Privacy Policy

Last updated: 2026-04-24

This page explains what personal data we collect, why, and what rights you have. "We" means Federico Conticello, the owner of this website.

1. Who is responsible

The data controller is Federico Conticello. For any privacy question or to exercise your rights, write to [email protected].

2. What data we collect

• Contact form (only on pages that include one): your name, email address, and the message you send us. You provide this data voluntarily.
• Server and CDN logs: our hosting and CDN providers record basic technical data on every request (IP address, user-agent, timestamp, requested URL) for security and anti-abuse purposes.
• Cookies: only strictly necessary cookies for CSRF protection, admin authentication, and anti-bot security (set by our CDN). See the Cookie Notice for the full list.

We do not use analytics, advertising, tracking pixels, or any third-party profiling script.

3. Why we use your data (legal basis)

• To reply to messages you send us via the contact form — processing is based on your explicit request and our legitimate interest in responding (GDPR Art. 6(1)(b) and 6(1)(f)).
• To keep the site secure and running — legitimate interest (GDPR Art. 6(1)(f)).

4. How long we keep your data

• Contact messages are automatically deleted after 30 days.
• Technical logs are retained according to the policies of our CDN / hosting providers (see below).

5. Who we share your data with (processors)

We use a small number of service providers to run this site. Each is bound by their own data processing terms:

• Sweego (EU, France) — delivers outbound email from the contact form and system notifications.
• Cloudflare (US) — provides DNS, CDN proxy, and (where enabled) email routing. Governed by Cloudflare's Standard Contractual Clauses (SCCs) for EU→US transfers.
• GitHub (US) — hosts source code and, for some sites, serves static pages. Also governed by SCCs.

We do not sell your data and we do not share it with any party other than what is strictly needed to operate the site.

6. International transfers

Because some of our processors are based in the United States, your data may be transferred outside the European Economic Area. Those transfers happen under the Standard Contractual Clauses approved by the European Commission.

7. Your rights

You have the right to:

• access the data we hold about you;
• ask for correction of inaccurate data;
• ask for deletion of your data (right to be forgotten);
• restrict or object to our processing;
• receive your data in a portable format;
• withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, send an email to [email protected]. We will respond within one month.

8. Complaints

If you believe we have mishandled your data, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) (https://www.autoriteprotectiondonnees.be/).

9. Automated decision-making

We do not carry out any automated decision-making or profiling based on your data.

10. Changes to this policy

We may update this policy as the site evolves. The "last updated" date at the top of this page reflects the most recent revision.