Paweł Gawliczek blog

Privacy Policy

Last updated: 4 November 2025

This is the personal website of Paweł Gawliczek. I maintain this policy to explain what limited data is collected here, why it’s needed, and how you can exercise your rights.

1. Data controller

Paweł Gawliczek operates this site as a personal blog. For privacy requests, use the contact form or reply to any email you receive from me with “Privacy request” in the subject line.

2. Data we collect

  • Contact details: Name, email, and anything you include in the message when you use the contact form.
  • Newsletter subscriptions: Email address and consent timestamp when you subscribe to updates.
  • Supporting materials: If you share links or files (e.g., repos, decks), I only access them to respond to your request.
  • Usage data: Privacy-friendly analytics (Umami) capture anonymous page views, device type, and referrers when you consent. A cookie stores your preference.
  • Anti-spam verification: hCaptcha may process browser data to verify you're not a bot when submitting forms.

3. How we use your data

  • Reply to your message and continue the conversation you initiate.
  • Understand which pages and topics resonate so I can prioritise future writing.
  • Maintain basic security logs to prevent abuse of the site.

4. Legal bases

Contact form data is processed under Art. 6(1)(b) GDPR (steps prior to potential collaboration). Newsletter subscriptions and analytics rely on Art. 6(1)(a) GDPR (your explicit consent via opt-in checkbox and cookie banner). Anti-spam verification is based on Art. 6(1)(f) GDPR (legitimate interest in preventing abuse). Security logs rely on Art. 6(1)(f) GDPR (legitimate interest in preventing misuse).

5. Data retention

Messages submitted through the form are stored for up to 12 months unless we begin a longer-term collaboration. Analytics events are aggregated and may be kept indefinitely for trend analysis, but they are not linked to identifiable individuals.

6. Sharing & transfers

I do not sell or rent personal data. The following service providers process data on my behalf:

  • Hetzner (Germany): Hosting infrastructure for the website.
  • Umami Analytics (self-hosted): Anonymous usage analytics, hosted on EU servers.
  • Web3Forms (USA): Contact form submission service. Data transferred under standard contractual clauses.
  • hCaptcha (USA): Anti-spam verification service. See hCaptcha's privacy policy.
  • Buttondown (USA): Newsletter delivery service. GDPR compliant with double opt-in verification. See Buttondown's privacy policy.

7. Your rights

You can request access, correction, deletion, or restriction of your data, as well as object to processing or ask for portability. Use the contact form or reply to my email to exercise these rights. You may also contact your local supervisory authority if needed.

8. Security

I secure the site with TLS, server hardening, and restricted administrative access. Any stored messages are kept in secure, access-controlled systems.

9. Updates

I’ll update this page whenever tooling or processes change materially. Significant updates will be highlighted on the site or via email if we’re already in contact.