Viromo.

Data protection

Privacy policy

Last updated: 1 June 2026

This policy explains what personal data the website viromo.eu processes, why, on what legal basis, for how long, who it may be shared with and what your rights are. It is drawn up in accordance with Regulation (EU) 2016/679 (the GDPR).

In short. viromo.eu is built to collect the bare minimum. We sell no data, run no advertising, build no profiles, and audience measurement is cookieless. In practice, the only data you actively give us is what you type into the contact form.

On this page

  1. Data controller
  2. Data collected
  3. Purposes and legal bases
  4. Recipients and processors
  5. Transfers outside the EU
  6. Retention periods
  7. Data security
  8. Your rights
  9. Minors
  10. Changes
  11. Complaints and contact

1. Data controller

The data controller is Jakub Paśnik (Viromo Jakub Paśnik), a sole trader established in Poland — full contact details in the legal notice.

As the publisher is established in Poland, the lead supervisory authority under the GDPR one-stop-shop mechanism (Art. 56 GDPR) is the Polish data protection authority (UODO). You may nonetheless exercise your rights and lodge a complaint with your local authority — in France, the CNIL.

2. Data collected

We process three categories of data, and only these:

a) Contact form data

When you use the form (or email us): your name, your email address, the optional website address you provide and the content of your message. This data is collected only if you choose to write to us.

b) Technical logs

Like any website, viromo.eu generates technical logs on the host side: IP address, browser type, system, timestamp and pages viewed. They are used for security and proper operation.

c) Traffic statistics

We measure traffic using Cloudflare Web Analytics, a cookieless tool with no cross-site tracking. The data is aggregated (page views, country, device type, referrer) and cannot identify you.

The site uses no advertising trackers, no third-party tracking cookies and performs no profiling.

3. Purposes and legal bases

ProcessingPurposeLegal basis (GDPR)
Contact requestsRespond to your request and, where relevant, prepare a business relationshipPre-contractual steps and legitimate interest (Art. 6(1)(b) and 6(1)(f))
Technical logsSecurity, abuse prevention, proper operation of the siteLegitimate interest (Art. 6(1)(f))
Cookieless analyticsUnderstand traffic to improve the siteLegitimate interest (Art. 6(1)(f))

4. Recipients and processors

Your data is not sold, rented or shared with third parties for commercial purposes. It is accessible only to the publisher and to the strictly necessary technical providers, acting as processors (Art. 28 GDPR):

  • Cloudflare, Inc. — hosting, content delivery network (CDN), security and cookieless audience measurement.
  • Google (Gmail) — routing and receipt of messages sent through the contact form, in the publisher’s inbox.
  • TinaCMS (tina.io) — content management through the /admin area reserved for the publisher; this service does not concern visitors’ browsing.

5. Transfers outside the EU

Some processors (Cloudflare, Google) are established in the United States. Any transfers are covered by the EU–US Data Privacy Framework (adequacy decision (EU) 2023/1795) and/or the European Commission’s standard contractual clauses (Art. 46 GDPR), which provide appropriate safeguards.

6. Retention periods

  • Contact requests: 3 years from the last exchange, then deletion or archiving.
  • Technical logs: 12 months maximum.
  • Traffic statistics: aggregated and anonymous, with no data that can identify you.

7. Data security

Data protection is at the very heart of what Viromo does, and the site applies to itself the measures it recommends to its clients:

  • Site served exclusively over HTTPS (TLS encryption), with HSTS.
  • Strict HTTP security headers (CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy…).
  • No third-party trackers or advertising scripts loaded on the pages.
  • Email authentication (SPF, DKIM, DMARC) on the domain.
  • Restricted, protected access to the admin area.

These measures aim to ensure a level of security appropriate to the risk (Art. 32 GDPR). As no system is infallible, we undertake to notify you and the competent authority of any breach likely to create a risk to your rights (Art. 33 and 34 GDPR).

8. Your rights

Under Articles 15 to 22 of the GDPR, you have the following rights over your data at any time:

  • Access — confirm that processing exists and obtain a copy.
  • Rectification — correct inaccurate data or complete it.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Restriction — temporarily freeze a processing operation.
  • Objection — object to processing based on legitimate interest.
  • Portability — receive your data in a structured, reusable format.

To exercise these rights, write to jacob@viromo.eu. We respond within one month. Proof of identity may be requested in case of reasonable doubt about your identity.

9. Minors

The site is aimed at professionals and is not intended for minors. We do not knowingly collect data about people under 16 (or the lower national digital-consent age where applicable). If you believe a minor has provided us with data, contact us for its deletion.

10. Changes

This policy may change, for example to reflect a change in how the site works or in the law. The last-updated date appears at the top of the page; significant changes will be signalled clearly.

11. Complaints and contact

For any question about your data, write to jacob@viromo.eu. If, after contacting us, you believe your rights are not respected, you may lodge a complaint with the lead authority (UODO, Poland) or your local supervisory authority — in France, the CNIL.