Privacy Policy

1. Introduction

Welcome to Andrei Santana's portfolio website ("Website", "Site"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website at andreisantana.com.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. What Data We Collect

We collect and process the following types of personal data:

3.1 Contact Form Data

When you submit our contact form, we collect:

• Name: To address you properly in our response
• Email Address: To respond to your inquiry
• Subject: To understand the nature of your inquiry
• Message: Your inquiry or message content

3.2 Preference Data (localStorage)

With your consent, we store the following preferences locally in your browser:

• Theme Preference: Your choice between light and dark mode
• Language Preference: Your selected language (English, Portuguese, or Spanish)

3.3 Automatically Collected Data

We do not automatically collect any personal data. However, with your consent, we may use:

• IP-based Geolocation: To suggest an appropriate language based on your location (via ipapi.co API)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent (GDPR Article 6(1)(a)): For storing preferences and geolocation detection
• Legitimate Interest (GDPR Article 6(1)(f)): For responding to contact form inquiries

5. How We Use Your Data

5.1 Contact Form Data

• To respond to your inquiries and messages
• To communicate with you about professional opportunities
• To provide information you've requested

5.2 Preference Data

• To remember your theme choice (dark/light mode)
• To display the website in your preferred language
• To improve your user experience

5.3 Geolocation Data

• To suggest an appropriate language based on your country
• Only used with your explicit consent

6. Third-Party Data Processors

6.1 EmailJS

We use EmailJS to process and deliver contact form submissions. EmailJS is GDPR compliant and acts as a data processor under our instructions.

• What they receive: Name, email, subject, message
• Purpose: Email delivery service
• Data location: European Union
• Privacy Policy: EmailJS Privacy Policy

6.2 ipapi.co (Geolocation)

With your consent, we use ipapi.co to detect your approximate location for language suggestion.

• What they receive: Your IP address
• Purpose: Country-based language detection
• Only used: After explicit consent
• Privacy Policy: ipapi.co Privacy Policy

7. Data Retention

• Contact Form Data: Retained for up to 2 years or until you request deletion
• Preference Data: Stored in your browser's localStorage until you clear it or revoke consent
• Geolocation Data: Not stored; only used temporarily for language detection

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Limit how we use your data
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interest
• Right to Withdraw Consent (Article 7): Withdraw consent at any time

To exercise any of these rights, please contact us at andreisantana@gmail.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all data transmission
• Secure data processing through GDPR-compliant third parties
• Regular security reviews and updates
• Limited access to personal data

10. Cookies and Local Storage

This website does not use traditional cookies. Instead, we use browser localStorage to save your preferences (theme and language). This storage:

• Requires your explicit consent before use
• Stores data only in your browser (not on our servers)
• Can be cleared at any time through your browser settings
• Does not track or profile your behavior

11. Data Transfers

Your data is processed within the European Union. We do not transfer personal data outside the EU/EEA unless:

• You explicitly consent to such transfer
• The recipient country ensures adequate data protection (GDPR Article 45)
• Appropriate safeguards are in place (Standard Contractual Clauses)

12. Children's Privacy

This website is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this page
• Displaying a notice on the website
• Sending an email notification (if we have your contact information)

14. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.

For Portugal, the competent authority is:

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

16. Consent

By using this website and submitting the contact form, you consent to the collection and processing of your personal data as described in this Privacy Policy.

You can withdraw your consent at any time by:

• Clearing your browser's localStorage
• Rejecting cookies via the cookie consent banner
• Contacting us to request data deletion