Privacy & Cookie Policy

Last updated: April 2023

1. Data Controller

The data controller is Jacob Michalik, Kirchstr. 31, 77815 Bühl, Germany.

Contact: +49 (0) 721 47041960, hello@spotlighted.io

This website uses SSL/TLS encryption for secure data transmission.

2. Data Collection When Visiting

Server log files are collected including: visited website, access date/time, data volume, referrer source, browser type, operating system, and IP address. Processing occurs under Article 6(1)(f) GDPR based on legitimate interests in website stability and functionality.

3. Hosting

Hosting is provided by Vercel Inc. Data processing agreements ensure proper data protection levels.

4. Cookies

Session and persistent cookies are used to enhance website functionality. Users can manage cookie settings through browser controls.

5. Contact Form Submissions

Personal data collected through contact forms is processed under Article 6(1)(f) GDPR for responding to inquiries. Data is deleted after request completion unless legal retention obligations apply.

6. Web Analytics

We use Vercel Analytics to collect anonymized usage data under Article 6(1)(f) GDPR. No personally identifiable information is collected. This helps us understand website performance and improve user experience.

7. Third-Party Services

Google Fonts

Typography delivery by Google Ireland Limited under Article 6(1)(f) GDPR. IP address transmitted to Google servers for font delivery.

8. Data Subject Rights

Under GDPR, you have the following rights:

  • Art. 15 — Right of access to your personal data
  • Art. 16 — Right to correction of inaccurate data
  • Art. 17 — Right to deletion of your data
  • Art. 18 — Right to restrict processing
  • Art. 20 — Right to data portability
  • Art. 7(3) — Right to withdraw consent at any time
  • Art. 77 — Right to lodge a complaint with a supervisory authority

9. Right to Object

You may object to processing under Article 6(1)(f) GDPR based on your particular circumstances. Processing stops unless compelling legitimate grounds or legal claim purposes override. Direct marketing objections halt processing immediately.

10. Data Retention

Personal data is deleted when no longer necessary for its stated purpose. Retention periods depend on the legal basis, processing purpose, and applicable statutory requirements (tax, commercial law).