Privacy

  1. Controller

The controller responsible for data processing on this website is:

Christoff Szito
Herderstraße 16
50189 Elsdorf
Germany

Phone: (On request)
Email: hello@szito.digital

  1. What data I process and why

I only process personal data when it’s necessary to:

  • run and secure this website,

  • answer enquiries and prepare / run projects,

  • meet legal obligations (e.g. tax and accounting).

Legal bases under the GDPR are mainly Art. 6(1)(a) (consent), (b) (contract / pre-contract), (c) (legal obligation) and (f) (legitimate interests).

  1. Hosting, tools & log files

This website is hosted via Framer; the domain is provided by IONOS.
When you visit the site, technical data are automatically processed, e.g.:

  • IP address (shortened where possible)

  • date and time of access

  • accessed pages / files

  • referrer URL

  • browser, operating system

This happens on the basis of Art. 6(1)(f) GDPR – my legitimate interest in a secure and stable website. Log files are deleted after a short period unless needed longer for security reasons. Other tools used in the background (for example Gmail / Google Workspace for e-mail and Notion for internal notes and project organisation) may process personal data when we communicate or work together. This is done under data processing agreements and, where necessary, EU standard contractual clauses.

  1. Cookies & Analytics

The site uses cookies and similar technologies.

  • Necessary cookies are required for basic functions (e.g. security, consent storage) and are used on the basis of Art. 6(1)(f) GDPR.

  • Optional / analytics cookies are only set with your consent (Art. 6(1)(a) GDPR).

A cookie banner informs you when you first visit the site. You can change or withdraw your consent at any time via the cookie settings.

I use Google Analytics and Framer’s own analytics to understand how the website is used and to improve it. Google Analytics (Google Ireland Limited) uses cookies. IP anonymisation is enabled so that your IP address is usually shortened within the EU/EEA. Data processing takes place only if you have given consent in the cookie banner. Framer Analytics may collect basic usage data (e.g. page views, device types). Depending on configuration, this is based on consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR). You can find more details in Google’s and Framer’s privacy information.

  1. contact & client data

If you contact me via e-mail using the “mailto” link, I process the data you provide, in particular:

  • e-mail address and name,

  • the content of your message,

  • any project information you share.

Processing is based on Art. 6(1)(b) GDPR (pre-contractual communication / contract) or Art. 6(1)(f) GDPR (legitimate interest in answering enquiries). E-mail is handled via Gmail / Google Workspace.

If we work together, I process for example:

  • contact and company data,

  • project briefings and content (e.g. text, images, logos),

  • contract and billing data.

This is necessary for performing the contract (Art. 6(1)(b) GDPR) and for legal retention duties (Art. 6(1)(c) GDPR). Data are stored only as long as required for the project and within the statutory retention periods (typically 6–10 years for tax documents).

  1. Social Links

This website currently only contains links to external platforms (e.g. LinkedIn, possibly later YouTube, Instagram, X/Twitter). No data is sent to these platforms just by visiting my site. Data processing there only starts when you click a link and visit the respective platform. Their own privacy policies then apply.

  1. Data transfers outside the EU/EEA

Some providers mentioned above (e.g. Google, Notion, possibly Framer) are based in or process data in countries outside the EU/EEA, especially the USA. In these cases, processing is based on:

  • an adequacy decision of the EU Commission, and/or

  • EU standard contractual clauses and appropriate safeguards (Art. 46 GDPR).

Despite these measures, a level of data protection comparable to the EU cannot always be guaranteed.

  1. Your Rights

You have the following rights under the GDPR:

  • right of access to your data,

  • right to rectification,

  • right to erasure,

  • right to restriction of processing,

  • right to data portability,

  • right to object to processing based on Art. 6(1)(e) or (f) GDPR,

  • right to withdraw consent at any time with effect for the future.

To exercise these rights, simply contact me using the details above. You also have the right to lodge a complaint with a data protection supervisory authority in the EU, in particular in your place of residence or where a suspected infringement occurred.

  1. Updates to this policy

I may update this privacy policy from time to time, for example if I start using additional tools (such as a contact form or newsletter) or if legal requirements change.
The version published on this website always applies. (1st of December 2025)

CHRIS.SZITO

Legal

Privacy

CHRIS.SZITO

Legal

Privacy