Privacy Policy

1. Data Controller

The data controller responsible for this website is:

2. Overview

This Privacy Policy explains what personal data is collected when you visit or interact with nicodemos.dev, why it is processed, and what rights you have under the EU General Data Protection Regulation (GDPR – Regulation 2016/679) and the ePrivacy Directive (2002/58/EC).

This site is a personal portfolio. Most visitors browse it without any personal data being collected. Data is only processed if you actively choose to sign in via GitHub to post on the Community Wall.

3. Data Collected and Legal Basis

The following personal data may be processed, along with the legal basis under GDPR Art. 6:

4. How Your Data Is Used

• To display your GitHub username and avatar alongside your Community Wall message.
• To authenticate your session and prevent abuse of the Community Wall.
• No data is sold, rented, or shared with third parties for commercial purposes.
• No data is used for automated decision-making or profiling.

5. Data Retention

• Community messages — retained until you request deletion or the site owner removes them.
• Session cookies — expire within 30 days or when you sign out / close your browser.
• No other personal data is stored beyond what is described in this policy.

6. International Data Transfers

This site uses GitHub OAuthfor authentication. GitHub, Inc. is a US‑based company. Data exchanged during the OAuth flow (your username and avatar) passes through GitHub's infrastructure. GitHub participates in the EU–US Data Privacy Framework(in effect since July 2023), which provides an adequate level of data protection recognised by the European Commission under GDPR Art. 45. You can verify GitHub's participation at the Data Privacy Framework website.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. To exercise any of them, contact me using the details in Section 1. Requests will be handled without undue delay and within one month of receipt.

• Right of access (Art. 15) — You may request a copy of the personal data held about you.
• Right to rectification (Art. 16) — You may request correction of inaccurate personal data.
• Right to erasure (Art. 17) — You may request deletion of your personal data ("right to be forgotten") where the data is no longer necessary or you withdraw consent.
• Right to restriction of processing (Art. 18) — You may request that processing of your data be temporarily restricted in certain circumstances.
• Right to data portability (Art. 20) — You may request your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21) — You may object to processing based on legitimate interests at any time.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

8. Right to Lodge a Complaint

If you believe your personal data has been processed unlawfully or that your rights under the GDPR have not been respected, you have the right to lodge a complaint with your national data protection supervisory authority. In Portugal, this is:

You may also contact the supervisory authority of the EU member state where you reside or work if that differs from Portugal.

9. Minors

This website is not directed at children under the age of 16. If you are under 16, please do not submit any personal data through the Community Wall.

10. Changes to This Policy

This Privacy Policy may be updated to reflect changes in the website or applicable law. Any updates will be reflected in the "Last updated" date at the top of this page.

11. Contact

For any privacy-related questions or to exercise your rights, contact Nicodemos Santos via the GitHub profile linked in the footer of this website.