Scope and purpose
The policy covers visitors to this domain, people who use the contact form, and data processed through common web infrastructure. It is written to align with the GDPR, with attention to the rights of people in the European Economic Area and the United Kingdom, and with awareness that other regions may have parallel rules. It does not cover employees, contractors, or other separate agreements unless those agreements say otherwise in writing.
Categories of data we may process
We may process identifiers such as your name and email if you type them in the form. We may process the content of your message and, separately, a record of whether you consented to processing for that request. We may process technical data that servers and browsers typically exchange, including an IP address, the type of device and browser, a rough area derived from the IP, timestamps, the page you requested, the referring page, and error codes. If you have agreed to optional marketing or analytics, we may process pseudonymous or aggregated identifiers that tools assign through cookies or similar, as further described in the cookie policy. We do not use this public form to request special categories of data and you should not include information about your health, beliefs, or other highly sensitive areas in a general contact message.
Why we use data and legal bases
We use technical data to deliver pages, to secure the service, to debug problems, to understand which parts of the site are used in aggregate, and to meet our obligations when we are required to keep evidence of activity. The basis is often a legitimate interest in running a safe and reliable public site, or a legal obligation when applicable. We use the contact form to read your message and respond when we choose to; the legal basis is your consent, which you may withdraw by telling us, subject to the limits of law, and the performance of a contact request. Optional analytics and marketing, when enabled, are based on consent you give through the cookie tool and can be withdrawn the same way.
Retention in principle
We keep server logs and similar technical records for a period that is long enough to investigate issues and meet security needs, and then we delete or aggregate them, unless a specific incident or legal hold requires a longer time. We keep the substance of a contact form message for as long as is reasonable to handle your note, to document what we said, and to meet any legal, tax, or insurance requirement that may apply, then we delete or reduce it to a minimal record where the law allows. Consent and preference data stored in your browser is under your direct control; when you change your mind in our tool, we read that state on the next visit, and the technical vendors may keep their own logs according to their settings.
Sharing and location of processing
We work with service providers for hosting, email delivery, security monitoring, and sometimes analytics. They are allowed to use data only to help us, not for their own marketing, unless a separate and obvious relationship exists between you and that brand. The site may be served from or backed up in more than one country. When personal data related to the EEA, UK, or Switzerland moves to the United States or elsewhere, we use mechanisms such as standard contractual clauses, adequacy decisions, or the Data Privacy Framework where applicable, and we review these arrangements as laws evolve.
Data protection practices
We limit which accounts can read logs and form submissions, we prefer encrypted transport for connections when the platform supports it, and we work with vendors who publish security information we can check. We review access when roles change, and we plan for business continuity. No online system can be completely risk-free, so we will inform you and authorities when the law or good practice requires, after we learn of a reportable incident involving your personal data in a way that is likely to need your attention.
Your rights in brief
Where the GDPR and similar law apply, you may have the right to access, correct, or delete your data, to restrict or object to some processing, to take your data in a machine-readable form when processing is by consent or contract, to withdraw consent where processing was based on it, and to complain to a supervisory authority in the country of your home, work, or the place of the issue. We will not charge a fee for a first request that is not excessive, and we will answer within a reasonable period and within deadlines the law gives. We may need to check your identity first so we do not hand information to the wrong person.
Children
The site is for adults who seek general information. We do not want to process personal data from children in a way that would need parental authorisation, and if we learn that we have, we will take steps to delete the information, subject to law.
Updates to this policy
We may post a new version to reflect a change in law, a change in the site, or a change in a vendor. The date in the header area above updates when the page is loaded in your session to match the day you are reading; the substantive file may still be the one we last edited for legal content. For material changes, we will use a reasonable mix of a notice on the site, an email when we have your address, or another fair method, according to the situation.