Last updated · 27 May 2026
Privacy Policy
This page explains how khlumen.com processes personal data under Regulation (EU) 2016/679 (GDPR). The site is a B2B showcase — there is no user account, no payment flow, no profiling.
1. Data Controller
The data controller for personal data processed via khlumen.com is:
2. Data we collect
Browsing the site does not require registration. We process the minimum data needed to deliver the site and to handle business contact requests:
- Technical metadata: IP address, user agent, HTTP referrer, request timestamp — automatically logged by the hosting provider for security and routing.
- Preference data: the language preference (EN / IT) stored locally in the browser via localStorage.
- Contact data: when a contact form or email link is used, the fields voluntarily provided by the requester (typically name, email, message).
We do not collect special-category data (Art. 9 GDPR), payment data, location data, or any data used for profiling or advertising.
3. Purposes of processing
- Deliver the website and keep it secure and available.
- Reply to inbound B2B contact requests and assess potential engagements.
- Comply with legal obligations (e.g. requests from authorities).
4. Legal basis
Processing relies on the following GDPR legal bases:
- Pre-contractual measures (Art. 6.1.b) for handling contact requests.
- Legitimate interest (Art. 6.1.f) for technical site operation, security and aggregated traffic stats.
- Consent (Art. 6.1.a) for any non-essential cookies — see the Cookie Policy.
- Legal obligation (Art. 6.1.c) for any requests from competent authorities.
5. Retention
- Hosting-level technical logs: kept for the minimum period needed for security and operational purposes, typically up to 90 days.
- Contact request content (email exchanges, intake forms): kept for up to 12 months from the last interaction, or longer if a commercial relationship is in place or required by law.
- Aggregated, anonymised statistics: may be retained indefinitely for internal analysis.
6. Recipients and transfers
Some technical data may be processed by service providers acting as data processors:
- Vercel Inc. — hosting, CDN and analytics infrastructure. Vercel may process data in the EU (Frankfurt region) or, when traffic is routed via its global edge, in third countries with adequate safeguards (Standard Contractual Clauses). See vercel.com/legal/privacy-policy.
- Email provider for inbound contact emails (the email address vlad@khlumen.com is routed via the relevant provider's mail infrastructure).
No data is sold or shared for marketing purposes.
7. Your rights
Under Articles 15–22 GDPR you have the right to:
- Access your personal data and obtain a copy.
- Rectify inaccurate or incomplete data.
- Erase your data (right to be forgotten).
- Restrict processing in specific cases.
- Receive your data in a structured, commonly used format (portability).
- Object to processing based on legitimate interest.
- Withdraw consent at any time, without affecting prior lawful processing.
- Not be subject to a decision based solely on automated processing (Art. 22).
To exercise any of these rights write to vlad@khlumen.com. You also have the right to lodge a complaint with a competent supervisory authority — for example the Agencia Española de Protección de Datos (AEPD, www.aepd.es) or, for users based in Italy, the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).
9. Changes to this policy
We may update this policy to reflect regulatory or operational changes. Updates are published on this page with the last-updated date above. You are encouraged to review it periodically.