Privacy Policy

This Privacy Policy explains how I, Luca Alexander Büürma, collect, use, and protect personal data when you visit my website https://lucabuurma.com. I take data protection seriously and process personal data in compliance with the
General Data Protection Regulation (GDPR), the Spanish LSSI-CE, and other applicable laws. The website is intended for a global audience, but all processing of personal data is carried out under the principles of the GDPR.

The Data Controller responsible for this website is:

‍Luca Alexander Büürma
Ronda del General Mitre, 92
Sarrià-Sant Gervasi
08021 Barcelona
Spain
Email: lucabuurma@gmail.com

If you contact me via the contact form, I collect the following information:
- Full Name (First and Last Name)
- Email address
- Message content
‍
Purpose & Legal Basis:
‍Responding to inquiries and communicating with you (GDPR Art. 6(1)(b) – steps prior to a contract, and Art. 6(1)(f) – legitimate interest).

Storage & Retention:
- Submissions are forwarded to my email inbox.
- I do not store submissions permanently within Webflow (form submissions are hidden).
- Emails are retained only as long as necessary for communication and legal obligations.

Processors Involved:
Webflow, Inc. (398 11th Street, 2nd Floor, San Francisco, CA 94103, USA) – provides the hosting and form processing service. Webflow processes form data only to deliver it securely to me by email.
Google LLC (through Gmail) – email service provider. Data may be transferred to the United States under Standard Contractual Clauses (SCCs).

Usage Data is collected automatically when using this website. This may include information such as your device’s Internet Protocol (IP) address, browser type and version, the type of device and operating system you are using, the specific pages of the website that you visit, the time and date of your visit, the amount of time spent on those pages, unique device identifiers, and other diagnostic and technical data.
‍
When you access the website by or through a mobile device, additional information may be collected automatically. This can include the type of mobile device you use, your mobile device’s unique identifier, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, as well as other diagnostic and technical data.
‍
In addition, information that your browser sends whenever you visit the website, or when you access it by or through a mobile device, may also be collected.
‍

When you access the website, certain technical data is automatically collected by the hosting provider (Webflow). This may include:
- IP address
- Browser type and version
- Device information
- Date and time of access
- Referrer URL

Purpose & Legal Basis:
‍Ensuring the stability, security, and functionality of the website (GDPR Art. 6(1)(f) – legitimate interest).

Storage & Retention:
‍Log files are stored by Webflow for security and operational purposes and deleted in accordance with their retention policies.

This website uses the typeface Satoshi, which is hosted directly on Webflow’s CDN. No external connection to Fontshare or Google Fonts servers is established when loading this font.

All logos, employer images, and personal photographs are statically hosted on Webflow’s servers. No external requests are made to third-party servers.

This website contains static icons linking to my social media profiles (Instagram, LinkedIn, X/Threads, YouTube). These are simple links; no data is transferred to the social networks until you click the link. Once you click, the respective provider may collect and process data under their own privacy policies.

Currently, this website does not use cookies, analytics tools, advertising trackers, or third-party embeds that set cookies. Only essential technical cookies (if any) are set by Webflow to ensure basic website operation.

I may use the personal data I collect from you for the following purposes:
‍
- To provide and maintain the website: This includes monitoring usage of the website and ensuring its security and proper functioning.
- To respond to your inquiries: If you contact me via the contact form or by email, I will use your details to respond to your request or inquiry.
- To manage your requests: I may process your data in order to attend to and manage the requests you send me.
- For communication purposes: I may contact you by email if this is necessary to answer your inquiry or to follow up on your request.
- For improvement: I may use aggregated and anonymized information (for example, technical usage data) to analyze trends, improve the website, and enhance user experience.

I do not sell your data or use it for advertising, and I do not share it with business partners, affiliates, or third parties, except as necessary for the technical operation of the website (for example, with Webflow as hosting provider and Google as my email provider). In short:
- Your personal data is not sold or shared with third parties.
- Transfers to third countries (e.g., USA) may occur due to the use of Webflow and Gmail. These providers rely on the European Commission’s Standard Contractual Clauses (SCCs) to safeguard such transfers.

I will retain your personal data only for as long as is necessary for the purposes described in this Privacy Policy. This means that personal data submitted through the contact form will be kept only for as long as required to respond to your request and in line with any legal obligations. Once the inquiry has been completed, the data will be deleted unless legal retention requirements apply.

Technical Usage Data, such as server logs, is generally retained for a shorter period of time by the hosting provider (Webflow). This data is stored temporarily for security, diagnostic, and operational purposes and is deleted in accordance with Webflow’s retention schedules. In certain cases, Usage Data may be kept longer if it is required to comply with legal obligations, to resolve disputes, to enforce agreements and policies, or if it is necessary to strengthen the security or improve the functionality of the website.

Your personal data may be processed in countries outside of your country of residence, including outside the European Union. This is the case, for example, when I use external service providers such as Webflow (website hosting) and Google (email services), which are based in the United States.

Whenever personal data is transferred to a country outside the European Union, such transfers are carried out on the basis of appropriate safeguards. Service providers such as Webflow and Google rely on the European Commission’s Standard Contractual Clauses (SCCs), which are designed to ensure that your data continues to receive a level of protection essentially equivalent to that in the EU.

I will take all reasonable steps to make sure that your personal data is handled securely and in line with this Privacy Policy, regardless of where it is processed.

As a data subject, you have the following rights:

- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

If you believe your data protection rights have been violated, you can lodge a complaint with:
‍
‍Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
www.aepd.es

‍Additionally, if you are based in Germany, you may also contact your local German State Data Protection Authority.

I implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

I reserve the right to update this Privacy Policy from time to time to reflect changes in technology, legal requirements, or website functionality. The date of the last update is indicated at the top of this page.