Privacy Policy

Last Updated: September 17, 2025
Effective Date: September 17, 2025

1. Introduction

Welcome to ruinelson.com. This Privacy Policy explains how we handle information when you visit our website. We are committed to protecting your privacy and being transparent about our data practices.

This is a personal website owned and operated by Rui Carneiro ("we", "us", "our"). We respect your privacy and are dedicated to protecting any personal data you may choose to share with us.

Contact for Data Protection Matters:
Email: [email protected]
Location: Porto, Portugal

2. Our Commitment to Minimal Data Collection

We believe in privacy by design. This website:

  • Does not use tracking cookies
  • Does not use analytics services
  • Does not engage in behavioral tracking
  • Does not share data with third parties for marketing
  • Only collects data you explicitly provide

3. Information We Collect

3.1 Information You Provide Directly

We only collect personal data when you voluntarily provide it through:

  • Contact Form Submissions: When you use our feedback form, we collect your email address and any message content you choose to share

3.2 Information Collected Automatically

We do not directly collect any automatic information. However, please note:

Cloudflare CDN Services: This website uses Cloudflare as a Content Delivery Network (CDN) for security and performance. Cloudflare may automatically collect and process:

  • IP addresses (for security and routing purposes)
  • Basic technical information (browser type, operating system)
  • Security-related cookies (strictly necessary for protection against attacks)

These are essential technical cookies that ensure the website functions securely and efficiently. They are not used for tracking or advertising purposes.

Cloudflare Turnstile: We use Cloudflare Turnstile for bot protection on our feedback form. This service may set strictly necessary cookies to verify you are human and protect against automated abuse.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Consent (Article 6(1)(a) GDPR): When you voluntarily submit information through our contact form, you consent to us processing this data to respond to your inquiry
  • Legitimate Interests (Article 6(1)(f) GDPR): We have a legitimate interest in responding to genuine inquiries and maintaining the security of our website

5. How We Use Your Information

Your personal data is used exclusively for:

  • Responding to your questions, feedback, or inquiries
  • Addressing any issues or suggestions you raise
  • Protecting our website from security threats (via Cloudflare)

We will never use your data for:

  • Marketing or promotional purposes
  • Sale or transfer to third parties
  • Profiling or automated decision-making
  • Any purpose other than responding to your direct communication

6. Data Storage and Security

6.1 Storage Location

  • Form submission data is stored on secure servers located in Germany (European Union member state)
  • We do not store your data in personal email accounts or local systems

6.2 Security Measures

We implement comprehensive security measures including:

  • End-to-end encrypted communications
  • Virtualization and containerization
  • Firewall protection
  • Asymmetric encryption for administrative access
  • Regular vulnerability monitoring
  • Penetration testing
  • Bot detection and prevention

6.3 Data Retention

  • All personal data from form submissions is automatically deleted within 30 days of receipt
  • We do not retain data beyond what is necessary to address your inquiry

7. Your Data Protection Rights

Under the GDPR, you have the following rights:

7.1 Right of Access (Article 15 GDPR)

You can request confirmation of whether we process your personal data and obtain a copy of such data.

7.2 Right to Rectification (Article 16 GDPR)

You can request correction of inaccurate personal data or completion of incomplete data.

7.3 Right to Erasure - "Right to be Forgotten" (Article 17 GDPR)

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent
  • You object to the processing
  • The data has been unlawfully processed

7.4 Right to Restrict Processing (Article 18 GDPR)

You can request that we limit how we use your personal data under certain circumstances.

7.5 Right to Data Portability (Article 20 GDPR)

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object (Article 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw this consent at any time without affecting the lawfulness of processing before withdrawal.

8. Exercising Your Rights

To exercise any of your data protection rights:

  1. Use our dedicated tool: Visit our feedback editor for immediate action
  2. Contact us directly: Email [email protected]

We will respond to your request within one month as required by GDPR. This period may be extended by two additional months for complex requests, in which case we will inform you of the delay and reasons.

All rights can be exercised free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive.

9. Cookies and Similar Technologies

9.1 Our Cookie Policy

This website does not use cookies for tracking, analytics, or advertising purposes.

9.2 Strictly Necessary Technical Cookies

The only cookies that may be set are strictly necessary technical cookies from Cloudflare CDN:

Cloudflare Security & Performance Cookies:

  • __cf_bm (Bot Management): Distinguishes between humans and bots, expires after 30 minutes
  • __cfruid (Rate Limiting): Identifies trusted traffic, session cookie only
  • cf_clearance (Challenge Passage): Set when you pass a security challenge, may last up to 30 minutes
  • __cflb (Load Balancing): Ensures your requests go to the same server, session cookie only

These cookies:

  • Contain no personal information or unique identifiers
  • Cannot track you across websites
  • Are essential for protection against DDoS attacks and malicious bots
  • Are automatically deleted when you close your browser (session cookies) or after a maximum of 30 minutes
  • Do not require consent under EU law as they are strictly necessary for security

9.3 Managing Technical Cookies

While these cookies are essential for website functionality, most modern browsers allow you to:

  • View all cookies stored
  • Delete specific cookies
  • Block all cookies (note: this may affect website functionality)

10. Third-Party Services

10.1 Cloudflare

We use Cloudflare services solely for security and performance. Cloudflare processes data according to their privacy policy: cloudflare.com/privacypolicy/

Cloudflare is certified under the EU-U.S. Data Privacy Framework and implements appropriate safeguards for international data transfers.

10.2 External Links

This website may contain links to external websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any website you visit.

11. Automated Decision Making and Profiling

We do not engage in any form of automated decision making or profiling. Specifically:

  • No Automated Processing: All inquiries are reviewed and responded to personally by a human
  • No Profiling: We do not create profiles based on your behavior, preferences, or characteristics
  • No Algorithm-Based Decisions: We do not use algorithms or automated systems to make decisions that would affect you
  • No Predictive Analysis: We do not analyze your data to predict future behavior or preferences
  • No Scoring Systems: We do not assign scores or ratings to users based on any criteria

Your interactions with this website are straightforward: you contact us, we respond personally, and then we delete your data. There are no hidden automated processes analyzing or categorizing you.

12. International Data Transfers

While our servers are located in Germany (within the EU), Cloudflare may process data globally. All such transfers are protected by:

  • Standard Contractual Clauses approved by the European Commission
  • Adequate safeguards as required by GDPR Article 46
  • Cloudflare's compliance with EU data protection standards

12. Children's Privacy

This website is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected].

13. Data Breach Notification

In the unlikely event of a personal data breach that poses a high risk to your rights and freedoms, we will:

  • Notify you without undue delay
  • Describe the nature of the breach
  • Communicate the measures taken to address the breach
  • Comply with all GDPR breach notification requirements

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. For Portuguese residents, the relevant authority is:

Comissão Nacional de Proteção de Dados (CNPD)

  • Address: Avenida D. Carlos I, Nº 134 – 1º; 1200-651 Lisboa
  • Phone: +351 213 928 400
  • Privacy Line: +351 213 930 039
  • Email: [email protected]
  • Website: www.cnpd.pt

EU residents may also contact their local data protection authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for legal, technical, or operational reasons. When we make changes:

  • The "Last Updated" date at the top will be revised
  • For significant changes, we may provide additional notice on our website
  • Continued use of our website after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

16. Accessibility

We strive to make this Privacy Policy accessible to all users. If you need this information in an alternative format due to disability, please contact us at [email protected].

18. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Contact:
Email: [email protected]
Name: Rui Carneiro
Location: Porto, Portugal

We aim to resolve any privacy concerns promptly and transparently.

This Privacy Policy is provided in English as the primary language of this website. In case of any disputes, the interpretation of this policy shall be based on European Union data protection law, particularly the General Data Protection Regulation (EU) 2016/679.