Privacy Policy

Introduction

Iulian Mihai ("I", "me", or "my") operates iulianmihai.com ("the Website"). This page explains how I collect, use, and protect your personal information when you interact with the Website, especially when you submit a message through the contact form.

I am committed to protecting your privacy and handling your personal data in line with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

Iulian Mihai, based in Madrid, Spain, is the data controller responsible for the personal data processed through this Website.

Information I Collect

Contact Form

When you send me a message through the contact form, I collect the following information:

• Full Name – to address you in my response
• Email Address – to contact you
• Company – to understand your context
• Role – optional, to better understand your needs
• Message – the details you choose to share

This information is collected solely for communication purposes. I do not use it for marketing or any unrelated activity.

Legal Basis for Processing

I process your personal data based on:

• Legitimate Interest (Art. 6(1)(f) GDPR) – to respond to your inquiry, provide information, and maintain professional communication.

If we start a professional engagement, processing may also rely on contractual necessity (Art. 6(1)(b)).

How I Use Your Data

I use your submitted information to:

• Respond to your inquiries
• Provide consulting or service-related responses
• Maintain professional communication
• Improve the clarity and usefulness of the Website

I do not:

• Sell, rent, or share your data with third parties for marketing
• Use your data for automated decision-making or profiling
• Store your information longer than needed

Data Retention

I keep contact form submissions for up to 12 months, unless ongoing communication requires a longer period. After this period, messages are securely deleted.

You may request deletion of your data at any time by contacting me.

Your GDPR Rights

Under the General Data Protection Regulation, you have the right to:

• Access – request a copy of your personal data
• Rectification – correct inaccurate data
• Erasure – request deletion of your data
• Restriction – limit how your data is used
• Portability – receive your data in a structured format
• Object – object to processing based on legitimate interest
• Withdraw Consent – if consent ever applies, you can withdraw it at any time

To exercise any of these rights, please contact me.

You may also lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

Third-Party Services

To operate the Website, the following third-party processors may handle limited technical data:

Email & Communication

Used to deliver contact form submissions:

• Web3Forms – Contact form processing service

Hosting

Used to host the Website and manage server logs:

• Microsoft Azure (Azure Static Web Apps)

Security & Anti-Spam

The Website uses hCaptcha to prevent spam and abusive traffic. hCaptcha may process technical data such as IP address, browser details, and interaction logs, according to their own Privacy Policy.

Analytics

This Website uses Google Analytics 4 to understand visitor behavior and improve the Website. Google Analytics collects anonymous usage data such as pages visited, time spent, and referral sources. This data is aggregated and does not personally identify you. Learn more in Google's Privacy Policy.

All processors operate under GDPR-compliant terms.

Cookies and Technical Logs

This Website uses minimal cookies and technical logs:

• Google Analytics cookies – Used to collect anonymous usage statistics and improve the Website experience
• Hosting platform logs – Azure generates basic technical logs for operational and security purposes
• hCaptcha – Security and abuse prevention, processing IP address and browser details

These logs and cookies are used strictly for operational, security, and analytics purposes. You can control cookie preferences through your browser settings.

International Data Transfers

As part of my work with EU-based clients, I take data residency seriously. Where possible, data is stored and processed within the European Economic Area (EEA).

If data must be transferred outside the EEA, appropriate safeguards—such as Standard Contractual Clauses (SCCs)—are used to ensure your data remains protected.

Security Measures

I implement appropriate security measures, including:

• Encrypted connections (HTTPS)
• Secure hosting through Microsoft Azure
• Access controls
• Server-side protections and anti-spam filtering (hCaptcha)
• Content Security Policy (CSP) headers
• HTTP Strict Transport Security (HSTS)

Changes to This Privacy Policy

I may update this Privacy Policy periodically. Any changes will be posted on this page, with the "Last updated" date adjusted accordingly.

You are encouraged to review this page occasionally to stay informed of any updates.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact me. I will respond as soon as possible.