RuramadeRURAMADEContact

Privacy Policy

Last updated: 30 March 2026

This policy explains how we use personal data when you visit this website. It is written in plain English. If anything is unclear, contact us using the details at the end.

Who we are (data controller)

This website is a professional portfolio operated by an individual developer based in Ireland. For the purposes of EU/UK data protection law, we are the data controller for personal data processed through this site, unless we state otherwise (for example where a service provider processes data only on our instructions as a processor).

What personal data we process

Depending on how you use the site, we may process:

  • Contact form: email address and message (needed to reply); name and phone number if you choose to provide them.
  • Security and abuse prevention: for example IP address and browser user agent when you submit the contact form, to help detect spam, enforce rate limits, and protect the service.
  • Cookie / consent preference: we store your choice (for example whether analytics is on or off) in your browser using local storage so we do not ask you again on every visit. This is separate from analytics: we do not load Google Analytics until you opt in.
  • Analytics (only if you consent): if you accept analytics, Google Analytics 4 may set or read cookies and collect usage data as described by Google. You can withdraw consent at any time via "Cookie settings" in the site footer.

Why we process data and legal bases (GDPR)

We process personal data only where we have a valid legal basis under the General Data Protection Regulation (GDPR). The main bases we rely on are:

  • Legitimate interests (Article 6(1)(f) GDPR): we process contact form submissions and limited technical data to respond to your enquiry, operate this website, and protect it from abuse (including spam and excessive automated requests). We consider this necessary and balanced against your rights; you may object in certain cases (see "Your rights" below).
  • Consent (Article 6(1)(a) GDPR): we process analytics data through Google Analytics 4 only if you click "Accept analytics" or enable analytics in cookie preferences. You can withdraw consent at any time; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Strictly necessary storage (ePrivacy): storing your cookie choice in local storage is necessary to remember your consent decision and is aligned with regulatory expectations for consent banners. Analytics storage/access is not activated unless you consent.

We do not use your contact details to send marketing emails unless you clearly ask us to, and we do not sell your personal data.

Processors, international transfers, and safeguards

We use trusted service providers to run parts of the service. They process personal data on our instructions.

Email delivery (Resend): contact messages are transmitted using Resend, which is headquartered in the United States. That means certain data (such as the content of your message and email metadata needed to deliver it) may be processed in the United States and potentially other countries outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA/UK, we aim to ensure appropriate safeguards are in place under GDPR Chapter V — for example EU Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where appropriate by additional technical and organisational measures, and (where relevant) UK equivalents. Resend publishes information about compliance and subprocessors; you should also review Resend's privacy documentation for details of how they process data.

Analytics (Google): if you consent, Google may process analytics data in accordance with Google's terms and privacy notices, which may involve transfers outside the EEA. Google provides contractual commitments for such transfers (including SCCs where applicable).

How long we keep data (retention)

We keep personal data only for as long as necessary for the purposes described above, unless a longer period is required by law.

  • Contact form enquiries: we typically retain emails and related correspondence for up to six (6) months after the last message in a thread if no contract or ongoing work relationship arises from your enquiry (a "non-converting" inquiry). If a project or commercial relationship begins, we may retain relevant communications longer where needed to perform the work, meet legal obligations, or defend legal claims.
  • Security logs / rate-limiting data: short-lived technical records may be retained only as long as needed to prevent abuse (typically a brief window aligned with the rate limit mechanism in use).
  • Cookie consent record: stored in your browser until you clear site data or change your choice. We do not need to keep a separate server-side copy of your banner choice for basic operation.

Your rights under the GDPR (Articles 15–22)

Subject to applicable law, you may have the following rights in relation to your personal data:

  • Right of access (Article 15): request a copy of the personal data we hold about you and certain information about how we use it.
  • Right to rectification (Article 16): ask us to correct inaccurate data or complete incomplete data.
  • Right to erasure ("right to be forgotten") (Article 17): ask us to delete personal data in certain circumstances.
  • Right to restriction of processing (Article 18): ask us to limit processing in certain circumstances (for example while a dispute is resolved).
  • Right to data portability (Article 20): receive certain data you provided in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible (where processing is based on consent or contract and is carried out by automated means).
  • Right to object (Article 21): object to processing based on legitimate interests (including profiling based on those interests) in certain situations. Where we process personal data for direct marketing, you have a right to object at any time.
  • Rights related to automated decision-making (Article 22): we do not use fully automated decision-making that produces legal or similarly significant effects solely by automated means for visitors to this site. If that ever changes, we will update this policy and explain your rights.

You may also have the right to lodge a complaint with a supervisory authority. In Ireland, the supervisory authority is the Data Protection Commission (DPC).

Cookies, local storage, and analytics

Essential preference storage: we use browser storage (such as local storage) to record whether you have made a cookie choice and what you selected. This is needed to apply your decision consistently and avoid repeatedly showing the banner. It is not used for advertising.

Analytics (optional): Google Analytics 4 is loaded only after consent. Until you opt in, Google Analytics scripts are not loaded on the page.

Contact / privacy requests

To exercise your rights or ask questions about this policy, contact us via the contact form and include "Privacy request" in your message. We may need to verify your identity before fulfilling certain requests.