Technical Information Website Tolksdorf.digital
GDPR, Analytics, Hosting, Cloudflare, Online-Calendar, Google-Fonts, Cookie-Policy
Guiding principles
Maximum DSGVO / GDPR compliance through self-hosting in Germany.
Maximum operational security in a 27001-certified data center.
Selection of secure open source solutions for Server-Platform and Operating Platform.
Maximizing Internet security in domain management.
Maximum security against unauthorized entry.
Hosting at Hetzner in Germany
This website with integrated business solution consisting of Server-Platform and Operating-Platform, is hosted by Hetzner in Germany (see also section Subdomains).
- More Information about Data Protection at Hetzner.
- Mor Informationabout ISO 27001 Certification of Hetzner.
Subdomains
This website or business solution uses the following subdomains, with applications hosted by Hetzner itself:
- Appointment management with online calendar
cal.tolksdorf.digital - Website Analytics
matomo.tolksdorf.digital
plausible.tolksdorf.digital - Interactive AI application (“Samy”), GDPR-compliant controlled via Klaro!
Only loaded if explicit consent has been given. There is no connection to third-party providers or tracking services.
https://samy.tolksdorfdigital.com - Team Collaboration using Nextcloud
nextcloud.tolksdorfdigital.com
GMail and Domains
- The Swiss company Tolksdorf.digital GmbH uses Google Mail with the domain https://tolksdorf.digital. The DNS records of the domain are managed with Cloudflare without proxy functionality.
- Deutsche Tolksdorf.digital UG uses Google Mail with the separate domain https://tolksdorf-de.digital. The website of the domain is redirected to the shared website https://tolksdorf.digital , provided by the Swiss company Tolksdorf.digital GmbH.
Google Fonts
This website uses Google fonts stored statically on its own servers, which are not reloaded online.
The following tool was used for the verification. https://www.ccm19.de/google-fonts-checker/
Cloudflare
The DNS records of the domain are managed with Cloudflare without proxy functionality.
More Information about Cloudflare Privacy Policy.
Appointment management with online calendar
To book appointments, a self hosted Cal.com instance running in a container is used.
Website Analytics
For anonymous statistical evaluation, we use the standard Plausible Analytics and Matomo. These services are configured to be privacy-friendly and are enabled by default. Services such as Google Tag Manager or the interactive AI assistant Samy are only loaded after explicit consent has been given.
Web-Analytics with Matomo
Matomo is a self-hosted web analytics platform that does not require personal data and is fully GDPR-compliant. On this website, Matomo is used exclusively for anonymous reach measurement. Like Plausible Analytics, Matomo is a GDPR-compliant alternative to Google technologies. Both solutions can be obtained from the cloud or, as with Tolksdorf.digital, operated on-premise on your own servers.
More information about Matomo and data protection:
https://matomo.org/privacy/?nav
Web-Analytics with Plausible
Plausible is an intuitive, lightweight and open source web analytics solution. Plausible does not use cookies (See also section Cookie Policy) and is fully compliant with GDPR (DSGVO), CCPA and PECR. Created and hosted in-house by Hetzner (see above).
More information about GDPR-, CCPA- and Cookie-Laws-conform Website-Analytics using Plausible.
More information about the Privacy-Policy (Datenschutz) at Plausible.
Google Search Console (only integrated with Plausible in the backend)
As a GDPR-compliant add-on to Plausible, we use Google Search Console to analyze the findability of our domain in Google search results. This data is provided to us directly by Google (e.g., clicks, impressions, positions) and is not linked to visitor data on our website. No tracking code from Google is integrated, and no data is transferred from our website to Google. It is used exclusively in the backend of Plausible by authorized administrators.
Google Tag Manager
Google Tag Manager (GTM) is a tag management system (TMS) that can be used to measure tracking codes and associated code fragments (commonly referred to as tags) on websites or in mobile apps.
We use Google Tag Manager exclusively for tests and demonstrations of how GTM can be used in compliance with the GDPR. It is deactivated in normal operation. The script is only loaded with express consent. Cookies may be set by Google and data may be transmitted to US servers. Use only takes place after active selection in the privacy settings. GTM is only available after explicit consent.
UTM-Parameter
We use UTM parameters exclusively for the anonymized evaluation of our campaign effectiveness using self-hosted GDPR-compliant analytics tools (Matomo/Plausible). No personal data is stored in UTM parameters.
Artificial Intelligence (AI) on this website
This website offers an interactive AI assistant (“Samy”) that only becomes active when requested by the user. The function is controlled in accordance with GDPR via Klaro! consent management. No personal analysis or external processing takes place without consent. The AI runs on its own infrastructure (subdomain samy.tolksdorfdigital.com), free from third-party tracking and serves exclusively for technical support and voluntary information.
Self-Declaration EU AI Act
Please refer to Self-Declaration Tolksdorf.digital GmbH - EU AI Act
Data Protection & Security AI Functionality
Hosting: The Subdomain samy.tolksdorfdigital.com ("Samy Server"), is entirely hosted in Germany by Hetzner (ISO 27001).
No Profiling:
No personal context data is stored on the server side, nor are user profiles created.
There is no AI-supported decision automation, only voluntary, advisory expert interaction.Session-ID & Logging:
For technical purposes, an anonymized log with session ID is kept (via n8n).
The session ID does not allow tracing back to individuals.
The storage period for these logs is still to be finalized and documented.
📝 Context Processing
If necessary, the local HTML client creates a context file in Markdown format.
This file is sent to the "Samy Server", where it is automatically converted into a DOCX document.
The download is direct and automatic – without storage on the server.
Cookie Policy
Cookie database that can be used to verify the data
At https://cookiedatabase.org/ you can view information about cookies, local storage, pixels and other tracking technologies. You can also read the Data Passports we have created about the services and organizations that create or use these technologies.
Cookie Banner, Cookie Analytics and Management
The open source solution Klaro! is used to manage cookies and external services. https://klaro.org/
This fully self-hosted, lightweight consent management tool
- obtains consent for technically unnecessary services (e.g., Google Analytics, embedded interactive components) in accordance with the GDPR and prevents their execution as long as no consent has been given.
- We use Matomo and Plausible as GDPR-compliant analysis tools that collect data anonymously and minimally in accordance with the GDPR. They are enabled and can be deactivated.
- The cookie decision can be adjusted at any time via the footer link “Privacy | Imprint | Cookies”. Then press F5 to reload the website.
Klaro! does not set any tracking cookies itself. Only a local, technically necessary cookie is used to save your selected settings.
Ein Cookie-Scan-Report is available on request.
Youtube related Cookies
To display videos on the website https://tolksdorf.digital wird Youtube genutzt. Videos are not played automatically, so users are free to use them while applying to and adhering the Google Privacy Controls .
Cookie VISITOR_INFO1_LIVE
This functionally important cookie is used by YouTube to determine bandwidth.
Source: https://cookiedatabase.org/cookie/youtube/visitor_info1_live/
Cookie YSC
This optional cookie is set by YouTube for marketing/tracking to track views of embedded videos.
Source: https://cookiedatabase.org/cookie/youtube/ysc/
Nextcloud
Nextcloud only stores cookies that are necessary for the proper functioning of Nextcloud. All cookies come directly from self-hosted Nextcloud servers, no third-party cookies are sent to your system.
The cookies are used to determine how a request reaches the Nextcloud server and to prevent CSRF attacks. No identifiable information is stored in these cookies. The other cookies are used exclusively to identify users in the system. Cookies used:
Cookie | Stored data | Life time |
Session cookie |
| 24 Minutes |
Same-site cookies | No user-related data is stored, all same-site cookies cookies are identical for all users on all Nextcloud instances. | Forever |
Remember-me cookie |
| 15 Days (configurable) |
Source: https://docs.nextcloud.com/server/latest/admin_manual/gdpr/cookies.html
Cal (formerly Calendso)
As it is self-hosted, this module does not use cookies itself. For session management, information is stored in the local memory for technically necessary reasons to call up the appointment management https://cal.tolksdorf.digital used. The data is automatically deleted after the functionality is terminated. Further technical information can be found on Github: https://github.com/calcom/cal.com
- __Secure-next-auth.callback-url
- __Secure-next-auth.csrf-token
- __clnds
Odoo related Skripts and Cookies
csrf_token (Odoo)
The technically essential CSRF token (Cross-Site Request Forgery token) is a security mechanism that prevents malicious websites or attackers from performing actions on behalf of an authenticated user. When a user logs in to a website, they receive a CSRF token. This token is usually stored in the form of a cookie or a hidden input in the web form. The CSRF token must be sent with every action or request that the user sends to the website. The website then checks whether the token is correct to ensure that the request originates from a trustworthy sender.
Using the CSRF token ensures that only authorized actions can be performed by a user and that potential CSRF attacks are blocked. The token normally changes with each login or session to further increase security.
More informationen is available on Wikipedia .
__session_info__ (Odoo)
Technically essential for managing Odoo system users (not website users).
Odoo related Cookies
The following text was automatically generated and translated by Odoo. For technical reasons, only essential cookies are used for the use of this website.
Cookies are also used to help us understand your preferences based on previous or current activity on our site (the pages you have visited), your language and your country, which allows us to provide you with a better service. We also use cookies to collect aggregate data about website traffic and website interaction so that we can offer you better website experiences and tools in the future.
Here you will find an overview of the cookies that may be stored on your device when you visit our website:
| Category of Cookies | Purpose | Examples |
|---|---|---|
|
Session & Security |
This website is used by Tolksdorf.digital for demo purposes, which is why this cookie is technically necessary for session management. Authenticate users, protect user data and enable the website to provide the services expected by users, such as maintaining the contents of their shopping cart or allowing file uploads. The website will not function properly if you refuse or reject these cookies. |
session_id (Odoo) |
|
|
Remember information about the preferred look or behavior of the website, such as your preferred language or region. Your experience may be affected if you reject these cookies, but the website will continue to function. |
frontend_lang (Odoo) tz (Odoo) |
Interaction history (optional) |
Used to collect information about your interactions with the website, the pages you have visited, and specific marketing campaigns that led you to the website. We may not be able to provide you with the best service if you reject these cookies, but the website will work. |
im_livechat_vorheriger_Betreiber_pid (Odoo) utm_campaign (Odoo) utm_source (Odoo) utm_medium (Odoo) |
|
Advertisment & Marketing |
Not used. |
Not used. |
|
Google Analytics |
Understand how visitors use our website GDPR compliant after active consent, with Google Analytics. Learn more about Analytics-Cookies and Information about Daten Protection. This also works if you actively agree to the use of these cookies. |
_ga (Google) _gat (Google) _gid (Google) _gac_* (Google) |
You can choose whether you want your computer to warn you each time a cookie is sent or whether you want to disable all cookies. Every browser is a little different. So check your browser's help menu to find out how to change your cookies correctly.
We do not currently support Do Not Track signals as there is no industry standard for compliance.