This is a personal blog, built as a static site, that tries to collect as little about you as possible. This page is the information required under Art. 13 of the General Data Protection Regulation (GDPR): what data is processed when you visit, why, on what legal basis, and what rights you have. You do not need to provide any personal data to read the site.
Controller
The controller responsible for data processing on this website is:
Guido Battiston
Email: battiston.guido@pm.me
The full postal address is listed in the Impressum.
The short version
No cookies. No ads. No cross-site tracking or profiling. No accounts, comments, or sign-up forms. Nothing you do here is sold or shared for marketing. The site is served only over an encrypted HTTPS/TLS connection.
What is processed, and why
Server logs (hosting)
When you open a page, the hosting platform automatically processes the technical data needed to deliver it: your IP address, the requested URL, the date and time, the referring page, and your browser and operating system type. This is standard for any website and is necessary to serve the site, keep it secure, and prevent abuse.
- Legal basis: legitimate interest, Art. 6(1)(f) GDPR (operating a secure, functioning website).
- Retention: I have no access to these logs and do not store them myself. Cloudflare retains them only as long as needed for the security and operation of its network, then deletes or anonymizes them; they are not kept longer for other purposes. I do not use them to build profiles of visitors.
Analytics (Plausible)
I use Plausible Analytics to understand which posts people read and roughly where readers come from. Plausible is cookieless, stores no personal data, does not track you across sites or over time, and is not used to identify you. Your IP address is never stored. Because it sets no cookies and stores nothing on your device, it does not rely on consent under § 25 TDDDG.
- Data: aggregated and anonymous: page URLs, referral source, rough device and browser type, and country-level location derived from your IP without storing it.
- Legal basis: legitimate interest, Art. 6(1)(f) GDPR (understanding reach using privacy-friendly, aggregate statistics).
- Hosting: Plausible is EU-owned and stores its data in the EU. See the Plausible data policy.
If you email me at the address above, I receive whatever you send, including your email address and message. I use that information only to reply to you and, where relevant, to discuss possible work. I do not add you to any list and I do not share your message.
- Legal basis: Art. 6(1)(f) GDPR (responding to your enquiry) and, for enquiries about freelance work, Art. 6(1)(b) GDPR (steps prior to a possible contract).
- Retention: kept until your enquiry is dealt with, then deleted, unless a statutory retention period applies. Mail is hosted with Proton Mail.
Recipients and processors
The only outside services involved in running this site are:
- Cloudflare Pages: hosting and delivery (US company; see transfers below).
- Plausible Analytics: privacy-friendly analytics (EU).
- Proton Mail: email (Switzerland).
Cloudflare and Plausible act as processors on my behalf under Art. 28 GDPR, each under a corresponding data processing agreement. Proton Mail provides the email service through which I receive your messages. I do not otherwise pass your data to third parties.
Transfers outside the EU
- Cloudflare: as a US-based provider, technical data may be processed in the United States. These transfers are covered by Cloudflare’s certification under the EU-US Data Privacy Framework and, as an additional safeguard, the EU Standard Contractual Clauses. You can view both in Cloudflare’s Data Processing Addendum.
- Proton Mail: located in Switzerland, for which the EU has issued an adequacy decision, so no additional safeguards are required.
- Plausible: data stays within the EU; there is no third-country transfer.
Your rights
Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), and data portability (Art. 20). To exercise any of these, just email me.
You also have the right to object, at any time, to processing based on my legitimate interest (Art. 21 GDPR). Just email me.
Because so little personal data is collected here, there is often nothing to look up, export, or delete. If you have emailed me and want that correspondence removed, just ask.
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77), in particular in the EU/EEA country where you live or work.
Changes
If this policy changes, the updated version will be posted here with a new date at the top.