Privacy Policy
Last updated: 16 June 2026
This site (shopatch.com) is operated by Werner Mathias Bundschuh, an Individual Entrepreneur registered in Georgia (IE Reg. No. B25175473 — see Legal Notice). This page describes what personal data is processed, why, and your rights.
This policy is written to comply with both the EU General Data Protection Regulation (GDPR) and the Georgian Personal Data Protection Law — both frameworks are functionally equivalent for the data processed by this site.
What data is collected
This site is deliberately minimal in its data collection. Here is the complete list:
Server access logs (Cloudflare)
When you visit shopatch.com, Cloudflare (the hosting provider) records standard HTTP access logs: your IP address (anonymized after 24h by Cloudflare's default settings), your browser User-Agent, the URL you visited, the HTTP referer, and a timestamp.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — security, abuse-prevention, and operational reliability.
Retention: Cloudflare retains anonymized logs for up to 7 days, then aggregates them.
Processor: Cloudflare, Inc. (USA), under Standard Contractual Clauses + their DPA. See Cloudflare's privacy policy.
Anonymous traffic analytics (Cloudflare Web Analytics)
This site uses Cloudflare Web Analytics — a cookie-free, privacy-respecting analytics tool. It tracks aggregated page views, visit duration, referrer, browser/OS and country (no precise location). It sets no cookies, uses no fingerprinting, performs no individual user tracking, and sells no data.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
Processor: Cloudflare, Inc.
Contact form submissions (Web3Forms)
If you use the contact form, the data you submit (name, email, message) is sent to Web3Forms, which delivers your message to my Proton Mail inbox ([email protected]), where it arrives for me to read and reply.
Collected: your name, email address, message content and a submission timestamp.
Legal basis: Consent (Art. 6(1)(a) GDPR) — implied by your choice to submit the form.
Retention: Your message stays in my inbox until I delete it — as long as needed to respond, typically up to 12 months.
Processors: Web3Forms (form handling) and Proton AG (email).
What is NOT used on this site
- No Google Analytics
- No Google Fonts CDN (fonts are self-hosted)
- No Facebook Pixel / Meta tracking
- No third-party-cookie video embeds
- No chat widgets (Intercom, Hubspot, etc.)
- No marketing-automation pixels
- No cookies that require consent
Because no consent-requiring cookies are set, no cookie banner is needed under EU/Georgian law.
Your rights (under GDPR / Georgian PDPL)
You have the right to: access a copy of your data, rectification of inaccurate data, erasure ("right to be forgotten"), restriction of processing, portability, objection to processing based on legitimate interest, withdrawal of consent, and to lodge a complaint with your local data protection authority.
To exercise any of these rights, email [email protected]. I will respond within 30 days.
Supervisory authority for this site: Georgian Personal Data Protection Service. EU visitors may also lodge complaints with their national data protection authority.
Data processors used
| Processor | Purpose | DPA / Policy |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, DNS, Web Analytics | Privacy · DPA |
| Web3Forms | Contact-form handling | Privacy |
| Proton AG | Email inbox for [email protected] | Privacy |
International data transfers
Some processors (Cloudflare, Web3Forms) are based outside the EU/EEA and/or Georgia. Where data is transferred internationally, it is protected by Standard Contractual Clauses (SCCs) and/or adequacy decisions where applicable. Proton AG is based in Switzerland, which holds a Data Protection Adequacy decision under EU law.
Changes to this policy
I will update this policy if site practices change. Material changes will be announced on the home page, and the "Last updated" date above will be revised.
Contact
For privacy questions or to exercise your rights: [email protected].