Privacy policy

This privacy policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

Controller

Name: Volodymyr Siedykh

Email: hello@vladimirsiedykh.com

Data we collect

We only collect personal data that is necessary for communication, service delivery, and website functionality. We use cookies to enhance your experience and provide essential functionality.

When you use contact forms (project brief, quote requests):

  • Full name and business email
  • Company name and phone number (optional)
  • Project details and business goals
  • Service requirements and budget preferences
  • File sharing URLs (optional, for design references)
  • Technical metadata: IP address, browser type, referrer URL

Legal basis: Art. 6(1)(b) GDPR (pre‑contractual communication)

Technical metadata: Art. 6(1)(f) GDPR (legitimate interest in website security and functionality)

Newsletter subscription:

  • Email address and subscriber name (optional)
  • Subscription preferences and interests
  • Email verification and unsubscribe tokens (for security)

Legal basis: Art. 6(1)(a) GDPR (consent) - requires email verification

When you schedule appointments (Cal.com integration):

Our site embeds a scheduling widget provided by Cal.com. The widget loads directly from Cal.com's servers; any information you enter (e.g., name, email, selected time slot) is transmitted to and processed by Cal.com under their own privacy policy.

Important: Cal.com currently processes booking data on US servers. We are on the waitlist for Cal.com/europe (EU-hosted solution) to ensure full data residency compliance.

More info: https://cal.com/privacy

Legal basis: Art. 6(1)(b) GDPR (contract performance for appointment scheduling)

Automatic data collection:

  • Session data for website functionality and security
  • Rate limiting data to prevent abuse
  • CSRF tokens for form security
  • Geographic location (country-level) for consent policy determination

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security, functionality, and legal compliance)

Cookies and tracking technologies

We use cookies to provide essential functionality and enhance your experience. You can control cookie preferences through our cookie banner.

Essential cookies:

  • Cookie consent preferences - Stores your cookie choices
  • Vercel edge network - Required for secure content delivery
  • Cal.com booking system - Essential for appointment scheduling and business operations

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website functionality and business operations)

Functional cookies (with your consent):

  • Google Analytics 4 - Page views, user behavior, and website usage analytics. Uses Google Consent Mode v2 to respect your privacy choices.
  • Vercel Analytics - Page views and user behavior tracking to understand how visitors use our website
  • Vercel Speed Insights - Performance monitoring and Core Web Vitals tracking to optimize site speed

Legal basis: Art. 6(1)(a) GDPR (consent)

Geographic consent policy: In EU/UK/CA regions, analytics require explicit opt-in consent. In US/AU regions, functional cookies are enabled by default with opt-out notice. Global Privacy Control (GPC) is honored and forces all tracking to be denied.

Managing cookies:

You can change your cookie preferences at any time by clearing your browser data and revisiting our site. The cookie banner will reappear, allowing you to make new choices.

Purpose of data processing

Your personal data is used to:

  • Respond to inquiries
  • Schedule meetings
  • Communicate with you about your project

We do not use your data for advertising without explicit consent.

Service providers and data processing locations

We prioritize EU-based services for data residency compliance. Below are all third-party processors and their locations:

EU-based services (full data residency compliance)

Database storage (Supabase)

All website data (contact forms, newsletter subscriptions, project briefs) is stored in Supabase servers located in Frankfurt, Germany (eu-central-1). This ensures full EU data residency.

Privacy policy: https://supabase.com/privacy

Email delivery (Resend)

Form submission notifications and newsletters are sent via Resend servers located in Ireland (eu-west-1). Email content is processed within the EU.

Privacy policy: https://resend.com/legal/privacy-policy

Website hosting (Vercel)

This website is hosted on Vercel servers in Frankfurt, Germany. Analytics and performance monitoring data is processed within the EU.

Privacy policy: https://vercel.com/legal/privacy-policy

Rate limiting & cache (Upstash Redis)

We use Upstash Redis in Frankfurt, Germany (eu‑central‑1) for IP‑based rate limiting and short‑term caching for SEO tooling.

Privacy policy: https://upstash.com/trust/privacy.pdf

US-based services (with adequate safeguards)

Appointment scheduling (Cal.com)

Booking data is currently processed by Cal.com on US servers. Data transfers are protected by Standard Contractual Clauses (SCCs) under Art. 46 GDPR.

Future compliance: We are on the waitlist for Cal.com/europe (EU-hosted solution) to achieve full data residency compliance for all services.

Privacy policy: https://cal.com/privacy

Website analytics (Google Analytics 4)

Analytics data (only with your consent) is processed by Google LLCin the United States. Data transfers are covered by the EU-US Data Privacy Framework adequacy decision and Google's data processing terms.

Consent-first: Google Analytics only loads after you explicitly consent to functional cookies. We use Google Consent Mode v2 to respect your privacy choices.

Privacy policy: https://policies.google.com/privacy

Data retention periods

We store your data only as long as necessary for the specified purposes:

Business communications:

  • Contact forms and project briefs: Up to 6 months after last interaction or project completion for business documentation purposes
  • Email correspondence: Retained as long as business relationship is active

Marketing communications:

  • Newsletter subscriptions: Until you unsubscribe or we cease operations
  • Unsubscribed contacts: Kept in suppression list indefinitely to honor your choice

Technical data:

  • Session data: Automatically deleted after 30 days of inactivity
  • Rate limiting logs: Automatically purged after 24 hours
  • Analytics data: Managed by Google (14-50 months) and Vercel (90 days) according to their policies

Third-party managed data:

  • Booking appointments (Cal.com): Managed according to Cal.com's retention policy
  • Email delivery logs (Resend): Kept for delivery tracking purposes only

Your rights under GDPR (Art. 15–22)

You have the following rights regarding your personal data:

Right of access (Art. 15)

Request a copy of all personal data we hold about you, including processing purposes and recipients.

Right to rectification (Art. 16)

Correct any inaccurate or incomplete personal data we have about you.

Right to erasure (Art. 17) - "Right to be forgotten"

Request deletion of your personal data when there's no legitimate reason for continued processing.

Right to restrict processing (Art. 18)

Limit how we process your data while disputes about accuracy or legality are resolved.

Right to data portability (Art. 20)

Receive your data in a machine-readable format to transfer to another service provider.

Right to object (Art. 21)

Object to processing based on legitimate interests, direct marketing, or research purposes.

Rights related to automated decision-making (Art. 22)

We do not use automated decision-making or profiling that produces legal or significant effects.

Right to withdraw consent

For processing based on consent (cookies, newsletter), withdraw consent at any time without affecting past processing legitimacy.

How to exercise your rights:

To exercise any of these rights, contact us at hello@vladimirsiedykh.com with your request and proof of identity. We will respond within one month of receiving your request.

Supervisory authority

If you believe we are violating data‑protection laws, you have the right to contact:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden‑Württemberg (LfDI BW)
Lautenschlagerstraße 20, 70173 Stuttgart
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/

Security measures

This website uses SSL encryption (HTTPS) to protect data in transit.

International data transfers

We prioritize EU data residency but some services require international transfers:

Transfers to the United States:

  • Cal.com (booking data): Protected by Standard Contractual Clauses (SCCs) under Art. 46 GDPR. We are transitioning to their EU service when available.
  • Google Analytics 4: Covered by the EU-US Data Privacy Framework adequacy decision and only processes data with your explicit consent.

All international transfers comply with GDPR Chapter V requirements and include appropriate safeguards.

Updates to this privacy policy

We may update this policy to reflect legal or technical changes. Material changes will be communicated through our website or email if you've subscribed to our newsletter.

Last updated: September 10, 2025