Privacy Policy

Introduction

This Privacy Policy explains how Jure Jaklic ("we", "us", "our") collects, uses, discloses, and safeguards your personal information when you visit jurejaklic.com (the "Website"). This policy is designed to comply with the General Data Protection Regulation (GDPR), Spanish data protection laws, and other applicable privacy regulations.

By using our Website, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Website.

1. Who We Are (Data Controller)

Name: Jure Jaklic

Business Type: Self-employed professional photographer (Autónomo)

Location: Galicia, Pontevedra, Spain

Contact: For any privacy-related questions or to exercise your data protection rights, please contact us via our Contact Form.

What We Do: We operate a fine art outdoor photography portfolio website showcasing landscape photography. Our portfolio images do not contain identifiable individuals and are not considered personal data under GDPR.

2. What Personal Data We Collect

We collect different types of information depending on how you interact with our Website:

2.1 Information You Provide Directly

When you submit our contact form, we collect:

• First Name
• Last Name
• Email Address
• Subject of your inquiry
• Message content
• Timestamp of submission

2.2 Information Collected Automatically

When you visit our Website, we automatically collect:

• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• IP address (anonymized)
• Pages viewed and time spent on each page
• Referral URL (how you found our Website)
• Date and time of visits
• General location (country/region level, not precise geolocation)

This information is collected through Google Analytics and Cloudflare's hosting infrastructure.

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze Website usage. Our cookie banner allows you to control which cookies you accept. For detailed information about the cookies we use, please see our Cookie Policy.

Cookie Consent Management: We use a self-hosted cookie consent banner that stores your preferences locally in your browser's localStorage. No consent preference data is sent to external servers.

2.4 What We Do NOT Collect

Our landscape photography portfolio does not contain identifiable individuals. We do not collect:

• Photographs of identifiable people
• Sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, health data, biometric data, etc.)
• Payment information (we do not sell products or services through this Website)
• Social media profile information

3. How We Use Your Personal Data

We use your personal information for the following purposes:

3.1 Contact Form Submissions

• To respond to your inquiries and requests
• To communicate with you about your inquiry
• To maintain records of our correspondence
• To improve our customer service

3.2 Website Analytics

• To understand how visitors use our Website
• To analyze traffic patterns and user behavior
• To improve our Website content, design, and functionality
• To identify and fix technical issues
• To make data-driven decisions about Website improvements

3.3 Security and Fraud Prevention

• To prevent spam and automated bot submissions using Cloudflare Turnstile CAPTCHA
• To protect against unauthorized access and abuse
• To enforce our Terms & Conditions
• To comply with legal obligations

4. Legal Basis for Processing (GDPR Article 6)

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

4.1 Consent (Article 6(1)(a))

• Google Analytics cookies: When you accept analytics cookies via our cookie banner, you provide explicit consent for us to track your Website usage
• Google Tag Manager: Consent to load and execute marketing/analytics tags

You can withdraw consent at any time by clicking "Cookie Preferences" in our footer and changing your settings.

4.2 Legitimate Interest (Article 6(1)(f))

• Contact form processing: We have a legitimate interest in responding to your inquiries and providing customer service
• Website security: We have a legitimate interest in protecting our Website from spam, bots, and malicious activity
• Website hosting: We have a legitimate interest in delivering our Website content securely and reliably

4.3 Legal Obligation (Article 6(1)(c))

• We may process your data to comply with applicable laws, regulations, court orders, or legal processes
• Data breach notification requirements under GDPR

5. Who We Share Your Data With (Third-Party Services)

We share your personal information only with trusted third-party service providers who help us operate our Website. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.1 Contact Form Processing

n8n Workflow Automation (Self-hosted)

• Purpose: Receives contact form submissions via webhook and forwards to email
• Data Shared: Name, email, subject, message, timestamp
• Location: Self-hosted on our infrastructure (jure.photo domain)
• Privacy: Fully under our control, no external third-party access

Google Gmail

• Purpose: Receives contact form submissions forwarded by n8n for review and response
• Data Shared: Name, email, subject, message, timestamp
• Location: Google servers (global)
• Privacy Policy: https://policies.google.com/privacy

5.2 Website Analytics

Google Analytics (GA4)

• Purpose: Website traffic analysis and user behavior insights
• Data Shared: Anonymized IP addresses, page views, browser/device info, referral sources
• Location: Google servers (EU and US)
• Consent Required: Yes (only fires after you accept analytics cookies)
• Privacy Policy: https://policies.google.com/privacy
• Opt-Out: https://tools.google.com/dlpage/gaoptout

Google Tag Manager (GTM)

• Purpose: Manages analytics and marketing tags in one place
• Data Shared: Controls what data Google Analytics can collect based on your consent
• Location: Google servers (EU and US)
• Consent Integration: Integrated with Google Consent Mode v2
• Privacy Policy: https://marketingplatform.google.com/about/analytics/terms/us/

5.3 Website Hosting and Security

Cloudflare Pages

• Purpose: Website hosting, Content Delivery Network (CDN), DDoS protection, Web Application Firewall
• Data Shared: IP addresses, request logs, browser/device info
• Location: Global CDN with EU data centers
• Privacy Policy: https://www.cloudflare.com/privacypolicy/

Cloudflare Turnstile

• Purpose: CAPTCHA verification to prevent spam and bot submissions on contact form
• Data Shared: Browser fingerprint, challenge responses (no personal data)
• Location: Cloudflare global network
• Privacy: Privacy-friendly alternative to reCAPTCHA (no tracking cookies)

5.4 Backup Storage

We maintain regular backups of our CMS (content management system) and Website data for disaster recovery purposes:

• Microsoft OneDrive: EU data centers
• Google Drive: Global (with EU data residency options)
• Backblaze B2: EU data centers

Backups may contain contact form submissions and are encrypted and stored securely.

6. International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. These countries may have data protection laws that differ from those in your country.

We ensure that such transfers comply with GDPR requirements through:

6.1 Google Services (Analytics, Gmail, Tag Manager)

• Transfer Mechanism: EU-US Data Privacy Framework 2.0 (adopted July 2023)
• Adequacy Decision: European Commission adequacy decision in place
• Additional Safeguards: Standard Contractual Clauses (SCCs) where applicable
• Data Processing Agreement: Google's Data Processing Terms apply

6.2 Cloudflare

• Transfer Mechanism: Global CDN with EU data centers available
• Adequacy Decision: Standard Contractual Clauses (SCCs)
• Data Processing Agreement: Cloudflare Data Processing Addendum

6.3 Self-Hosted Services (n8n)

• Location: Hosted within EU on our infrastructure
• No International Transfer: Data remains within EU

7. How Long We Keep Your Data (Retention Periods)

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

7.1 Contact Form Submissions

• Retention Period: 3 years from the date of last contact
• Reason: To maintain records of customer inquiries and support history
• Early Deletion: You can request deletion at any time via our contact form

7.2 Website Analytics Data

• Google Analytics: 14 months (GA4 default setting for user-level and event-level data)
• Aggregated Reports: May be retained indefinitely (anonymized, no personal identifiers)

7.3 Cloudflare Logs

• Retention Period: 90 days (Cloudflare standard retention)
• Purpose: Security monitoring, abuse prevention, performance optimization

7.4 Cookie Consent Records

• Retention Period: 6 months (stored locally in your browser)
• Location: Browser localStorage (not sent to our servers)
• Deletion: Cleared when you clear browser data or change cookie preferences

7.5 Backup Data

• Retention Period: Rolling backups for 30 days, weekly backups for 12 months
• Purpose: Disaster recovery and data integrity
• Deletion: Contact form data in backups will be deleted upon request (next backup cycle)

8. Your Rights Under GDPR (Articles 15-22)

If you are a resident of the European Economic Area (EEA) or United Kingdom, you have the following data protection rights:

8.1 Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in the following circumstances:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent (for processing based on consent)
• You object to processing based on legitimate interests
• The data was unlawfully processed
• Legal obligation requires deletion

Note: We may retain certain data if required by law or for legitimate business purposes (e.g., defending legal claims).

8.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit how we use your personal data in certain circumstances:

• You contest the accuracy of the data
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data, but you need it for legal claims
• You object to processing while we verify legitimate grounds

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, machine-readable format and transmit it to another service provider where technically feasible.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent (e.g., analytics cookies), you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to Withdraw: Click "Cookie Preferences" in our footer and disable analytics cookies.

8.8 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

9. How to Exercise Your Rights

To exercise any of the rights described above, please contact us via our Contact Form with the following information:

• Subject Line: "Data Protection Rights Request"
• Specify: Which right you wish to exercise (access, deletion, rectification, etc.)
• Details: Provide sufficient information to verify your identity and locate your data

Our Response Timeline:

• We will acknowledge your request within 3 business days
• We will fulfill your request within 30 days (1 month) as required by GDPR Article 12
• If we need more time (complex requests), we will notify you and may extend up to 60 days additional

No Fee: We do not charge a fee for exercising your rights unless requests are manifestly unfounded, excessive, or repetitive.

10. Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

10.1 Technical Security

• HTTPS Encryption: All data transmitted between your browser and our Website is encrypted using TLS/SSL
• Cloudflare Security: DDoS protection, Web Application Firewall (WAF), bot management
• CAPTCHA Protection: Cloudflare Turnstile prevents automated abuse of contact form
• Rate Limiting: Prevents spam and brute-force attacks
• Secure Backups: Encrypted backups stored in secure cloud locations

10.2 Organizational Security

• Access Control: Limited access to personal data (sole proprietor business)
• Regular Updates: Website and CMS security patches applied promptly
• Secure Hosting: Cloudflare Pages with enterprise-grade infrastructure
• Data Minimization: We only collect data that is necessary for specified purposes

10.3 Security Limitations

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly in the event of a data breach as required by GDPR Article 33.

11. Children's Privacy

Our Website is not intended for individuals under the age of 16 (the age of digital consent under GDPR in most EU countries). We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us via our Contact Form. We will delete such information promptly.

Note: Spain allows member states to lower the age of consent to 13 years old, but we apply the GDPR default of 16 years old for broader EU compliance.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our Website and analyze how visitors use our site.

What Are Cookies? Small text files stored on your device that help websites remember your preferences and track usage.

Cookie Categories We Use:

1. Strictly Necessary Cookies: Required for Website functionality (cannot be disabled)

   • Cookie consent preferences (localStorage)
   • Security and fraud prevention

2. Analytics Cookies: Track Website usage to improve user experience (requires consent)

   • Google Analytics (GA4)
   • Page views, session duration, traffic sources

3. Marketing Cookies: Not currently used, but may be added in the future with your consent

Managing Cookies:

• Cookie Preferences: Click the link in our footer to open the cookie consent banner and change your preferences at any time
• Browser Settings: You can configure your browser to block or delete cookies, but this may affect Website functionality
• Google Analytics Opt-Out: Use the Google Analytics Opt-out Browser Add-on

For more detailed information, please see our Cookie Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

• We will update the "Last Updated" date at the top of this policy
• For material changes that significantly affect your privacy rights, we may provide additional notice (e.g., banner notification on our Website)
• We encourage you to review this Privacy Policy periodically

Your Continued Use: Continued use of our Website after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Supervisory Authority (Spain)

If you believe we have not adequately addressed your privacy concerns or have violated your data protection rights, you have the right to lodge a complaint with the Spanish supervisory authority:

Agencia Española de Protección de Datos (AEPD)

• Website: https://www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
• Phone: +34 91 266 35 17
• Online Complaint Form: https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos/denunciar

You also have the right to lodge a complaint with the data protection authority in your country of residence if you live outside Spain.

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Contact Method: Contact Form

Response Time: We aim to respond to all privacy inquiries within 3 business days, with full resolution within 30 days as required by GDPR.

What to Include:

• Clear description of your question or request
• Sufficient information to verify your identity (if requesting access/deletion)
• Preferred contact method for our response

16. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of Spain and the European Union General Data Protection Regulation (GDPR).

Any disputes relating to this Privacy Policy or our data processing practices shall be subject to the exclusive jurisdiction of the courts of Galicia, Spain.

Thank you for trusting Jure Jaklic with your personal information. We are committed to protecting your privacy and maintaining transparency about our data practices.