Privacy Policy

1. Data Controller and Privacy Contact

The data controller responsible for InfoDPP.eu is Dominik Dudziński. For any privacy-related inquiries, data deletion requests, or the exercise of user rights, please contact us at: contact@infodpp.eu.

2. Data We Collect

This website is primarily informational. We may collect the following data:

• Technical data: IP address, browser type, operating system, referring URL, pages visited, and time of access — collected automatically via server logs
• Privacy-friendly usage data collected via Umami analytics, such as page views, referring websites, browser and device type, and approximate location at a non-identifying level.

3. Purpose of Data Processing

We process data for the following purposes:

• To ensure the website functions correctly and securely
• To maintain the website, diagnose technical issues, and protect it against abuse
• To comply with legal obligations

4. Legal Basis (GDPR)

We process personal data based on: (a) our legitimate interest in operating, securing, and maintaining the website (Art. 6(1)(f) GDPR), and (b) compliance with legal obligations where applicable (Art. 6(1)(c) GDPR).

5. Cookies

InfoDPP.eu uses Umami, a privacy-friendly analytics tool, to understand aggregated use of the site and improve our content and user experience. We do not use analytics for advertising purposes and do not intentionally use advertising cookies on the site.

6. Third-Party Services

We may use the following third-party services:

• Netlify — for hosting and website delivery
• Umami Analytics — for privacy-friendly, aggregated website analytics
• Supabase (EU — Ireland) — secure storage for newsletter subscriber records
• Resend (EU region, EU-U.S. Data Privacy Framework certified) — transactional delivery of newsletter confirmation and issue emails
• Cloudflare Turnstile — cookie-free bot protection on the newsletter form

6a. Newsletter

If you subscribe to the InfoDPP newsletter we process your email address on the basis of your freely given consent (Art. 6(1)(a) GDPR) and, where applicable, Art. 13 of the ePrivacy Directive 2002/58/EC as transposed in your Member State. We use a double opt-in procedure: after you submit the form we send a confirmation link valid for 24 hours; your address is only activated once you click it. You can withdraw your consent at any time via the one-click unsubscribe link in every email or by contacting contact@infodpp.eu. Withdrawing consent does not affect the lawfulness of processing before withdrawal. After unsubscribe we keep your email address as a suppression-list entry (Art. 6(1)(f) GDPR — to honour your withdrawal and ensure you are not re-added by mistake) and to compute aggregate signup / churn statistics; you can request full erasure at any time via contact@infodpp.eu. We do not use open or click tracking. We may occasionally include information about OriginPass services only if you ticked the separate, optional marketing-consent checkbox at signup; that consent is independent and can be withdrawn separately. We keep confirmed subscriber records for as long as the subscription is active. For security and anti-abuse purposes we never store your raw IP address: it is hashed in application code with a per-record salt before being written to the database, and the hash is dropped on unsubscribe.

7. Data Retention

Server logs and technical data are processed within the EU / EEA and retained for a maximum of 90 days. Aggregated analytics data collected via Umami is retained only for as long as needed for reporting, trend analysis, and service improvement.

8. Your Rights

Under the GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to or restrict data processing
• Data portability
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at: contact@infodpp.eu.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date.