Gravatar has been disabled, it is standard for WordPress and ensures that your avatar automatically appears next to your comments.

However, to prevent the external provider from automatically accessing your data, I use a privacy plugin for Gravatar. This is equipped with the following three functions:

  • Before an avatar is loaded from Gravatar, the plugin checks for explicit consent.
  • It also checks whether there is a gravatar for the email address entered in the comment form.
  • The plugin then prevents tracking of website visits by caching the detected gravatars locally.

Please see Gravatar's privacy policy to learn more about the provider.


To keep you up to date with the latest news from, I offer a newsletter on my website that reaches you 2 to 3 times a month. If you don't subscribe via the newsletter page, you will be automatically subscribed to all newsletter lists. On the newsletter page you can choose the type of emails you want to receive:

  • News, Inspirations & Tips
  • Events & Offers
  • Newsletter Extras

After your registration, you can adjust your lists at any time via the subscription management and unsubscribe from the newsletter. You will find both links at the end of each email.

For registration, only a name chosen by you (for personalization purposes) and a valid e-mail address are collected. This data will only be used to send you the requested newsletter and other information relevant to the newsletter service or your registration. This may be changes or technical circumstances relating to this service.

The email address you enter for registration must be valid in order for you to receive my newsletter. For verification purposes, I use the double opt-in process, which records (1) your registration for the newsletter, (2) the sending of the confirmation email and (3) the receipt of the confirmation requested therein. The collected data will not be shared with third parties.

For the delivery of the newsletter I use the WordPress plugin "MailPoet," which stores your data in the database of my website. The emails are sent via the MailPoet sending service.

In order to create a newsletter that you really want to read, I also collect statistical information such as the number of opens and clicks within the newsletter. These are group-related and individual openings are not visible.

All this is done on the legal basis of your explicit consent (see Art. 6 para. 1 GDPR). You can revoke this consent at any time.

If you need help, I will be happy to help you via e-mail, for example to manually delete your e-mail address from the mailing list.

Web Hosting

The accessibility of my service and information offer on the Internet is made possible by the German web hosting provider All-Inkl, whose services I use. These services include: Infrastructure, platform, storage space, databases, computing capacity, technical maintenance, e-mail and security services.

Accordingly, all data is processed by the web hosting provider in my legitimate interest in Germany (see Art. 6 para. 1 & Art. 28 GDPR). From you this is your IP address and access data (log files).

Of course, my WordPress database is also located on the server of the web hosting provider, which contains, for example, the email addresses entered in the newsletter or comments.


Each time the server is accessed, the web hosting provider collects and stores corresponding retrieval data based on legitimate interests (cf. Art. 6 para.1 GDPR):

  • Webpage name
  • File information
  • Date and time
  • Transmitted data volume in bytes
  • whether the access was successful
  • via which browser this happened
  • with which operating system
  • active cookies
  • the previously visited website from which the user reached the access page
  • IP address
  • Accessed provider

This data is stored for a maximum of 7 days for security reasons, for example to clarify misuse or fraud (see Art. 24ff. GDPR). Backups are stored for 4 weeks. If it is necessary to present data as evidence, the retention period is extended until the facts of the case have been clarified.

SSL Encryption

In order to protect the transmissions taking place on the website, state-of-the-art encryption procedures are used via HTTPS. This is particularly necessary for the transmission of confidential content, for example in the case of inquiries via contact form.

You can recognize the encryption by the fact that the combination "https://" precedes the domain at the beginning of the browser line, and not "http://." You can also recognize the encryption by the lock symbol to the left.


You have probably already encountered the small text files called "cookies:" They are stored in your browser and collect various data, so that you do not have to re-enter your own data in form fields, for example.

Through a specific string of characters, cookies allow your browser (which collects data such as cache, cookies, stored login and form data) to uniquely identify you when you revisit the website.

By clicking on the encryption icon to the left of the URL in the browser bar, you can see which cookies are currently active. Below the title "Cookies" you can get details about the different cookies and remove them.

You can also obtain information about all my cookies via your privacy settings in the cookie box, where you can disable single, multiple or all non-essential cookies.

You can also disable or delete them at any time in the browser options. You can find instructions on the website of your browser: Mozilla Firefox, Internet Explorer, Google Chrome, Opera, Safari and Vivaldi. Note, however, that doing so may disable various features on

The legal basis for technically necessary cookies is my legitimate interest to provide you with a user-friendly visit to my website or to enable the visit in the first place (see Art. 6 para. 1 GDPR).

Non-technically necessary cookies go beyond the functionality of the website visible to you and are permitted with your consent. These include those cookies that I use to ensure statistical evaluations in order to constantly improve my website. Learn more about Google Analytics.

Cookies cannot be used to launch unwanted programs or transmit viruses.

Google Analytics 4

For presentation and market research reasons, I use third-party providers that can generate statistics with so-called pixel tags (invisible graphics) and cookies.

As soon as you have accepted the cookies of the category "statistics" required for Google Analytics 4 (see Art. 6 para. 1 p. 1 lit. a GDPR), the web analytics service is active. The analyses help me to evaluate the offer of my website on the basis of your usage habits and to regularly improve it for you.

For example, I record the following events ...

  • (first) access of the website & individual web pages
  • Session time & duration
  • Navigation through the website
  • Scrolls to the end of the web page
  • Search queries
  • Clicks on videos & external links
  • Downloads
  • Language settings

... and the following personal data:

  • anonymized IP address
  • regional location
  • Browser & device data
  • Internet provider
  • Visit sources in URL form

Google Analytics is a service of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as processor according to Art. 28 GDPR), which means that its cookies send the data to a server located in the USA and store it there.

Your IP address is automatically shortened with Google Analytics 4 in the EU or in contracting states of the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases is this done on a Google server in the USA. A link to other personal data does not arise.

However, the possibility of US authorities gaining access to the data stored by Google cannot be ruled out. Since the ECJ classifies the US as a third country with different (and insufficient) data protection standards compared to the EU, there is a risk that your data will be processed in surveillance programs and you will not be able to file a lawsuit.

Google guarantees to comply with the EU_US Privacy Shield. You can also find out what else Google processes the transferred information for and how Google protects your data. You can find more information in the terms of use and privacy policy of Google Analytics and Google.

In order to achieve an appropriate level of data protection, an order processing contract has been concluded. Cookies and the personal data collected through them are automatically deleted after 2 months. Provided that the retention period has been reached, the deletion takes place (also automatically) 1 time per month. I do not share the data with third parties.

You do not agree with the tracking and want to revoke your consent with effect for the future?

By activating the opt-out cookie using the button below, you can immediately revoke the analysis of your data. This cookie is installed on your device and blocks the use of Google Analytics until it is removed.

Due to the previous consent, the processing that took place until the revocation remains lawful.

You can also disable cookies using the browser options by following the appropriate instructions. Please note that you may not be able to use some features on this website.

Furthermore, there is the possibility to deactivate Google Analytics with a browser add-on and to prevent the transfer of all your personal data to Google.

Pretty Links

To make certain internal and external websites that actually have longer, unsightly links give you an understandable indication of their content, I use the WordPress plugin "Pretty Links."

One of the functions of Pretty Links is to determine how often the link created with Pretty Links is clicked. The plugin distinguishes between unique clicks and total clicks. Unique clicks provide information about the number of different users who have clicked on the link.

This same Pretty Links feature sets the cookies "prli_click_1" and "prli_visitor" on my website, which record the number of clicks. See above to learn how to disable cookies in your browser.

Affiliate Links

Affiliate links are links that lead to a service or product from other providers. If you book or order from these providers via my link, I receive a commission. The price of the service or product does not change for you via the affiliate link.

I only link to services and products that I myself am convinced of and can therefore warmly recommend to you.

If you find a link with an asterisk (*) in brackets on my website, it is an affiliate link.


On my website you may come across hyperlinks, i.e. links to external websites of third parties. Since I am not responsible for their content and data protection compliance, I ask you to visit the privacy statements of the respective websites.

Learn more about links to external websites on this website.

Professional Profile on LinkedIn

In order to draw attention to the blog of and my services, and at the same time maintain communication with contacts such as subscribers, clients and business partners, I maintain a LinkedIn profile.

If you click on a link or button on my website that leads to my LinkedIn profile, a connection to the LinkedIn servers is automatically established. This informs the network with your IP address that you have accessed my website. If you are logged in with your LinkedIn account at the same time, this visit can be assigned to your account.

When you access my LinkedIn profile, LinkedIn's privacy policy applies. Although LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) is subject to the EU Privacy Shield and must comply with relevant data protection laws, your data may be sent to servers in the United States.

With the opt-out option of LinkedIn, you can refuse the data collection by LinkedIn.

I have no access to the transmitted data. Provided you are logged in during the call, I am only informed about (your visit), your networking request, your following, commenting, mentioning (and linking) of my profile as well as your private messages, which I can view and respond to. My LinkedIn profile is publicly accessible.

I do not process your data outside of LinkedIn. If we are considering pre-contractual data collection, we will move the communication to our email inboxes.

ARTMO Profile

To draw attention to the blog of and my services, and at the same time to provide my subscribers from the international art audience with news and tips, I maintain an ARTMO profile.

When you click on a link or button on my website that leads to my ARTMO profile, a connection is automatically established to ARTMO's servers, which are located in Germany. The website uses Google AdSense as well as Google Analytics and the privacy policy states that neither your name nor your email address will be processed. Your IP address is also recorded anonymously.

Despite the settings I have chosen for my ARTMO account, my profile is only partially publicly accessible. To change this, you need to log in there and accordingly share your data with ARTMO voluntarily.

If you are logged in with your own ARTMO account at the same time when you visit ARTMO, this visit can be assigned to your account and thus to all stored data that you have shared with the platform.

I have no access to the transmitted data. If you are logged in during the call, I am only informed about your visit, your networking request, your following, commenting, mentioning (and linking) of my profile as well as your private messages, which I can view and respond to.

I do not process your data outside ARTMO. If we consider a pre-contractual data collection, we move the communication to our email inboxes.

For more information, please see ARTMO's Privacy Policy.


The Internet offer is not directed at children or young people under the age of 18, which is why corresponding personal data is not or not knowingly processed by this website.

However, if I become aware that this is the case without a legal obligation or the consent of the parents, the relevant data will be deleted immediately.

Effectiveness of All Listed Points

The data protection declaration including all the points and thoughts listed here refers to the complete internet offer of

As soon as even one point or idea loses its validity because it turns out that this has become outdated or incomplete and thus no longer meets the requirements of the currently valid legal situation, all other points and ideas of this privacy policy remain completely unaffected by its validity.

In addition, I reserve the right to make changes to my privacy policy so that it is always up to date. If you visit my website again after such a change, the new privacy policy will apply.

Open Questions

If I could not answer your question with this privacy policy, I look forward to your e-mail (contact form).

For more information on data protection, you can also contact the European Union Information Offices.

Last updated on January 6, 2023.