🧁Caketastic
  • Home
  • Recipes
  • Season
    • Spring
    • Summer
    • Autumn
    • Winter
  • Search
  • Random Recipe
  • Login
  • Register

Privacy Policy

www.caketastic.ch | Last updated: 12 July 2026

1. Introduction and scope

With this privacy policy we inform you about the processing of your personal data in connection with the use of our website www.caketastic.ch. This privacy policy complies with the Swiss Federal Act on Data Protection (FADP) as well as the European General Data Protection Regulation (GDPR).

The technically necessary use of our website is possible without consent to analytics or advertising services. We only use optional services (Google Analytics, Google AdSense) on the basis of your express, voluntary consent, which we obtain via a Google-certified consent management platform (CMP). If you decline the optional services, you can continue to use the website without restriction; no analytics or advertising cookies are then set and only non-personalised ads are served.

2. Data controller

The controller responsible for data processing is:

Caketastic
Marco Baumgartner
Zeughausstrasse 4
3400 Burgdorf, Switzerland
Email: caketastic.headboard473[at]passmail.net

3. Types of data collected

We collect and process the following categories of personal data:

3.1 Server log files (automatically collected access data)

When you access our website, our web server (nginx) automatically stores access data in log files. This includes in particular the IP address, the date and time of access, the page/file requested, the HTTP status code, the volume of data transferred, the referrer URL as well as the browser type and operating system (user agent).

This processing is necessary for the secure and stable operation of the website (legitimate interest, Art. 31 FADP / Art. 6(1)(f) GDPR). The IP address is personal data. Retention period: server log files are automatically deleted or rotated after a maximum of 14 days.

3.2 Security and abuse logs

To defend against automated attacks, brute-force attempts and spam, we operate a protection system that logs suspicious access. In doing so, the IP address, the timestamp, the user agent and the requested path are stored. The legal basis is our legitimate interest in IT security (Art. 31 FADP / Art. 6(1)(f) GDPR). Retention period: automatic deletion after 90 days.

3.3 User account

When you create an account, we process the email address you provide, a password stored in encrypted form (hash), your preferred language, your notification settings and – if enabled – data relating to two-factor authentication. This data is necessary to provide the account (contract / pre-contractual measures, Art. 31 FADP / Art. 6(1)(b) GDPR). It is stored for as long as your account exists and is removed after its deletion. You can delete your account yourself at any time.

3.4 Content: comments, ratings, images, saved recipes

When you post comments or ratings, upload images or save recipes and shopping lists, we process the content you create together with your user identifier and the time of creation. Comments and uploaded images are moderated or technically checked before publication. The legal basis is your consent or the performance of the contract (Art. 31 FADP / Art. 6(1)(a)/(b) GDPR).

3.5 Email dispatch

To confirm registration, reset passwords and send security notifications, we send emails to your address via the Swiss email service Proton Mail (Proton AG, Geneva). This is necessary for account and security management (Art. 31 FADP / Art. 6(1)(b) GDPR).

3.6 Cookies and similar technologies

Our website uses cookies. Cookies are small text files stored on your device. We use:

  • Technically necessary cookies for the operation of the website (e.g. session/login, language selection). These do not require consent.
  • Analytics cookies (Google Analytics) – only with your consent.
  • Advertising cookies (Google AdSense) – only with your consent.

We obtain your consent via a Google-certified consent management platform (CMP) that implements the IAB TCF standard. We integrate Google Analytics and Google AdSense via Google’s “Consent Mode v2”: the Google scripts are loaded as soon as the page is opened, but their behaviour depends on your consent. Without your consent, only non-personalised ads are served in limited mode (“limited ads”) and Google Analytics works without cookies; no analytics or advertising cookies are then set. After your consent, personalised ads are served and analytics/advertising cookies are set. For the technical delivery of ads, your IP address is transmitted to Google. Note: we host our fonts ourselves – as a result there is no transfer of data to Google.

For faster delivery and for offline use (Progressive Web App), our website stores technically necessary files via a service worker in the local browser storage of your device. No personal data is transmitted to us or third parties in the process.

The choice you make via the CMP is stored by Google (among other things as a TCF consent signal) and can be changed or revoked at any time via “Cookie settings” in the footer.

4. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”). Google Analytics uses cookies that enable an analysis of the use of the website.

Google Analytics is integrated via “Consent Mode v2”. Without your consent, Google Analytics works without cookies (no analytics cookies) and no personal data usable for analysis is stored. Only after you have given consent via the consent management platform are analytics cookies set. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. We have activated IP anonymisation (“anonymize_ip”), so that your IP address is shortened by Google within the EU or the EEA before being transmitted to the USA.

Legal basis: your consent (Art. 6(6) FADP; Art. 6(1)(a) GDPR). You can revoke this consent at any time via “Cookie settings” in the footer.
Further information: https://policies.google.com/privacy

5. Google AdSense

Our website uses Google AdSense, a service provided by Google Ireland Limited, to integrate advertisements.

We use AdSense via Google’s “Consent Mode v2”; your consent is obtained via a Google-certified consent management platform (CMP). This means: without your consent, only non-personalised ads are served in limited mode (“limited ads”); no advertising cookies are then set and no web beacons are used for profiling. Personalised advertising – which may use cookies and web beacons – takes place solely after your express consent via the consent management platform. For the technical delivery of ads (including non-personalised ones), your IP address is transmitted to Google.

The following data may be collected and transmitted to Google in the process:

  • IP address
  • device identifiers
  • websites visited
  • location data (if enabled)
  • browser information
  • interactions with advertisements

Google may use this information to show you personalised advertising and to measure the effectiveness of advertising campaigns. The data may also be processed in the USA.

Legal basis: your consent (Art. 6(6) FADP; Art. 6(1)(a) GDPR).
Further information: https://policies.google.com/technologies/ads

6. Transfer of data to third parties

We do not pass on your personal data to third parties unless this is necessary for the purposes stated in this privacy policy. Any transfer is made exclusively to:

Google Ireland Limited / Google LLC: in the context of Google Analytics and Google AdSense, data is transmitted to Google. Google processes this data as an independent controller or processor in accordance with Google’s data protection provisions.

Beyond this, no personal data is passed on to any other third parties.

7. Transfer of data abroad

In the context of using Google Analytics and Google AdSense, personal data may be transferred to the USA. According to the decision of the FDPIC and the EU Commission, the USA has an adequate level of data protection under the EU-U.S. Data Privacy Framework.

Google LLC is certified under the EU-U.S. Data Privacy Framework. In addition, we have agreed the EU Commission’s standard contractual clauses with Google in order to ensure an adequate level of data protection.

8. Consent and revocation

On your first visit to our website, a Google-certified consent management platform asks you whether you would like to allow optional analytics and advertising services. This consent is voluntary: without consent the website remains fully usable; no analytics or advertising cookies are then set and only non-personalised ads are served. Consent to optional services covers:

  • Google Analytics for analysing user behaviour
  • Google AdSense for displaying personalised advertising

Technically necessary cookies are required for operation and do not require consent. You can revoke or change consent you have given at any time with effect for the future – just as easily as you gave it – via the “Cookie settings” link in the footer, which reopens the consent management platform. The revocation does not affect the lawfulness of the processing carried out until then.

9. Retention period

We store personal data only for as long as is necessary for the respective purpose:

  • Server log files: max. 14 days
  • Security/abuse logs (IP): 90 days, then automatic deletion
  • Upload check logs: 90 days
  • Consent signals (CMP/IAB TCF): stored by Google (generally up to 13 months)
  • User account and content (comments, ratings, images, lists): until you delete the account
  • Google Analytics / AdSense: in accordance with Google’s retention periods

10. Your rights

Within the scope of applicable data protection law, you have the following rights:

  • Right of access: you can request information about the personal data we hold about you.
  • Right to rectification: you can request the correction of inaccurate data.
  • Right to erasure: under certain conditions you can request the deletion of your data.
  • Right to restriction: you can request the restriction of the processing of your data.
  • Right to object: you can object to the processing of your data.
  • Data portability: you can request that we transmit your data to you in a common format.
  • Right to revoke: you can revoke your consent at any time.

To exercise these rights, you can contact the controller named above.

11. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch
  • EU: the competent supervisory authority of your country of residence or stay.

12. Data security

We take appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, misuse or destruction. Our website uses SSL/TLS encryption, recognisable by the “https://” in the browser bar.

13. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time. The current version is always published on our website. In the event of material changes, we will inform you accordingly.

14. Contact

If you have any questions about data protection or about exercising your rights, you can contact us at the address given above or by email.

This privacy policy was drawn up in accordance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

© 2026 Caketastic - Cake recipes from around the world

DE | FR | IT | EN
About us Cookie settings Privacy Imprint
⏰ Back-Timer ▼

Keine aktiven Timer

Starte einen Timer auf einer Rezeptseite!