# Privacy Policy

**Last Updated: [DATE]**

## 1. Introduction

Welcome to [WEBSITE_NAME] ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [WEBSITE_URL] (the "Site").

## 2. Data Controller

The data controller responsible for your personal data is:

**Jeff Emmett**
23 Birchpark Dr
L3M 4M9 Grimsby, Canada

Email: [CONTACT_EMAIL]

## 3. What Data We Collect

### 3.1 Data You Provide to Us

We may collect the following categories of personal data that you voluntarily provide:

- **Contact Information**: Name, email address when you contact us or subscribe to our newsletter
- **Communication Data**: Content of messages you send us through contact forms or email

### 3.2 Data Collected Automatically

When you visit our Site, we may automatically collect:

- **Technical Data**: IP address (anonymized), browser type, operating system, device type
- **Usage Data**: Pages visited, time spent on pages, referring website, click patterns
- **Cookie Data**: See our Cookie Policy section below

### 3.3 Data We Do NOT Collect

We do not collect:
- Special category data (health, religion, political opinions, etc.)
- Financial/payment data (unless you make a purchase, handled by third-party processors)
- Data from children under 16 years of age

## 4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

| Purpose | Legal Basis (GDPR Art. 6) |
|---------|--------------------------|
| Responding to your inquiries | Legitimate interest / Contract performance |
| Sending newsletters (if subscribed) | Consent |
| Website analytics and improvement | Legitimate interest / Consent |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |

## 5. Newsletter & Email Communications

If you subscribe to our newsletter:
- We use **Listmonk** (self-hosted) to manage subscriptions
- You can unsubscribe at any time using the link in every email
- We will never share your email with third parties for marketing
- Legal basis: Your explicit consent (GDPR Art. 6(1)(a))

## 6. Cookies and Tracking

### 6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit websites. We use cookies to:
- Remember your preferences (e.g., cookie consent choice)
- Understand how you use our website (analytics)

### 6.2 Types of Cookies We Use

| Cookie Type | Purpose | Duration | Consent Required? |
|-------------|---------|----------|-------------------|
| **Strictly Necessary** | Essential for site functionality | Session | No |
| **Analytics** | Understand site usage patterns | 1 year | Yes |
| **Preferences** | Remember your settings | 1 year | Yes |

### 6.3 Analytics

We use [Vercel Analytics / Plausible / other] to understand how visitors interact with our Site. This service:
- [Collects anonymized usage data / Collects IP addresses]
- [Does not use cookies / Uses first-party cookies]
- Data is processed in [location]

### 6.4 Managing Cookies

You can manage cookies through:
- Our cookie consent banner (appears on first visit)
- Your browser settings
- Links at the bottom of our pages

To opt-out of analytics, you can:
- Click "Reject" on our cookie consent banner
- Use browser extensions like uBlock Origin or Privacy Badger

## 7. Data Sharing and Third Parties

We may share your data with:

### 7.1 Infrastructure Providers (Data Processors)

| Provider | Service | Location | DPA |
|----------|---------|----------|-----|
| **netcup GmbH** | Web hosting infrastructure | Germany (EU) | Yes |
| **Cloudflare, Inc.** | CDN, security, DNS | Global (US company, EU processing) | Yes |
| **Vercel Inc.** | Analytics | US | Yes |

### 7.2 We Never:
- Sell your personal data
- Share data with advertisers
- Transfer data without appropriate safeguards

### 7.3 International Transfers

Some of our service providers are based outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards such as:
- EU Standard Contractual Clauses (SCCs)
- Data Processing Agreements
- Adequacy decisions where applicable

## 8. Data Retention

We retain your personal data only for as long as necessary:

| Data Type | Retention Period |
|-----------|-----------------|
| Contact form submissions | 2 years |
| Newsletter subscriptions | Until you unsubscribe + 30 days |
| Analytics data | 14 months |
| Server logs | 14 days |

## 9. Your Rights Under GDPR

You have the following rights regarding your personal data:

### 9.1 Right of Access (Art. 15)
Request a copy of your personal data we hold.

### 9.2 Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete data.

### 9.3 Right to Erasure (Art. 17)
Request deletion of your data ("right to be forgotten").

### 9.4 Right to Restrict Processing (Art. 18)
Request limitation of how we process your data.

### 9.5 Right to Data Portability (Art. 20)
Receive your data in a structured, commonly used format.

### 9.6 Right to Object (Art. 21)
Object to processing based on legitimate interests, including profiling.

### 9.7 Right to Withdraw Consent (Art. 7)
Withdraw consent at any time (does not affect prior lawful processing).

### 9.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:
- Email: [CONTACT_EMAIL]
- Subject line: "GDPR Data Request - [Your Right]"

We will respond within **30 days** of receiving your request. We may ask for identification to verify your identity.

### 9.9 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. Since our hosting is in Germany, you may contact:

**Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg**
Website: https://www.baden-wuerttemberg.datenschutz.de/

Or your local data protection authority.

## 10. Security Measures

We implement appropriate technical and organizational measures to protect your data:

- **Encryption**: All data transmitted via HTTPS/TLS
- **Access Controls**: Limited access to personal data
- **Infrastructure Security**: ISO 27001 certified data centers (netcup/Anexia)
- **Regular Updates**: Security patches and updates applied promptly

## 11. Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

## 12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- [Sending an email notification for significant changes]

## 13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

**Jeff Emmett**
Email: [CONTACT_EMAIL]
Website: [WEBSITE_URL]

---

## Appendix A: Specific Processing Activities for [WEBSITE_NAME]

### Data Processing Summary

**Categories of Data Subjects:**
- [ ] Website visitors
- [ ] Newsletter subscribers
- [ ] Contact form users
- [ ] Customers/clients
- [ ] Other: _______________

**Categories of Personal Data:**
- [ ] Name
- [ ] Email address
- [ ] IP address (anonymized)
- [ ] Usage/analytics data
- [ ] Other: _______________

**Special Categories of Data (Art. 9):**
- [x] No special categories processed

---

*This privacy policy template is provided for informational purposes. Consider consulting with a legal professional to ensure full compliance with applicable laws.*