Privacy Notice

This is a static informational website. It sets no cookies, runs no analytics, embeds no third-party scripts or fonts, and contains no contact forms. The notice below explains the limited processing that does occur, your rights under the GDPR, and how to exercise them.

Diese Seite auf Deutsch →

1. Controller

The controller for the processing of personal data on this website within the meaning of Art. 4 No. 7 GDPR is:

Embedded Systems Academy GmbH
Bahnhofstr 17
30890 Barsinghausen
Germany

Phone: +49 5105 582 7897
Email: [contact email, JavaScript required]

For the full legal-entity record (commercial register, VAT identification, managing director), see the Imprint.

2. Scope of this Notice

This notice applies only to the CANcrypt website (cancrypt.*), including the V1 archive served under /v1/. Other Embedded Systems Academy properties, including esacademy.com, esacademystore.eu, emsa.courses, cansecurity.net, and canopenmagic.com, operate under their own privacy notices. Following any external link will leave the scope of this notice.

3. What This Site Does Not Do

For clarity, this website explicitly does not:

set any cookies, including no consent or session cookies;
use localStorage, sessionStorage, or any other client-side persistent storage;
load analytics, tag managers, or tracking pixels (no Google Analytics, no Plausible, no Matomo, no Meta Pixel, etc.);
load fonts, scripts, stylesheets, images, or media from third-party content delivery networks, including no Google Fonts, no Cloudflare, no jsDelivr, no Gravatar;
embed videos, social-media widgets, or maps;
contain HTML <form> elements or collect input from visitors;
collect email addresses or operate a mailing list.

You can verify these claims by inspecting the site with your browser's developer tools (Network tab, Application tab); there should be no third-party requests and no client-side storage entries.

4. What Is Processed: Server Logs

This website is hosted at Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, in the AWS region eu-central-1 (Frankfurt am Main, Germany). AWS acts as our data processor under Art. 28 GDPR on the basis of the AWS GDPR Data Processing Addendum.

The hosting infrastructure automatically records technical request data in server logs, which may include:

the IP address from which the request was made,
the date and time of the request,
the requested URL and HTTP method,
the HTTP response status,
the user-agent string identifying your browser and operating system,
the HTTP referer (the page you came from), if your browser sends one.

Legal basis: Art. 6 (1) (f) GDPR, our legitimate interest in operating a stable, secure, and abuse-resistant website. Retention: log entries are kept for the period required for security analysis and operational diagnostics, typically not longer than 30 days, after which they are deleted or anonymized. Logs are not used for analytics, profiling, or marketing.

5. Contact by Email

If you contact us using the obfuscated email link in the contact or imprint pages, your browser opens your local email client. Embedded Systems Academy GmbH only receives the data you voluntarily include in the message you send. The address is technically obfuscated (assembled by JavaScript at page load) to deter automated scraping; this is a security measure, not a tracking measure.

Email content is processed on the basis of Art. 6 (1) (b) or (f) GDPR depending on the nature of your inquiry, and is retained for as long as necessary to handle your request and for any subsequent legal-record-keeping obligations.

6. External Links

This site contains links to external resources, for example esacademy.com, cansecurity.net, emsa.courses, the European Commission ODR platform, and standards bodies such as eur-lex.europa.eu, iec.ch, etsi.org, csrc.nist.gov, and bsi.bund.de. We have no control over the privacy practices of these third parties. Following an external link is governed by the destination's own privacy notice. All external links open in a new browser tab and use rel="noopener".

7. Your Rights under the GDPR

Subject to the conditions set out in the GDPR, you have the following rights with respect to personal data we process about you:

Right of access (Art. 15 GDPR) — confirmation whether we process personal data concerning you and, if so, a copy of that data;
Right to rectification (Art. 16 GDPR) — correction of inaccurate or incomplete data;
Right to erasure (Art. 17 GDPR) — deletion of your data, subject to legal retention obligations;
Right to restriction of processing (Art. 18 GDPR);
Right to data portability (Art. 20 GDPR), where applicable;
Right to object (Art. 21 GDPR) to processing based on Art. 6 (1) (e) or (f) GDPR, including the server-log processing described in section 4.

To exercise any of these rights, write to the contact address in section 1.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a data-protection supervisory authority. The competent authority for Embedded Systems Academy GmbH is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Germany
Web: lfd.niedersachsen.de

You may also lodge a complaint with the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR).

9. Changes to this Notice

This notice was last updated on 8 May 2026. Material changes will be reflected by an updated date; please re-read this page from time to time. The current version is always the version published at /privacy/.