Privacy Policy
Privacy Policy
1. Introduction
1.1. Controller
Eapen Leubner (“we”, “us”, “our”) is the data controller for eapenleubner.com. We provide informational content and services online, targeting Colorado residents but accessible worldwide.
1.2. Policy Scope
This Privacy Policy applies to all personal data processed by us, including data of EU/UK residents under the GDPR and Colorado residents under the Colorado Privacy Act (CPA).
1.3. Effective Date & Contact
This policy is effective June 29, 2025. For privacy inquiries or to exercise your rights, contact our Data Protection Officer at [email protected].
2. Information We Collect
2.1. Contact Form
When you use our contact form, we collect your name, email address, and message content. We process this data based on your consent and our legitimate interest in responding to inquiries.
2.2. Newsletter Signup
To send our newsletter, we collect your name and email address via Mailchimp. Processing is lawful via your explicit consent.
3. Third-Party Services & Integrations
3.1. Google Analytics
We use Google Analytics to measure website traffic and user interactions.
3.2. Advertising Pixels
We deploy advertising pixels (e.g., Facebook Pixel) for targeted ads. Colorado residents may opt out of targeted advertising under the CPA.
3.3. Mailchimp
Mailchimp processes newsletter data on our behalf under their Data Processing Addendum (DPA).
3.4. Cloudflare
Our site is served via Cloudflare’s CDN. Cloudflare acts as a processor, implementing GDPR-aligned controls and allowing data-subject access, correction, and deletion.
4. Cookies & Tracking
We present a cookie banner on first visit. Cookies are categorized as strictly necessary, analytics, and marketing. Users can manage preferences via our banner and browser settings.
5. Legal Bases for Processing (GDPR)
Under GDPR Art. 6, we process personal data based on consent (Art. 6(1)(a)) for newsletters, cookies, marketing and legitimate interests (Art. 6(1)(f)) for site functionality and fraud prevention.
6. Rights Under the Colorado Privacy Act
Colorado residents may opt out of targeted advertising, sale of personal data, profiling, and can access, correct, delete, and port their personal data. Requests are handled within 45 days.
7. Data Retention
We retain personal data for 1 year, unless a longer period is required by law.
8. Security Measures
We implement appropriate technical and organisational measures to ensure data security, integrity, availability, and resilience, including encryption, access controls, and regular testing, per GDPR Art. 32.
9. International Data Transfers
Where data is transferred outside the EEA, we rely on EU Commission-approved Standard Contractual Clauses or adequacy decisions to safeguard personal data.
10. Changes to This Policy
We may update this policy and will publish the revised version with a new effective date. Continued use of the site implies acceptance of the updated policy.
11. How to Contact Us
For any questions or to exercise your rights under GDPR or the Colorado Privacy Act, email [email protected].