Privacy Policy

1. Data Controller

The data controller for this website is Embeddedware, a sole-proprietor consultancy (single-person IKE) based in Greece.

Contact: hello@embeddedware.gr

2. Personal Data We Collect

We collect personal data only when you actively provide it or when it is generated automatically by your use of this website. Specifically:

• Contact form submissions. When you submit the contact form on this site we collect your name, email address, optional company name, and message content. This data is submitted through a third-party form-delivery service and forwarded to our email inbox.
• Server and hosting logs. Our hosting provider (Vercel) automatically records standard server log data including your IP address, browser user-agent string, referring URL, and the date and time of requests. This is inherent to how web hosting works and is processed by Vercel under their own privacy terms.
• Analytics. We do not currently use any analytics service. Should analytics be added in the future, this policy will be updated to describe the data collected, the service used, and the applicable legal basis.

3. Purposes and Legal Basis (GDPR Art. 6)

We process your personal data for the following purposes and on the following legal bases under GDPR Article 6:

• Responding to enquiries. When you contact us via the contact form or by email, we process the data you provide in order to read and respond to your message. Legal basis: consent (you chose to submit the form) and/or legitimate interests (responding to business communications).
• Pre-contractual steps. If your enquiry concerns a potential engagement, we may use the information to take steps prior to entering into a contract with you. Legal basis: steps prior to entering a contract (Art. 6(1)(b)).
• Operating and securing the site. Server logs are processed to maintain site security and diagnose technical issues. Legal basis: legitimate interests (Art. 6(1)(f)).

4. Data Sharing and Processors

We do not sell your personal data. We share data only with third-party processors that are strictly necessary to operate this site and respond to your enquiries:

• Vercel (hosting). This site is hosted on Vercel, Inc. Vercel processes server logs as described above.
• Form-delivery service. Contact form submissions are routed through a third-party form-delivery service before reaching our inbox. The service processes your name, email, and message for the sole purpose of delivery.
• Email provider. Our email inbox provider processes messages we receive, including your replies to our responses.

All processors are selected to provide appropriate technical and organisational safeguards for your data.

5. International Data Transfers

Some of our processors (including Vercel and potentially the form-delivery service) are based in the United States or otherwise outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on appropriate safeguards - such as Standard Contractual Clauses (SCCs) adopted by the European Commission - to ensure your data is protected to an equivalent standard.

6. Data Retention

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected:

• Contact form messages and email correspondence are kept for as long as needed to complete your enquiry and for reasonable follow-up, or for as long as required by legitimate business record-keeping obligations, after which they are deleted.
• Server log data is retained by Vercel in accordance with their own retention policy.

7. Cookies

This site currently uses only essential/functional cookies that are strictly necessary for the site to operate. We do not set advertising, tracking, or analytics cookies at this time.

If analytics or marketing cookies are introduced in the future, this policy will be updated and, where required, we will obtain your prior consent.

8. Your Rights Under GDPR

If you are located in the EEA (or the UK, or another jurisdiction with equivalent rights), you have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure. Ask us to delete your personal data ("right to be forgotten"), where applicable.
• Restriction. Ask us to restrict processing of your data in certain circumstances.
• Portability. Receive your data in a structured, machine-readable format.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at hello@embeddedware.gr. We will respond within one month as required by GDPR.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. As Embeddedware is based in Greece, the relevant authority is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα - Hellenic DPA), reachable at www.dpa.gr.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.