Privacy Policy

Last updated: December 2025

1. Data Controller

The data controller for this website is:

johlem.net
Cybersecurity Consulting
Luxembourg
Email: contact [at] johlem [dot] net

2. Data We Collect

2.1 Early Access Registration (Pre-Launch Program)

When you register for early access to our cybersecurity consulting services (launching September 2026), we collect:

  • Personal identification: Name, email address
  • Business information: Company name, company size
  • Service preferences: Service interest, project timeline
  • Optional information: Any additional message you provide
  • Consent flags: Newsletter opt-in, GDPR consent
  • Technical data: IP address (hashed), browser user agent (for security purposes)

Purpose:

  • Pre-launch communication regarding service launch and early access benefits
  • Service planning to understand market demand
  • Quarterly security insights (if opted in for newsletter)
  • Priority booking when services launch

Legal basis: Explicit consent (GDPR Article 6(1)(a)) provided when you register for early access.

2.2 Contact Form Submissions

When you submit our contact form, we collect:

  • Name
  • Email address
  • Company name
  • Service interest and timeline
  • Message content

Legal basis: Consent (GDPR Article 6(1)(a)) and legitimate interest for business purposes (GDPR Article 6(1)(f)).

2.3 Security Tools

Our security tools (hash generator, email header analyzer, etc.) process data client-side only. No data is transmitted to or stored on our servers.

2.4 Technical Data

For security purposes, we may log:

  • Anonymized/hashed IP addresses
  • Timestamps
  • Browser type (for compatibility)

This data is retained for a maximum of 30 days and is used solely for security monitoring and abuse prevention.

3. How We Use Your Data

We use your personal data to:

  • Respond to consultation requests
  • Provide cybersecurity services
  • Send service-related communications
  • Comply with legal obligations
  • Protect against security threats

We never sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Retention

Data Type Retention Period
Early access registrations Until service launch (September 2026) + 6 months, or until deletion request
Contact form submissions 2 years or until deletion request
Client project data As per contract + legal requirements
Security logs (hashed) 30 days
Newsletter subscribers Until unsubscribe request
Rate limiting data 24 hours

Early Access Program Specific Retention

  • Until service launch (September 2026): Active storage for pre-launch communications
  • After conversion to client: Data transferred to client management system with separate retention policy
  • If not converted: Deleted 6 months after service launch unless you request earlier deletion
  • Unsubscribed users: Deleted within 30 days of unsubscribe request

5. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: At any time, without affecting lawfulness of prior processing

To exercise these rights, contact us at: contact [at] johlem [dot] net

We will respond within 30 days as required by GDPR.

6. Cookies

We use only essential cookies:

  • Session cookies: For form security (CSRF protection)
  • Rate limiting: To prevent abuse (stored server-side with hashed identifiers)

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

For more details, see our Cookie Policy.

7. Third-Party Services

We minimize third-party data sharing. Currently, we may use:

  • Email service: For sending consultation responses
  • Hosting provider: Server infrastructure (EU-based)

All third-party processors are GDPR-compliant and bound by data processing agreements.

8. International Transfers

Your data is primarily processed within the European Union. If any transfer outside the EU is necessary, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

9. Security Measures

We implement industry-standard security measures:

  • HTTPS encryption (TLS 1.3)
  • Secure headers (HSTS, CSP, etc.)
  • Input validation and sanitization
  • Rate limiting and abuse prevention
  • Regular security audits
  • Data minimization by design

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Website: cnpd.public.lu

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will provide prominent notice.

12. Contact Us

For privacy-related inquiries:

Email: contact [at] johlem [dot] net
Subject line: "Privacy Inquiry"