This policy explains how personal data is processed on idunnfreya.com in accordance with the GDPR (Regulation (EU) 2016/679) and applicable Spanish law.
1. Controller
- Controller: Idunn Freya
- Email: hola@idunnfreya.com
- Website: idunnfreya.com
2. Data collected
2.1 Contact form / email
- Name (if provided)
- Message content
2.2 Technical data (security)
Server logs (e.g. IP address, timestamp, resource requested) for security, abuse prevention and incident diagnosis.
3. Purposes
- Responding to enquiries and information requests.
- Managing related communications.
- Maintaining site security and preventing abuse or fraud.
4. Legal basis
- Consent when the user submits the form or contacts by email.
- Legitimate interest in ensuring the security of the site and preventing abuse.
5. Recipients and providers
Data will not be shared with third parties unless legally required.
The following providers may be involved in operating the site:
| Service | Provider | Function |
|---|---|---|
| Hosting and server | Hetzner | Infrastructure and hosting |
| Email (mailbox) | Fastmail | Email service |
| Transactional email | Brevo | Form submissions delivery |
| Domain and DNS | Namecheap | Domain management |
These providers may process data as data processors or act as independent controllers regarding their own accounts and services.
6. International transfers
- Namecheap may process account/service data in the United States.
- Fastmail is based in Australia and has data processing agreements for EU/UK data.
Where processing occurs outside the EEA, GDPR-compliant mechanisms are applied (e.g. standard contractual clauses or other safeguards).
7. Retention periods
- Contact messages: up to 12 months from the last interaction, unless required by law or for an ongoing request.
- Technical security logs: up to 90 days.
8. Rights
You may exercise your rights to access, rectification, erasure, objection, restriction and portability by writing to hola@idunnfreya.com.
If you believe that data processing does not comply with regulations, you may file a complaint with the Spanish Data Protection Agency (AEPD).
9. Site content
This site may include images, audio, video and other materials uploaded by the owner. There are no user accounts and no third-party content uploads.
If you believe any content infringes rights (e.g. intellectual property), please contact hola@idunnfreya.com for review or removal.
10. Security
Reasonable security measures are applied (access control, backups, incident logging) to protect information.
11. Changes
This policy may be updated due to legal or technical changes. The current version will be the one published on the site.