1. Who I am
This website is operated by Julius Busch, based in Belgium.
It is a personal, non-commercial portfolio website.
2. What data is collected and why
a. Contact form
Purpose
To respond to inquiries and communicate with users.
Categories of personal data
- Name
- Email address
- Message content
Legal basis
Article 6(1)(b) GDPR (pre-contractual communication) and/or Article 6(1)(f) GDPR (legitimate interest in responding to inquiries).
Recipients (including third-country transfer)
The data is sent to me by email.
Emails are delivered using SMTP2GO and stored in my Gmail inbox, which is provided by Google.
According to SMTP2GO, data from EEA users is processed within the EEA.
Google may process email data outside the European Union.
Information on how SMTP2GO processes personal data can be found here:
https://www.smtp2go.com/privacy/
Information on how Google processes personal data can be found here:
https://policies.google.com/privacy
A confirmation email is also sent to the provided email address.
Retention period
Contact messages are stored in my email inbox until they are no longer needed and are then deleted.
Email service providers involved in delivery and storage apply their own retention policies as described in their respective privacy policies.
b. Chatbot (Gemma via Gemini API)
Purpose
To provide automated responses to questions about my profile and experience.
Categories of personal data
- Text entered into the chatbot
Legal basis
Article 6(1)(f) GDPR (legitimate interest in providing an interactive information feature).
Recipients (including third-country transfer)
Chatbot messages are transmitted to the Gemini API provided by Google to generate responses.
Google may process data outside the European Union.
Once messages are transmitted, their processing by Google is subject to Google's own terms and privacy policies. Depending on the applicable terms and service configuration, Google may retain and process submitted data for purposes such as service improvement, security, and abuse prevention. I do not control or determine how Google further processes this data.
Information on how Google processes personal data can be found here:
https://policies.google.com/privacy
Retention period
I do not intentionally store chatbot messages in a separate database. Messages are retained only as long as necessary to provide the chatbot response.
Google's processing and retention of data is governed by its own terms and privacy policies.
c. Spam and abuse protection (Cloudflare Turnstile)
Purpose
To prevent automated submissions, spam, and misuse of the website's forms.
Categories of personal data
- IP address
- Browser and device information
- Security-related signals used for bot detection
Legal basis
Article 6(1)(f) GDPR (legitimate interest in ensuring the security and availability of the website).
Recipients (including third-country transfer)
This website uses Cloudflare Turnstile for spam and abuse protection.
Cloudflare may process data outside the European Union.
Cloudflare processes these signals to detect and block bots and may also process them to improve Turnstile's bot detection capabilities.
Information on how Cloudflare processes data in connection with Turnstile can be found here:
https://www.cloudflare.com/turnstile-privacy-policy/
Retention period
Retention is determined by Cloudflare in accordance with its policies.
d. Rate limiting and security measures
Purpose
To enforce submission limits and protect the website from abuse or excessive requests.
Categories of personal data
- IP address
Legal basis
Article 6(1)(f) GDPR (legitimate interest in preventing abuse and ensuring website security).
Recipients (including third-country transfer)
IP addresses processed for rate limiting are not shared with third parties.
Retention period
IP addresses are retained only temporarily for rate limiting and security purposes and are deleted once they are no longer necessary. They are not purposely stored long-term.
e. Server and security logs
Purpose
To operate the website, ensure security, and diagnose technical errors.
Categories of personal data
- IP address
- Date and time of the request
- Requested URL
- HTTP status code
- Technical client information (e.g. browser type and user agent)
Legal basis
Article 6(1)(f) GDPR (legitimate interest in ensuring the security and proper operation of the website).
Recipients (including third-country transfer)
Server logs are stored on the hosting server used to operate this website and are accessible only to me as the site operator. They are not shared with third parties.
Retention period
Server access and error logs are retained for a limited period as part of standard server operation and log rotation and are automatically rotated and deleted.
3. Cookies
This website does not use tracking or marketing cookies.
No analytics or advertising cookies are used.
Third-party security features (such as Cloudflare Turnstile) may use strictly necessary cookies or similar technologies.
4. Your rights
Under the General Data Protection Regulation (GDPR), you have certain rights regarding your personal data, including the right to request access, correction, or deletion of your data, where applicable.
You may also have the right to restrict or object to the processing of your data in situations where such processing is not strictly necessary for the operation of this website or the provision of its features.
In addition, you have the right to lodge a complaint with a competent data protection authority if you believe that the processing of your personal data violates applicable data protection law.
Requests concerning your data can be submitted via the contact form available on this website or via email.
The email address is revealed on this website after user interaction.