Privacy policy

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

Last updated: 29 Oct 2025

This website is built on a Zero-Consent Architecture (ZCA) baseline. We do not set or read non-essential identifiers (such as tracking cookies or localStorage IDs) before consent. As a result, a cookie banner is not required for normal use of this site. We may process basic request data (e.g., IP address) on our servers to deliver the site and for security.

Who we are

zeroconsent.eu, c/o Chris Ahrweiler, D-40627 Düsseldorf, Germany (“we”, “us”). Contact: info@zeroconsent.eu

Scope

This Privacy Policy explains what personal data we process when you visit https://zeroconsent.eu (the “Website”) or contact us through the forms provided.

What we collect and why

  • Request data (server logs) – IP address, date/time, URL, user-agent, referrer. Purpose: deliver the Website, security (e.g., DDoS/bot mitigation), troubleshooting, abuse prevention. Legal basis: Art. 6(1)(b) GDPR (provide the service) and our legitimate interests, Art. 6(1)(f) GDPR (operate a secure site).
  • Contact form data – email, name, domain and message you submit. Purpose: respond to your request, prepare an audit/certification. Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps) and/or Art. 6(1)(f) GDPR.
  • Aggregated metrics (cookieless) – page views, events and uptime/error signals collected without client identifiers. Purpose: measure site performance and availability. Legal basis: Art. 6(1)(f) GDPR (legitimate interests).

Cookies and local storage

By default we avoid client-side storage. We do not set analytics, marketing or profiling cookies on the baseline. If our hosting/CDN/security layer issues a strictly necessary cookie (for example, a short-lived cookie for load balancing or bot protection), it is used solely to provide the service you requested and does not track you across sites.

  • Strictly necessary cookies (session/short-lived): security, rate-limiting, load-balancing. Consent not required under ePrivacy for such necessary storage.
  • Non-essential cookies: not used on the baseline. If we ever add optional features that require them (e.g., third-party embeds), they will load only after your explicit opt-in.

No fingerprinting

We do not create or use device/browser fingerprints or other techniques intended to identify individual visitors without consent.

Global privacy signals

We respect applicable browser signals (e.g., Global Privacy Control / Do-Not-Track) and treat them as a decline for optional features.

Data processors and transfers

We may use service providers (e.g., hosting, CDN, email) to operate this Website and respond to enquiries. Where providers are outside the EU/EEA, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and apply minimisation and limited retention.

Retention

  • Server logs: kept for a short, security-oriented period and then deleted or anonymised.
  • Contact enquiries: kept while we handle your request and for a limited period for documentation/compliance.
  • Aggregated metrics: contain no identifiers and may be kept for trend analysis.

Your rights (EEA)

You have the right to access, rectification, erasure, restriction, objection, and data portability, as well as to lodge a complaint with your data protection authority. To exercise your rights, contact: info@zeroconsent.eu

Legal bases summary

  • Art. 6(1)(b) GDPR – providing the Website / handling your enquiry.
  • Art. 6(1)(f) GDPR – legitimate interests in operating a secure, performant site and maintaining aggregated metrics.
  • ePrivacy (EU) / TDDDG (DE) – strictly necessary storage may be used without consent; non-essential storage requires prior consent (not used on the baseline).

Links to other websites

Our Website may link to external sites. Their privacy practices are their own; please review their policies.

Changes to this policy

We may update this policy to reflect technical or legal changes. The latest version will always be available on this page.

Supervisory authority

If you wish to file a complaint under GDPR, contact your local data protection authority. In Germany: https://www.bfdi.bund.de/

Contact