Privacy Policy

1. Data Controller

The data controller for this website is Embeddedware, a sole-proprietor consultancy (single-person IKE) based in Greece.

Contact: hello@embeddedware.gr

2. Personal Data We Collect

We collect personal data only when you actively provide it or when it is generated automatically by your use of this website. Specifically:

• Contact form submissions. The contact form on this site does not send data to us or to any third party on its own. When you complete it, it opens a draft message in your own email program (via a mailto link) pre-filled with the name, email, optional company name, and message you entered. Nothing is transmitted until you choose to send that email yourself. We then receive and process whatever you send.
• Server and hosting logs. Our hosting provider (Vercel) automatically records standard server log data including your IP address, browser user-agent string, referring URL, and the date and time of requests. This is inherent to how web hosting works and is processed by Vercel under their own privacy terms.
• Analytics. We do not currently use any analytics service. Should analytics be added in the future, this policy will be updated to describe the data collected, the service used, and the applicable legal basis.

3. Purposes and Legal Basis (GDPR Art. 6)

We process your personal data for the following purposes and on the following legal bases under GDPR Article 6:

• Responding to enquiries. When you contact us via the contact form or by email, we process the data you provide in order to read and respond to your message. Legal basis: consent (you chose to submit the form) and/or legitimate interests (responding to business communications).
• Pre-contractual steps. If your enquiry concerns a potential engagement, we may use the information to take steps prior to entering into a contract with you. Legal basis: steps prior to entering a contract (Art. 6(1)(b)).
• Operating and securing the site. Server logs are processed to maintain site security and diagnose technical issues. Legal basis: legitimate interests (Art. 6(1)(f)).

4. Data Sharing and Processors

We do not sell your personal data. We share data only with third-party processors that are strictly necessary to operate this site and respond to your enquiries:

• Vercel (hosting). This site is hosted on Vercel, Inc. Vercel processes server logs as described above.
• Email provider. Our email inbox provider processes the messages you send us, including any later replies in the same conversation.

The contact form uses no third-party form-delivery service. The web fonts used on this site are self-hosted, so simply loading a page does not send your data to any third party. All processors we do use are selected to provide appropriate technical and organisational safeguards for your data.

5. International Data Transfers

Our hosting provider (Vercel) is based in the United States and may process server log data outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on appropriate safeguards - such as Standard Contractual Clauses (SCCs) adopted by the European Commission - to ensure your data is protected to an equivalent standard.

6. Data Retention

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected:

• Contact form messages and email correspondence are kept for as long as needed to complete your enquiry and for reasonable follow-up, or for as long as required by legitimate business record-keeping obligations, after which they are deleted.
• Server log data is retained by Vercel in accordance with their own retention policy.

7. Cookies

This site sets no cookies of its own and uses no analytics or tracking. See our Cookie Policy for the full detail.

If analytics or marketing cookies are introduced in the future, this policy will be updated and, where required, we will obtain your prior consent.

8. Your Rights Under GDPR

If you are located in the EEA (or the UK, or another jurisdiction with equivalent rights), you have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate or incomplete data.
• Erasure. Ask us to delete your personal data ("right to be forgotten"), where applicable.
• Restriction. Ask us to restrict processing of your data in certain circumstances.
• Portability. Receive your data in a structured, machine-readable format.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please email us at hello@embeddedware.gr. We will respond within one month as required by GDPR.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. As Embeddedware is based in Greece, the relevant authority is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα - Hellenic DPA), reachable at www.dpa.gr.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this page periodically.