Privacy Policy

1. Who is responsible

Data controller: Dimitrios Gkorovelis

Role: Enterprise Product Designer (independent professional portfolio)

Location: Copenhagen, Denmark (European Union)

Contact: gorodmitris@gmail.com

This website is a personal portfolio, not a commercial online shop. It exists to present case studies, explain how I work, and let recruiters, hiring teams, and collaborators contact me about enterprise UX and product design work.

2. Why this site processes data

I process only the data needed to run the site and respond to professional enquiries. Typical purposes are:

• Displaying portfolio content (case studies, about, contact)
• Receiving and replying to messages sent through the contact form
• Keeping basic technical security and performance (hosting logs)
• Remembering a few optional interface preferences on your device

I do not use this site for advertising profiles, sell personal data, or run newsletter marketing without a separate, explicit sign-up.

3. Legal bases (GDPR Article 6)

• Legitimate interest — operating and securing a professional portfolio that showcases my work to potential clients and employers, and improving usability in a proportionate way.
• Consent — when you submit the contact form, you actively send your details so I can read and respond to your message.
• Pre-contractual steps — if you contact me about a project or role, processing your enquiry may be necessary before any contract exists.

4. What data may be collected

4.1 Contact form

If you use the form on Contact, you may provide name, email address, and message content. Submissions are delivered through Web3Forms, a third-party form processor. I receive the content by email so I can reply.

4.2 Technical data

Like most websites, the hosting provider may automatically process technical data such as IP address, browser type, device type, requested pages, and timestamps in server or security logs. This helps keep the site available and secure.

4.3 Local storage on your device

The site uses limited browser storage — not advertising cookies:

• Theme preference (localStorage) on case study pages — remembers light/dark mode until you clear site data.
• Session-only UI state (sessionStorage) on the homepage — e.g. whether you dismissed the scroll hint; cleared when you close the browser tab.

When enabled, this site may use GoatCounter (cookieless, aggregate statistics such as page views, referrers, and browser/country breakdown). It does not use advertising or remarketing pixels.

4.4 Web analytics (GoatCounter)

When enabled, a lightweight script from GoatCounter may load to measure aggregate traffic (e.g. pages visited, referrer, browser type, country) and a small set of anonymous interaction events (e.g. opening the contact menu, choosing a meeting type, or clicking LinkedIn/CV links — no form field contents). GoatCounter is designed as privacy-friendly analytics without tracking cookies for visitors. I use it to understand which portfolio pages and actions are useful — not to build advertising profiles. If your browser sends a Do Not Track signal, the site is configured to skip loading this script. See GoatCounter’s privacy policy.

4.5 Meeting bookings (Cal.com)

When you use Book me on this site, an embedded scheduling widget from Cal.com (cal.com/gorodimitris) may load. If you book a session, Cal.com typically processes data you enter in the booking flow, such as name, email address, meeting time, and any notes or custom questions configured for that event type.

If you arrive via a link that includes prefill parameters (for example ?name= and ?email=), those values may be passed into the Cal.com embed to reduce re-typing. I do not receive booking details until Cal.com notifies me according to my Cal.com account settings (e.g. email or calendar integration).

Cal.com may use cookies or similar technologies required for scheduling, fraud prevention, and session functionality. See Cal.com’s privacy policy for details.

4.6 Fonts

Typography is loaded from Google Fonts. When your browser requests fonts, Google may receive technical data such as your IP address. See Google’s privacy policy.

5. Who may receive data

Data may be shared only with service providers that help run the site or deliver messages, under appropriate safeguards:

• GitHub Pages — website hosting (GitHub / Microsoft)
• Web3Forms — contact form delivery
• Cal.com — meeting scheduling and embedded booking widget
• GoatCounter — privacy-friendly web analytics (when enabled)
• Google — font delivery

When you follow links to LinkedIn, Medium, Google Drive (CV/portfolio downloads), Cal.com (including opening a session in a new tab), or other external sites, their own privacy policies apply. I do not control those services.

Some providers may process data outside the EU/EEA. Where required, transfers rely on mechanisms recognised under GDPR (such as Standard Contractual Clauses or equivalent safeguards offered by the provider).

6. How long data is kept

• Contact enquiries: kept only as long as needed to handle your message and any follow-up professional correspondence, unless a longer period is required by law.
• Meeting bookings: retained according to my Cal.com and calendar provider settings (invites, confirmations, and related correspondence for the duration needed to run the session and any follow-up).
• Hosting logs: retained according to the host’s default security retention (typically a limited rolling period).
• Browser storage: remains on your device until you delete it or clear site data.

7. Your rights under EU law

If GDPR applies to you, you may have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase data (“right to be forgotten”) where applicable
• Restrict or object to certain processing
• Data portability, where processing is based on consent or contract and carried out by automated means
• Withdraw consent at any time (without affecting prior lawful processing)
• Lodge a complaint with a supervisory authority

Because I am based in Denmark, the competent authority is typically the Danish Data Protection Agency (Datatilsynet). If you are in another EU country, you may also contact your local authority.

To exercise your rights, email gorodmitris@gmail.com with enough detail for me to identify your request. I will respond within the timelines required by GDPR (generally one month).

8. Security

The site is served over HTTPS. I choose providers with a reasonable security posture and avoid collecting more personal data than the portfolio needs. No method of transmission over the internet is 100% secure; I cannot guarantee absolute security.

9. Children

This site is aimed at professional audiences (recruiters, product teams, collaborators). It is not directed at children under 16, and I do not knowingly collect their personal data.

10. Changes to this policy

I may update this page when the site, tools, or legal requirements change. The “Last updated” date at the top will reflect the current version. Material changes will be published here.

11. Website operator (imprint summary)

Website: gorodimitris.gr
Operator: Dimitrios Gkorovelis
Subject matter: Professional presentation of enterprise product design work, case studies, and contact for collaboration or employment discussions.
Email: gorodmitris@gmail.com