SDMetrics home page
The Software Design Metrics tool for the UML

Privacy Policy for SDMetrics

1. Preliminaries and contact details

The following sections lay out the privacy policy that applies to users of the websites and, as well as (prospective) licensees of the UML design quality measurement tool SDMetrics.

The responsible data controller and your main contact point for all data privacy matters is:

  • Jürgen Wüst, In der Lache 17, 67308 Zellertal, Germany.

You can find my full contact details here if you wish to exert your right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), or right to restriction of processing (Art. 18 GDPR).

To exert your right to lodge a complaint (Art. 77 GDPR), the competent supervisory authority for my territory is "Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz", Postfach 30 40, 55020 Mainz ( If you reside inside the territorial scope of the GDPR, you can contact your local supervisory authority instead.

2. Privacy policy for visitors to the websites and

What personal data do I collect?

I don't collect any personal data about you, period. It is quite possible to deliver a bunch of static HTML pages and a PHP-driven blog entirely without the use of any cookies, tracking scripts, social media plugins and so forth. We apologise for the convenience.

What non-personal data do I collect then?

Like any serious website maintainer, I regularly check the access logs to monitor the amount of traffic to the various parts of the site, server errors, and attacks to the website. An entry in the access logs contains the following attributes, as mandated by the widely popular "HTTP over TCP/IP" protocols, and collected by just about every web server on this planet out of the box:

  • Anonymised IP address of the client. I do not have access to your full IP address, because my web hoster randomly hashes the lowest 9 bits of the IPv4 address. That way, I can identify your organization or internet provider, but not your individual machine address, let alone you personally.
  • the date and time of the access
  • the HTTP method and URL requested
  • the HTTP status code for the request
  • the number of bytes sent in the reply
  • the referrer URL of the HTTP request, if any
  • the user agent (browser or bot name) of the HTTP request

I keep an archive of the access logs for historical data analyses. The access logs are not disclosed to any third parties.

3. Privacy policy when you purchase a source code license of SDMetrics or other services.

What personal data do I collect?

The mandatory data you need to provide is your last name, address (street, zip code, city, country), e-mail address, and VAT ID (if applicable). You may optionally provide your title, first name, company name, phone number, fax number. The legal basis for this data processing is Article 6(1) point (b) of the GDPR.

How do I collect your data?

You provide the data in the course of prior negotiations of the contract details in form of e-mails (OpenPGP encryption is available and encouraged), phone calls, or documents sent by mail.

How do I use your data?

I require the data for invoicing. Later on, I use the data to verify that you are a licensed user in case of support requests or if you wish to update or upgrade your existing license.

How long do I store your data?

I'll store your data record indefinitely, as all SDMetrics licenses are perpetual.

With whom do I share your data?

Your data will not be disclosed to any third parties.

What happens if you request your personal data to be erased?

I am required to keep a copy of your invoice, which contains most of your personal data, for 10 years (Germany's §14b Umsatzsteuergesetz).

If you purchased a source code license, I will keep my copy of the mutually signed source code license agreement, which also contains most of your personal data. Otherwise I could not sue you if you chose to violate any conditions of the source code license agreement later on. Either way, your source code license will continue to be valid.