Privacy notice

What washes up here, and what doesn't.

Plain-English notice for rugvin.be. Last updated 12 May 2026.

Who's at the helm

Wouter Durnez, based in Ghent, Belgium. Reachable at wouter@rugvin.be. This site is a personal portfolio — no company, no captain's quarters, just me at the keyboard.

What gets caught in the net

Three things, and only three:

  • Nothing automatic. rugvin.be is a static site. No analytics, no tracking cookies, no third-party scripts profiling you, no contact form storing what you typed. The page loads, you read, you leave — that's it.
  • Hosting-level logs. Cloudflare Workers serves the site and, like any host on the open internet, writes short-lived access logs — IP address, user-agent, timestamps, requested path — for security and abuse prevention. Cloudflare may also set a strictly-necessary security cookie (__cf_bm) that tells bots from humans; it's exempt from consent under the ePrivacy directive and isn't used to track you.
  • Email you send me. If you reach out at wouter@rugvin.be, that message lands in my Proton mailbox. I read it, reply, and keep it for as long as we're talking — and a little after, in case you come back.

Why I'm allowed to

Under GDPR Art. 6:

  • Email correspondence — legitimate interest in answering people who write to me, or pre-contract steps if you're inquiring about work (Art. 6(1)(f) / 6(1)(b)).
  • Hosting access logs — legitimate interest in keeping the site online and secure (Art. 6(1)(f)).

Who else sees the catch

Two parties: Cloudflare (hosting and CDN) and Proton (email). Both have their own privacy policies. Nothing is sold, nothing is handed to advertisers, and nothing you send me ends up in an AI training set on my watch.

How long I keep it

Email sticks around as long as it's useful to our exchange, and at most two years after our last contact — unless there's a reason to hold it longer (an open engagement, an invoice, that sort of thing). Hosting access logs follow Cloudflare's retention policy, typically days to weeks.

When it crosses waters

Cloudflare and Proton are global operations; data may be processed outside the EEA. When it travels, they rely on Standard Contractual Clauses or equivalent safeguards.

What you can ask for

You have rights under GDPR. You can ask me to:

  • Show you what data I hold on you.
  • Correct it if it's wrong.
  • Delete it.
  • Restrict how I use it.
  • Object to my use of it.
  • Hand it over in a portable format.

Email wouter@rugvin.be and I'll sort it out. You also have the right to complain to the Belgian Data Protection Authority — gegevensbeschermingsautoriteit.be.

Children

This site isn't directed at children under 16. I don't knowingly collect data from them. They'll get a kick out of the anglerfish though.

When the notice drifts

If anything here changes meaningfully, I'll bump the date at the top.