Legal
Privacy Policy
Last updated: 03 March 2026
1. Overview
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.
Who is responsible? Data processing is carried out by the website operator. Contact details are in the “Controller” section below.
How do we collect your data? Some data is collected when you provide it to us (e.g. contact form, newsletter signup). Other data is collected automatically when you visit the website (e.g. browser type, operating system, time of visit).
What do we use your data for? To ensure the website functions correctly and, with your consent, to analyse visitor behaviour.
What rights do you have? You have the right to receive information about your stored data, request correction or deletion, withdraw consent, request restriction of processing, and lodge a complaint with the relevant supervisory authority.
When you visit this website, your browsing behaviour may be statistically analysed using analytics tools (with your consent). Details are in the sections below.
2. Hosting
This website is hosted externally. Personal data collected here is stored on the host’s servers (IP addresses, contact requests, meta and communication data, etc.).
External hosting is used in the interest of secure, fast, and efficient service delivery (Art. 6(1)(f) GDPR). Where consent has been requested, processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDDG.
Hostinger International Ltd.
61 Lordou Vironos Street, 6023 Larnaca, Cyprus
Supabase Inc.
970 Trestle Glen Rd, Oakland, CA 94610, USA — data stored on EU servers (AWS Frankfurt). Transfer to USA governed by Standard Contractual Clauses. DPA in place. See: supabase.com/privacy
3. General Information and Mandatory Details
Data Protection
We treat your personal data confidentially and in accordance with statutory data protection regulations. Please note that data transmission over the internet may have security gaps — complete protection from third-party access is not possible.
Data Retention
Your personal data will remain with us until the purpose for which it was collected no longer applies, or until you request deletion or withdraw consent.
Legal Bases for Processing
Processing is based on: consent (Art. 6(1)(a) GDPR), contract performance (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), or legitimate interest (Art. 6(1)(f) GDPR). The specific basis is noted in each section below.
Right to Object (Art. 21 GDPR)
Where processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time on grounds relating to your particular situation. If you object, we will stop processing unless we can demonstrate compelling legitimate grounds. For direct marketing, you may object at any time and your data will no longer be used for that purpose.
Right to Lodge a Complaint
You have the right to lodge a complaint with the relevant data protection supervisory authority.
Right to Data Portability
You have the right to receive data we process automatically (based on consent or contract) in a machine-readable format, or to request its transfer to another controller where technically feasible.
SSL/TLS Encryption
This site uses SSL/TLS encryption. You can recognise an encrypted connection by the padlock icon in your browser and the address bar showing “https://”.
4. Data Collection on This Website
Cookies
Our website uses cookies. Necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. Analytics and non-essential cookies are only stored with your explicit consent via the cookie consent banner on your first visit (Art. 6(1)(a) GDPR and § 25(1) TDDDG). You can withdraw or change consent at any time via the cookie settings link in our footer.
Server Log Files
Our hosting provider automatically collects information in server log files: browser type and version, operating system, referrer URL, hostname, time of request, IP address. This data is not merged with other sources. Legal basis: Art. 6(1)(f) GDPR.
Contact Form
Data submitted via the contact form is stored for the purpose of processing your enquiry. We will not share this data without your consent. Legal basis: Art. 6(1)(b) or (f) GDPR. Data is retained until the enquiry is resolved or you request deletion.
5. Analytics
Google Analytics 4
We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). GA4 uses cookies to analyse how visitors use the website. Data including IP address is transmitted to Google servers in the USA.
GA4 is only activated with your explicit consent via our cookie banner. Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG. Data transfer to the USA is based on Standard Contractual Clauses. IP anonymisation is enabled by default. Retention: 26 months.
Google’s privacy policy: policies.google.com/privacy
6. Newsletter
We collect your email address to send our newsletter. We use a double opt-in process — you must confirm your subscription via a link in a confirmation email before receiving any newsletters.
Legal basis: Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in any newsletter email. After unsubscription, your address may be retained in a suppression list to prevent future mailings (Art. 6(1)(f) GDPR).
We use Sender.net (UAB “Sender”, Lvivo g. 25-104, Vilnius, Lithuania — EU-based). DPA in place. Their privacy policy: sender.net/privacy-policy
7. User Accounts
When you create an account, we collect your email address and encrypted password, stored in our database (Supabase, EU servers in Frankfurt). Legal basis: Art. 6(1)(b) GDPR. Data is retained until account deletion. Accounts inactive for 24 months may be deleted after prior email notification.
Password reset emails are processed solely for that purpose and not used for marketing without separate consent.
Age Restriction: This website is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided data without parental consent, please contact us.
8. Your Rights at a Glance
| Right | What it means |
|---|---|
| Access (Art. 15) | Request a copy of your personal data |
| Rectification (Art. 16) | Correct inaccurate data |
| Erasure (Art. 17) | Request deletion of your data |
| Restriction (Art. 18) | Limit how we process your data |
| Portability (Art. 20) | Receive your data in a portable format |
| Objection (Art. 21) | Object to processing based on legitimate interest |
| Withdraw consent (Art. 7(3)) | Withdraw consent at any time without penalty |
To exercise any of these rights, contact us at: contact@digitalsteplab.com
9. Changes to This Policy
We may update this privacy policy from time to time. The date at the top reflects the latest version. For significant changes, we will notify subscribers by email where possible.