Last updated:
Privacy Policy
This privacy notice explains which personal data, if any, eubudget.com processes when you visit the site, on what legal basis, and which rights you have under Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003.
Data controller
The data controller is the operator of eubudget.com (see the Imprint page). Contact: [email protected].
Privacy by design
The site is intentionally designed to minimise data collection. There is no user account, no login, no contact form, no comments, no newsletter, no advertising, no third-party analytics, no behavioural tracking, no profiling. Almost everything you see is static or computed server-side from public EU budget data.
What we process
We process only the limited categories of data described below.
Server access logs
When you visit a page, the web server temporarily records the IP address, the date and time, the requested URL, the HTTP status code, the user-agent string, and the referrer (if any). Logs are kept for a maximum of 30 days for security and abuse-prevention purposes (e.g. blocking malicious traffic), then deleted.
Technical session cookie
Laravel sets a cookie named "eubudget-session" containing a random session identifier and a CSRF token. The cookie is strictly technical: it is required to make the site work, contains no personal data and no tracking identifier, expires when you close the browser or after two hours of inactivity, and is exempt from prior consent under art. 5(3) of the ePrivacy Directive and art. 122 of D.Lgs. 196/2003.
Third-party CDN requests
The site loads ApexCharts (jsDelivr) and Twemoji (jsDelivr) from a public CDN. When your browser fetches these assets, it transmits your IP address to the CDN provider as a technical necessity for content delivery. We host no other third-party trackers and do not embed analytics.
What we do NOT process
We do not collect: names, addresses, phone numbers, payment data, location beyond IP-derived country, advertising identifiers, browser fingerprints, social-media identities, or any special category of data under art. 9 GDPR.
Legal basis
Server logs and the technical session cookie are processed on the legal basis of legitimate interest pursuant to art. 6(1)(f) GDPR, namely the operation, security, and abuse prevention of the website. CDN delivery is processed under the same basis as a strict technical necessity. No processing requires your consent because no profiling, advertising, or analytics is performed.
Data sharing and transfers
Server logs reside on Oracle Cloud Infrastructure servers in the EU (Frankfurt). DNS resolution and network protection are provided by Cloudflare, Inc., which may process the IP address as part of edge delivery. Cloudflare offers EU-aligned data processing terms and acts as an EU-US Data Privacy Framework certified processor. No data is sold or transferred to other parties.
Retention
Server logs: maximum 30 days. Session cookie: until browser close or two hours of inactivity, whichever comes first. Cloudflare edge logs: retained by Cloudflare under their own retention policy.
Your rights
Under articles 15 to 22 of the GDPR you have the right to access your personal data, to rectify inaccurate data, to erase data, to restrict processing, to object to processing on legitimate-interest grounds, and to data portability. You may also lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) or with the supervisory authority in your country of residence.
To exercise any of these rights write to [email protected]. Because the site processes minimal data, in most cases the only data linkable to you will be a transient IP address in server logs, identifiable only for the 30 days of the retention window.
Changes to this policy
This privacy notice may be updated to reflect technical or legal changes. The most recent revision date is shown at the top of this page. Material changes will be highlighted in the site footer for at least 30 days.