Privacy Policy

1. General Information

The Corp.AD (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy clarifies the nature, scope, and purpose of the processing of personal data within our website (https://www.corpad.org).

We do not offer user registration, comments, or contact forms. Our website is purely informational. Consequently, the data we collect is strictly limited to technical data required for the secure and stable operation of the website.

2. Name and Contact Details of the Controller

The party responsible for data processing on this website (the “Controller”) within the meaning of the General Data Protection Regulation (GDPR) is:

The CorpAD

3. Collection and Processing of Personal Data

We do not collect direct user input (such as names, emails, or form submissions). We only process technical access data (“Log Data”) automatically transmitted by your browser.

A. Server Log Files & Traffic Data

When you visit our website, the following information is automatically collected and stored in server log files:

  • IP address (processed for security purposes)
  • Date and time of access
  • Request line (the specific page or file requested)
  • Status code (e.g., 200 OK, 404 Not Found)
  • Referrer URL (the website from which access is made)
  • Browser type, version, and operating system

Purpose of Processing:

  • Ensuring a smooth connection to the website.
  • Ensuring system security and stability (e.g., defending against DDoS attacks).
  • Analyzing technical errors.

Legal Basis: The processing is based on Art. 6(1)(f) GDPR (Legitimate Interest). Our legitimate interest lies in the secure, error-free, and efficient provision of our website. We do not use this data to draw conclusions about your identity or for marketing purposes.

Data Retention: Log data is retained only for as long as necessary to fulfill the purposes mentioned above (e.g., typically up to 90 days for security auditing) and then deleted, unless a security incident requires longer retention for evidence.

4. Cookies and Web Technologies

We do not use tracking, advertising, or analytics cookies (such as Google Analytics).

Essential Cookies (Cloudflare): Our security provider, Cloudflare, may place a technically necessary cookie (e.g., __cf_bm or similar) on your device. This cookie is used strictly to distinguish between humans and bots and to process incoming traffic securely. It does not store any personally identifiable information (PII).

  • Legal Basis: Art. 6(1)(f) GDPR (Legitimate Interest in website security).

5. Third-Party Processors and International Transfers

We use external service providers to host our website and ensure its security. These providers act as processors on our behalf.

A. Hosting (Microsoft Azure)

Our website is hosted on servers provided by Microsoft Azure.

  • Location: The servers are located in the United States (East Region).
  • Data Transfer: As the servers are located in the USA, technical log data (including your IP address) is transferred to a third country outside the European Economic Area (EEA).
  • Safeguards: Microsoft provides data protection guarantees through Standard Contractual Clauses (SCCs) and compliance with the EU-U.S. Data Privacy Framework (where applicable), ensuring a level of protection comparable to EU standards.

B. Content Delivery Network & Security (Cloudflare)

We use Cloudflare, Inc. to secure our website and optimize loading times. Cloudflare filters traffic to prevent malicious attacks (e.g., DDoS).

  • Data Processed: IP addresses, traffic patterns, and system configuration information.
  • Location: Cloudflare operates a global network; however, data may be processed in the United States.
  • Safeguards: Cloudflare relies on the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses to ensure compliance with GDPR requirements for international data transfers.

6. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You can request information about your data processed by us.
  • Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
  • Right to Erasure (Art. 17 GDPR): You can request the deletion of your data, provided there are no legal retention obligations.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that we restrict the processing of your data.
  • Right to Object (Art. 21 GDPR): You have the right to object to processing based on legitimate interest (Art. 6(1)(f)) on grounds relating to your particular situation.
  • Right to Data Portability (Art. 20 GDPR): You can request to receive your data in a structured, machine-readable format.
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to complain to a supervisory authority if you believe our processing violates the GDPR.

To exercise these rights, please contact us.

7. Data Security

We use SSL/TLS encryption (HTTPS) to protect the transmission of data between your browser and our server. We also implement technical and organizational measures to protect your data against manipulation, loss, or unauthorized access.