Privacy Policy

martinkup.dev (“we,” “our,” “the blog”, “data controller”) is operated from the European Union and is subject to EU and Czech data protection laws (General Data Protection Regulation (GDPR) (EU 2016/679) and the Czech Act No. 110/2019 Coll. on Personal Data Processing. We collect very limited information about visitors. This Privacy Policy explains what data we collect, why and how we use it, how long we keep it, and your rights regarding that data.

Information We Collect

  • Server access logs. The only personal data automatically collected by the server are standard log files. These typically include your IP address, browser type, requested URL, date/time, and similar technical details needed to operate and secure the site. We do not link this information to your identity or use it for profiling.
  • No other data collected. We do not have contact forms, comment sections, or other interfaces for visitors to submit personal information. Likewise, we do not use any analytics, marketing tools, or tracking pixels. In short, aside from the server logs noted above, we collect no personal data from visitors (no names, email addresses, or similar).

How We Use Information & Legal Basis

  • Legitimate security interest. We process server log data (including IP addresses) only to ensure the security, stability, and proper technical operation of the site. In particular, we use log records to detect and block attacks, prevent abuse (e.g. denial-of-service attempts), and troubleshoot technical issues. Our legal basis under the GDPR is our legitimate interest (Article 6(1)(f) GDPR) in maintaining network and information security. Notably, Recital 49 of the GDPR explicitly recognizes that “the processing of personal data… strictly necessary and proportionate for the purposes of ensuring network and information security” is a legitimate interest of the data controller.
  • No marketing or profiling. We do not use any personal data for marketing, advertising, or behavioral profiling. We do not send any newsletters or promotional emails. We do not sell or share your personal information with any marketing partners.
  • No reliance on consent. Because we do not use cookies or track you beyond essential logs, we do not rely on user consent as a legal basis. (Visitor consent is required for non-essential cookies under EU ePrivacy rules, but we do not employ any such cookies.)

Cookies and Tracking

We do not use cookies or similar tracking technologies on this blog. No scripts set cookies or fingerprint your device; browsing martinkup.dev will not trigger cookie banners or require consent. (Note that embedded third-party content may set cookies when loaded – see below.)

Embedded Content and Third-Party Services

The blog does not use any embedded content from third-party providers such as YouTube, Vimeo, Twitter, or similar platforms. As a result, no third-party cookies or tracking mechanisms are triggered by simply visiting or reading content on the site. All content is hosted directly on our servers or delivered via our CDN provider (Cloudflare), and we maintain full control over what is loaded into your browser.

Cloudflare CDN and Security

This blog uses Cloudflare services to improve performance and protect against threats. When you access martinkup.dev, some data (notably your IP address and request details) will be routed through Cloudflare’s network. Cloudflare processes this data as a data processor on our behalf to provide caching, DDoS protection, and other services. According to Cloudflare’s privacy policy, Cloudflare will not sell or rent your personal information and will only disclose data as needed to provide its services. (For details, see Cloudflare’s own Privacy Policy.)

Data Retention

We retain server logs and other security-related records only for as long as necessary to fulfill the legitimate purposes above. In practice, this typically means logs are kept for a short period (often on the order of days or weeks) and then deleted. We take care to limit data to what is strictly needed for security, consistent with the GDPR’s storage limitation principle.

Data Security

We take the security of any data seriously. We have implemented appropriate technical and organizational measures to protect the information we handle. These measures are in line with GDPR requirements (Article 32) to ensure confidentiality, integrity, and availability of personal data. Access to server logs is restricted to authorized personnel only, and data is stored on secure servers.

Your Rights under GDPR

Even though we do not collect much personal data, you have rights regarding any personal data we hold. Specifically, you have the following rights under the GDPR:

  • Right of access. You can request confirmation whether we are processing your personal data (e.g. logs including your IP) and obtain a copy of that data.
  • Right to rectification. If you believe any of your data is inaccurate, you may request correction.
  • Right to erasure (“right to be forgotten”). You can request deletion of your personal data, except for information we must retain for legitimate security or legal reasons.
  • Right to restrict processing. You may ask us to limit the way we use your personal data.
  • Right to object. You can object to processing based on legitimate interests at any time; we will cease processing unless we have compelling grounds that override your interests.
  • Right to data portability. If applicable, you may request a copy of your personal data in a structured, machine-readable format.

You also have the right to withdraw any consent you may have given in the past (though as noted we do not rely on consent). Finally, you have the right to lodge a complaint with a supervisory authority if you believe our processing violates the law. In the Czech Republic, the supervising authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, UOOU). You may also complain to the supervisory authority in any EU country.

To exercise any rights or ask questions about your data, please contact us using the information below. We will respond in accordance with GDPR timelines (generally within one month).

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted here with a revised “last updated” date. We encourage you to review this page periodically for updates.

Contact Information

The data controller for martinkup.dev is Martin Kup (Czech Republic). For questions about this policy or to exercise your rights, you can contact:

  • Email: privacy (at) martinkup.dev

This Privacy Policy was last updated May 12th 2025.