Privacy Policy

Introduction

This privacy policy explains how I collect, use, and protect your personal information when you use the contact form on this portfolio website. Your privacy is important to me, and I am committed to protecting your personal data.

Information I Collect

When you use the contact form on this website, I collect the following information:

• Name: To know how to address you in my response
• Email Address: To respond to your inquiry
• Subject: To understand the nature of your inquiry
• Message: The content of your inquiry
• Project Budget (Optional): To understand the scope of potential projects
• Timeline (Optional): To understand your project timeline needs

How I Use Your Information

I use the information you provide to:

• Respond to your inquiries and questions
• Discuss potential projects or collaborations
• Provide information about my services
• Maintain records of our communication

I do not:

• Sell, rent, or share your personal information with third parties
• Use your information for marketing purposes without your consent
• Send unsolicited emails or communications
• Store payment information (as no payments are processed through this site)

Data Storage and Security

Your contact form submissions are handled through secure email delivery systems. The information you provide is:

• Transmitted securely using encrypted connections (HTTPS)
• Stored only in my private email account and secure communication tools
• Protected by industry-standard security measures
• Accessed only by me for the purpose of responding to your inquiry

Data Retention

I retain your contact information and communication history:

• Active Inquiries: Until our conversation is complete
• Project Communications: For the duration of the project and up to 2 years after completion for reference
• General Inquiries: Up to 1 year to follow up on potential future opportunities

You can request deletion of your information at any time by contacting me at mail@arnabdey.dev.

Your Rights

You have the right to:

• Access: Request a copy of the personal information I have about you
• Correct: Request correction of inaccurate or incomplete information
• Delete: Request deletion of your personal information
• Withdraw Consent: Stop future communications at any time
• Data Portability: Request your data in a portable format

To exercise any of these rights, please contact me at mail@arnabdey.dev.

GDPR Compliance

This website complies with the EU General Data Protection Regulation (GDPR) for all users, regardless of location. Under GDPR, you have enhanced rights regarding your personal data:

Legal Basis for Processing

I process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you voluntarily submit the contact form
• Legitimate Interest (Article 6(1)(f)): To respond to your inquiries and provide requested services
• Contract Performance (Article 6(1)(b)): When processing is necessary for project communications

Your GDPR Rights

Under GDPR, you have the following rights:

• Right to be Informed (Article 13-14): This privacy policy fulfills this requirement
• Right of Access (Article 15): Request a copy of all personal data I hold about you
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Limit how your data is used
• Right to Data Portability (Article 20): Receive your data in a machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Rights Related to Automated Decision Making (Article 22): Not applicable as no automated decisions are made

Data Protection Officer

As a small personal website, I am not required to appoint a Data Protection Officer. However, I take data protection seriously and you can contact me directly at mail@arnabdey.dev for any GDPR-related inquiries.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) or your local data protection authority.

Cookies and Website Analytics

Cookie Policy

This website is designed with privacy in mind and uses minimal tracking technology:

Essential Cookies

• Session Storage: Used temporarily for form validation and user experience (not persistent)
• Local Storage: May store theme preferences (dark/light mode) locally in your browser
• No Third-Party Tracking: This site does not use Google Analytics, Facebook Pixel, or similar tracking services

Technical Cookies

The following technical storage may be used:

• Theme Preference: Remembers your dark/light mode choice (stored locally, not transmitted)
• Form State: Temporarily preserves form data to prevent loss during submission
• Security: CSRF protection tokens when using contact forms

No Marketing or Analytics Cookies

This website explicitly does NOT use:

• Google Analytics or similar analytics services
• Social media tracking pixels
• Advertising cookies or retargeting
• Cross-site tracking technologies
• Third-party marketing tools

How to Control Cookies

You can control cookies through your browser settings:

• Block All Cookies: Set your browser to reject all cookies (may affect functionality)
• Block Third-Party Cookies: This site doesn't use them, but it's a good general practice
• Clear Existing Cookies: Delete any stored preferences
• Privacy Mode: Use incognito/private browsing for no persistent storage

External Services

When you submit the contact form, your data may be processed by these privacy-compliant services:

• Netlify Forms: GDPR-compliant form processing (if deployed on Netlify)
• Formspree: GDPR-compliant email delivery service
• FormSubmit: Privacy-focused form handling with encrypted endpoints

Each service has their own privacy policies and GDPR compliance measures.

Third-Party Services

The contact form may use third-party services for email delivery (such as Formspree or similar services). These services have their own privacy policies:

• They are used solely for the purpose of delivering your message to me
• They do not have permission to use your data for their own purposes
• Your data is not shared with these services beyond what's necessary for message delivery

Children's Privacy

This website is not intended for children under 13 years of age. I do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information, please contact me to have it removed.

International Data Transfers

This website is operated from Sweden, which is part of the European Economic Area (EEA) and subject to GDPR. For users outside the EEA:

• Data Processing Location: Primary data processing occurs within the EEA (Sweden)
• Third-Party Services: Some form processing services may transfer data outside the EEA using appropriate safeguards
• Adequacy Decisions: Transfers only occur to countries with adequate data protection or with appropriate safeguards
• Standard Contractual Clauses: Used when necessary for international transfers

Cross-Border Data Protection

If you are accessing this site from outside the EEA, please be aware that:

• Your data receives the same level of protection as required by GDPR
• All third-party services used are GDPR-compliant or have adequate data protection measures
• You retain all the rights outlined in this privacy policy regardless of your location
• Data transfers are minimized and only occur when necessary for service delivery

Changes to This Privacy Policy

I may update this privacy policy from time to time to reflect changes in my practices or for legal reasons. Any changes will be posted on this page with an updated "Last Updated" date. I encourage you to review this policy periodically.

Contact Me

If you have any questions about this privacy policy or how I handle your personal information, please contact me: