Last updated: March 16, 2026
1. Data Controller
This site is operated by:
Christos Spyridakis (data controller) Contact: me@cspyridakis.com
No Data Protection Officer (DPO) has been designated. All data protection enquiries should be directed to the contact above.
2. Hosting & Infrastructure
This site is hosted on Cloudflare Pages. When you visit, your request passes through Cloudflare’s CDN and security infrastructure. Cloudflare may process your IP address, request headers, requested URL, and security telemetry as strictly necessary for delivery. Cloudflare may also set strictly necessary security cookies (__cf_bm, 30-minute expiry; _cfuvid, session duration) for bot and abuse mitigation. These cookies are controlled entirely by Cloudflare, not by this site. See Cloudflare’s Privacy Policy for details.
3. What Data Is Collected and Processed
3.1 Site delivery (Cloudflare)
Your browser sends technical request data (IP address, browser headers, requested URLs) to Cloudflare so the site can be served. This is processed by Cloudflare as a necessary part of CDN delivery and security operations.
3.2 Google Analytics 4 (Consent Mode v2)
This site uses Google Analytics 4 with Consent Mode v2. The GA4 script (gtag.js) loads on every page visit. Its behaviour depends on your consent status:
Without consent (default): no analytics cookies are set and no analytics data is collected on behalf of this site. However, when gtag.js loads it sends a network request to Google’s servers that carries technical metadata — page URL, HTTP referrer, device category, browser type. Google may receive and independently process these signals under its own terms for aggregate, anonymised modelling. Advertising tracking (ad_storage, ad_user_data, ad_personalization) is permanently disabled on this site and is never activated regardless of consent.
With consent: Google Analytics activates full tracking and sets analytics cookies. Data collected includes: pages visited, session duration, approximate geographic location (country/city level), browser and device type, operating system, and referring URL. Your IP address is transmitted to Google but is anonymised and not stored in full. Google retains user-level and event-level analytics data for up to 14 months.
3.3 Functional browser storage
theme(localStorage): written only after you use the light/dark mode toggle. Stores your display preference locally. Never transmitted to any server.cookie_consent(localStorage): stores your consent decision (acceptedorrejected). Required to remember your choice between visits. Never transmitted to any server.
3.4 Third-party interactions initiated by you
If you click mailto: links or links to GitHub, LinkedIn, X, Instagram, Credly, or any other external service, those services process your data under their own privacy policies. This site has no control over that processing.
4. Cookies and Similar Storage
| Item | Provider | Purpose | Type | Consent required |
|---|---|---|---|---|
theme | This site | Stores your light/dark mode preference | localStorage | No — functional, user-initiated |
cookie_consent | This site | Records your consent decision | localStorage | No — legally required for consent management |
_ga | Google Analytics | Distinguishes unique visitors | Cookie (2-year expiry) | Yes |
_ga_<ID> | Google Analytics | Maintains session state | Cookie (2-year expiry) | Yes |
__cf_bm | Cloudflare | Bot and abuse mitigation | Cookie (30-minute expiry) | No — strictly necessary |
_cfuvid | Cloudflare | Session security | Cookie (session) | No — strictly necessary |
Google Analytics cookies are set only after you give consent. You can withdraw consent at any time via Cookie Settings in the footer.
For a focused summary, see the Cookie Policy.
5. Legal Basis for Processing (GDPR Art. 6)
| Processing activity | Legal basis |
|---|---|
| Activating Google Analytics tracking (analytics cookies, data collection) | Consent — Art. 6(1)(a). You may withdraw at any time via Cookie Settings in the footer. |
Loading gtag.js and transmitting page/device metadata to Google in denied mode | Legitimate interest — Art. 6(1)(f). The controller’s legitimate interest is understanding aggregate, anonymised usage patterns for site improvement. Google independently processes these signals under its own terms. |
| Secure delivery of the site through Cloudflare (IP processing, security cookies) | Legitimate interest — Art. 6(1)(f). Necessary to protect the site against abuse and serve content reliably. |
Storing theme preference (theme) in localStorage | Legitimate interest — Art. 6(1)(f). Functional preference storage at the user’s explicit request; no personal data is transmitted anywhere. |
Storing consent record (cookie_consent) in localStorage | Legal obligation — Art. 6(1)(c). Recording consent decisions is required to demonstrate compliance under GDPR Art. 7(1). |
6. Third Parties and International Transfers
Cloudflare
Cloudflare, Inc. (US) may process request data on servers globally, including in the United States. The transfer is covered by Cloudflare’s certification under the EU–US Data Privacy Framework (DPF) and the use of Standard Contractual Clauses (SCCs, EU Commission Decision 2021/914). See Cloudflare’s Privacy Policy.
Google LLC (Google Analytics 4)
When gtag.js loads (including in denied mode) or when you consent to analytics, data may be transmitted to Google LLC (US). Google participates in the EU–US Data Privacy Framework (DPF) and uses Standard Contractual Clauses for EEA data transfers. A Data Processing Agreement (DPA) under GDPR Art. 28 has been accepted under Google’s Data Processing Terms. Google acts as a processor for analytics data collected under consent, and as an independent controller for denied-mode signals and its own product improvement purposes. See Google’s Privacy Policy and Google Analytics Terms.
GitHub
GitHub hosts the source code repository for this site. GitHub receives no visitor data from page delivery unless you choose to follow a GitHub link.
Social platforms and email providers
LinkedIn, X, Instagram, Credly, and your email provider receive data only if you choose to interact with outbound links or send an email.
7. Your Rights
Under GDPR, if you are located in the EEA or the UK, you have the following rights:
- Right of access (Art. 15): request a copy of the personal data held about you.
- Right to rectification (Art. 16): request correction of inaccurate data.
- Right to erasure (Art. 17): request deletion of your data where there is no overriding reason to continue processing.
- Right to restriction of processing (Art. 18): request that processing be limited in certain circumstances.
- Right to data portability (Art. 20): receive your data in a machine-readable format where processing is based on consent or contract and is carried out by automated means.
- Right to object (Art. 21): object to processing based on legitimate interests. Processing will cease unless there are compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time via Cookie Settings in the footer. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint (Art. 77): you have the right to lodge a complaint with the supervisory authority in your country of residence. The competent authority for Greece is the Hellenic Data Protection Authority (HDPA):
- Website: www.dpa.gr
- Address: Kifissias 1–3, 115 23 Athens, Greece
- Email: contact@dpa.gr
To exercise any of the above rights, contact me@cspyridakis.com.
8. Automated Decision-Making
This site does not engage in automated decision-making or profiling within the meaning of GDPR Art. 22. Google Analytics processes usage data for statistical purposes only; no decisions producing legal or similarly significant effects are made based on this data.
9. Changes to This Policy
This policy may be updated from time to time. The date at the top reflects the most recent revision. Where changes affect consent-based processing, a new consent request will be presented.