Legal
Privacy Policy
We respect your privacy and are committed to protecting your personal data in accordance with the GDPR and applicable EU law.
Last updated: 22 May 2026
eldr.io (“we”, “us”, “our”) operates the website at eldr.io. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and related EU legislation. We only collect what we need, we never sell your data, and we keep everything as minimal as possible.
1. Who we are
Data Controller: eldr.io
Contact:
[email protected]
If you have any questions about this policy or wish to exercise your rights, please contact us at the address above.
2. Data we collect
We collect the minimum amount of data necessary to operate this website and respond to enquiries:
- Contact form submissions — your name, email address, and the message you send us.
- Server logs — standard web server logs including IP address, browser type, and pages visited. These are retained for a maximum of 30 days for security and operational purposes.
- Cookies — minimal, functional cookies only. See our Cookie Policy for details.
3. Legal basis for processing
We process personal data on the following lawful grounds under GDPR Article 6:
- Legitimate interests (Art. 6(1)(f)) — for server logs and website security.
- Consent (Art. 6(1)(a)) — for any non-essential cookies or communications you opt into.
- Contract / pre-contractual steps (Art. 6(1)(b)) — when you contact us with a business enquiry.
4. How we use your data
- To respond to your enquiries and communicate with you.
- To maintain the security and performance of our website.
- To comply with our legal obligations.
- We do not use your data for advertising, profiling, or automated decision-making.
5. Data sharing
We do not sell, rent, or trade your personal data. We may share data with:
- Infrastructure providers — our hosting and infrastructure providers, who process data on our behalf under appropriate data processing agreements.
- Legal obligation — where required by law or to protect the rights and safety of others.
Any third-party processors are contractually required to handle data in line with GDPR.
6. Data retention
We retain contact form data for as long as necessary to respond to your enquiry and for a reasonable period thereafter in case of follow-up. Server logs are retained for up to 30 days. We will securely delete your data upon your request or when it is no longer needed.
7. Your rights under GDPR
If you are located in the EU/EEA, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — request deletion of your data (“right to be forgotten”).
- Restriction — ask us to restrict how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us. You also have the right to lodge a complaint with your local supervisory authority.
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. Our systems are built with security as a first-class concern. All data in transit is encrypted via TLS.
9. Changes to this policy
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
Questions about your privacy?
We are happy to help. Reach out and we will respond promptly.
Contact us