Privacy Policy

Overview

This website is the personal blog blog.veeso.dev. I keep data collection to an absolute minimum: no tracking cookies, no advertising networks, and I never sell or share personal data. I do, however, process a limited amount of data that is technically unavoidable when you visit any website, such as your IP address and server logs handled by the hosting provider, together with anonymous, aggregated usage analytics. This policy explains what is processed, why, on what legal basis, and the rights you have under the EU General Data Protection Regulation (GDPR) and Italian data protection law (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).

Data controller and contact

The data controller is veeso.dev di Christian Visintin, VAT no. IT03104140300. For any privacy-related question or to exercise your rights, you can reach out at christian.visintin@veeso.dev.

Cookies

No cookies are used to track user behaviour on this website. No consent banner is shown because there is nothing to consent to: no profiling cookies, no third-party advertising cookies. The analytics provider is cookieless (see below), so no consent is required under the Italian Garante's guidelines on cookies and tracking tools.

Your theme preference (light or dark mode) is stored locally in your browser via localStorage. This is a purely technical, functional setting; it never leaves your device and is not used to identify or track you.

Hosting and server logs

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA), which acts as a data processor on my behalf. As with any web server, Vercel automatically processes technical data needed to deliver the site and keep it secure: your IP address, browser user-agent, requested URLs, referrer, and timestamps, recorded in server logs.

Legal basis: my legitimate interest (Art. 6(1)(f) GDPR) in operating the website, ensuring its security, and preventing abuse. These logs are kept only for as long as necessary for those purposes (typically up to 30 days) and are not used to profile you or build advertising audiences.

Analytics with Umami

Umami is used to collect anonymous usage data, so I can understand how visitors use the website and improve its design and functionality. This blog uses the EU-hosted Umami Cloud service (cloud.umami.is), where analytics data is stored on servers located in the European Union (Germany). The service is operated by Umami Software, Inc.

Umami is cookieless and privacy-focused: it does not set cookies and does not store your IP address or any data that can directly identify you. It derives only aggregated, anonymous metrics, such as country, browser, and page views. None of these metrics contain personal data.

Legal basis: my legitimate interest (Art. 6(1)(f) GDPR) in measuring and improving the website. Because the data is anonymous and no cookies or device identifiers are used, no consent is required.

Third-party resources

To render correctly, this website loads a small number of static resources from third-party content delivery networks: web fonts from Google Fonts (Google Ireland Limited / Google LLC), and JavaScript libraries from jsDelivr. When your browser fetches these resources, the provider necessarily receives your IP address and user-agent. No cookies are set by these requests and the data is not used to profile you.

Legal basis: my legitimate interest (Art. 6(1)(f) GDPR) in delivering the website with consistent typography and functionality.

International data transfers

Analytics data is stored within the European Union. Some providers are US-based companies (Vercel Inc., Umami Software, Inc., Google LLC, and the jsDelivr network), so limited technical data may be processed outside the European Economic Area. Where this happens, transfers are protected by appropriate safeguards under Chapter V GDPR, namely the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses, together with the relevant data processing agreements.

Your rights

Under the GDPR you have the right to access your personal data, and to request its rectification, erasure, or restriction, as well as the right to object to processing and the right to data portability. Note that the analytics data held is anonymous and cannot be linked back to you, so for that data I may be unable to identify you in order to act on a request.

To exercise any right, contact me at christian.visintin@veeso.dev. You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali, or with the data protection authority of your country of residence.

External links

This website links to external services such as GitHub, Mastodon, and X. Once you leave this site, the privacy policy of the destination service applies. I am not responsible for the content or privacy practices of external websites.

Changes to this policy

This privacy policy may be updated from time to time. Any changes will be published on this page with an updated "Last updated" date.