Privacy Policy

Last updated: 2026-05-18

This Privacy Policy explains how personal data is collected and processed when you visit https://soboldev.com (the "Site"). It is written in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Polish data protection law.

1. Data controller

The controller of your personal data is:

Vasyl Sobol
Natural person residing in Poland
Email: sobol.vasiliy@gmail.com

The Site is a personal portfolio and technical blog. It is not used for commercial activity.

There is no designated Data Protection Officer (DPO), as one is not legally required for the scale and nature of processing carried out via the Site.

2. What data is collected and why

2.1 Contact form

When you submit a message through the contact form, the following data is processed:

  • Name (as you provide it)
  • Email address
  • Message content

How the data flows: the form submits the data to the Site's backend (an ASP.NET application). The backend uses the data only to compose and send a notification email to the Site Owner. The data is not persisted in any database, file storage, or application log of the backend, and the request body containing your submission is not written to access logs.

Where the data ultimately lives: in the Site Owner's email inbox, hosted by ASPHostPortal (see Section 3).

Purpose: to receive and respond to your message.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest of the Site Owner in responding to inquiries directed to him. Where your message concerns taking steps to enter into a contract, Art. 6(1)(b) GDPR may also apply.

Retention: messages remain in the Site Owner's email inbox for as long as needed to handle the correspondence and any reasonable follow-up, and are deleted when no longer relevant. You may request earlier deletion at any time (see Section 5).

2.2 Web analytics (GoatCounter)

The Site uses GoatCounter - a privacy-friendly, open-source web analytics service - to measure traffic and understand how visitors use the Site.

GoatCounter:

  • Does not set cookies on this Site.
  • Does not track individual users across sessions or across sites.
  • Does not store IP addresses or full User-Agent strings.

Only aggregated, anonymous statistics are stored, including: page views, referrer URL, browser name and version, operating system, screen size, and country (derived from the IP address at request time and then immediately discarded). According to GoatCounter's design, this aggregated data cannot be linked back to an individual visitor.

Purpose: to measure traffic and improve the Site.

Legal basis: Art. 6(1)(f) GDPR - legitimate interest of the Site Owner in understanding site usage. Given that GoatCounter does not collect personally identifiable information, this processing has a minimal impact on your privacy.

Retention: aggregated statistics are retained for as long as the Site Owner uses the GoatCounter service.

For details, see the GoatCounter privacy policy.

2.3 Server logs

The hosting provider of the Site (ASPHostPortal, see Section 3) maintains standard server access logs containing request metadata such as IP addresses, request URLs, HTTP methods, timestamps, and User-Agent headers. These access logs do not include the body of requests (such as the content of contact-form submissions). They are managed by the hosting provider under its own data processing terms for security and operational purposes, and are typically retained for a limited period before being rotated or deleted.

3. Recipients and processors

Personal data is processed by the following entities acting as data processors:

Service Role Notes
GoatCounter (operated by Martin Tournoij) Web analytics service provider Operator based in Ireland; servers at Hetzner Online GmbH in Finland and Germany (EEA)
ASPHostPortal Web hosting and email service provider (server logs, SMTP delivery of contact-form notifications, mailbox storage) Data processed at the ASPHostPortal data center in Frankfurt am Main, Germany (EEA). ASPHostPortal acts as a data processor.

The Site Owner does not sell or rent your personal data to third parties and does not use it for advertising or profiling.

4. International data transfers

All personal data processed in connection with the Site is processed within the European Economic Area (EEA):

  • GoatCounter processes data in Ireland, Finland, and Germany.
  • ASPHostPortal hosts the Site's backend and mailbox at its data center in Frankfurt am Main, Germany.

No personal data is intentionally transferred outside the EEA in the course of operating the Site. Should this change in the future, this Privacy Policy will be updated accordingly, and any such transfer will be carried out under an appropriate safeguard as defined in Chapter V GDPR (such as Standard Contractual Clauses).

5. Your rights under the GDPR

You have the following rights with regard to your personal data:

  • Right of access (Art. 15 GDPR) - to obtain confirmation of whether your data is processed and a copy of it.
  • Right to rectification (Art. 16 GDPR) - to have inaccurate data corrected.
  • Right to erasure ("right to be forgotten", Art. 17 GDPR) - to have your data deleted under the conditions set out in the GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR), where applicable.
  • Right to object (Art. 21 GDPR) - in particular, to object to processing based on legitimate interest (including the use of GoatCounter analytics). You can effectively exercise the right to object to GoatCounter by blocking the script gc.zgo.at/count.js in your browser or using any content-blocking extension.
  • Right to lodge a complaint with the supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych - UODO), ul. Stawki 2, 00-193 Warsaw, https://uodo.gov.pl.

To exercise any of these rights, contact the Site Owner at sobol.vasiliy@gmail.com.

6. Cookies

This Site uses a minimal set of strictly necessary first-party cookies required for the technical operation of the Site, specifically for cross-site request forgery (CSRF) protection of forms and, for the Site Owner only, authentication after admin login. These cookies are session-based and are not used for analytics, advertising, profiling, or cross-site tracking. No third-party cookies are set by the Site itself.

Under Article 5(3) of Directive 2002/58/EC (ePrivacy Directive) and Article 173 of the Polish Prawo telekomunikacyjne, strictly necessary cookies do not require prior consent. No cookie consent banner is therefore displayed.

If you follow links from this Site to third-party sites (LinkedIn, GitHub, external blogs, etc.), those sites may use their own cookies under their own privacy policies.

7. Automated decision-making

The Site does not carry out automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).

8. Children

The Site is not directed at children under the age of 16. Personal data of children is not knowingly collected. If you believe a child has provided personal data through the contact form, please contact the Site Owner so it can be deleted.

9. Security

Reasonable technical and organisational measures are used to protect personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

10. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. The current version is always available at the URL where you are reading it now, with the "Last updated" date at the top. Material changes will be reflected by updating that date.

11. Contact

For any questions about this Privacy Policy or about how your personal data is processed, contact:

Vasyl Sobol
Email: sobol.vasiliy@gmail.com
Web: https://soboldev.com