Privacy Policy

Last updated: February 13, 2026

Data Controller

Roman Ceban
Chisinau, Moldova
Email: office@lawfirm.md

This Privacy Policy explains how personal data is handled when you visit ceban.md, a personal portfolio website.

1. Data Collected

I collect only minimal, necessary data:

  • Server & security logs (via Cloudflare): IP address, browser/user-agent, requested pages, timestamp, country-level location (anonymized), HTTP status (standard for any website).
  • Contact form submissions (via Web3Forms): name, email, message, and any fields you fill voluntarily. Web3Forms processes and forwards this directly to my email inbox; they do not store submissions long-term on free plans (deleted after ~30 days), and act as my data processor.
  • No analytics tracking, no cookies for profiling, no advertising, no device fingerprinting.

2. Purposes & Legal Basis (GDPR Art. 6)

Purpose Data Involved Legal Basis
Deliver the website (loading, security, DDoS protection) IP, technical logs Legitimate interests (essential operation)
Prevent abuse & ensure site availability IP, request patterns Legitimate interests
Respond to your contact/inquiry Name, email, message Consent (you submit voluntarily) or legitimate interests

I have balanced interests: your rights/privacy do not override the need for basic site functioning and communication.

3. Cookies & Similar Technologies

This site uses only strictly necessary cookies/technologies required for functionality and security:

  • Cloudflare (hosting/CDN provider) may set strictly necessary cookies (e.g., for security features like `__cf_bm` bot management or session handling). These are essential and exempt from consent under ePrivacy/GDPR.
  • No analytics cookies, no marketing cookies, no third-party trackers, no persistent identifiers.

No consent banner is shown because no non-essential cookies are used. You can review Cloudflare's cookie details here: https://www.cloudflare.com/cookie-policy/.

4. Data Sharing / Recipients

Data is not sold, rented, or used for marketing.

  • Cloudflare (US-based): processes logs & security data under strict contract (their DPA incorporates EU standard contractual clauses).
  • Web3Forms: acts as processor; see their privacy policy: https://web3forms.com/privacy.
  • Your email provider (when I receive form messages).

5. Data Retention

  • Cloudflare logs: retained short-term (days to weeks; auto-purged).
  • Form submissions: stored only in my email inbox as long as needed to respond + up to 12 months (archiving purposes); then deleted.
  • No long-term databases on my side.

6. Your GDPR Rights

As an EU/EEA visitor, you have rights to:

  • Access, rectify, or erase your data
  • Restrict or object to processing
  • Data portability (limited here)
  • Withdraw consent (if based on consent)
  • Lodge a complaint with your national DPA

Email me at office@lawfirm.md to exercise rights. I respond as soon as possible, but no later than one month.

7. Security

HTTPS everywhere (Cloudflare), encrypted transit, access controls. No system is 100% secure, but I minimize risks.

8. Changes

This policy may update; check the date above. Significant changes will be noted on the site.