Privacy Policy
Last updated: 15 June 2026
This Privacy Policy explains how personal data is processed when you visit this website (the “Site”), the personal design portfolio of Elena Kirina. It is provided in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”). The Site is built to process as little personal data as possible.
1. Data controller
The controller responsible for the processing described here is Elena Kirina. You can contact the controller about any data protection matter at anirik.design@gmail.com. Given the limited scope of processing, no Data Protection Officer is required or appointed.
2. What data is processed, why, and on what legal basis
The Site is a static portfolio with no contact forms, accounts, or newsletter. The following personal data may nonetheless be processed:
- Server access data. When you load a page, the hosting provider automatically processes technical data such as your IP address, browser and device type, referring URL, and the date and time of the request. Purpose: delivering the Site, ensuring its security and stability, and diagnosing errors. Legal basis: the controller's legitimate interests in operating and securing the Site (Art. 6(1)(f) GDPR).
- Data you send to me. If you contact me via the email, LinkedIn, or Telegram links, I receive the information you choose to include (such as your name and email address). Purpose: handling and responding to your enquiry. Legal basis: the controller's legitimate interest in answering enquiries and, where your message concerns a possible engagement, steps taken at your request prior to a contract (Art. 6(1)(f) and Art. 6(1)(b) GDPR).
Providing this data is not a statutory requirement; access data is technically necessary to display the Site, and contact data is needed only if you choose to reach out.
3. Cookies and similar technologies
The Site does not set advertising, analytics, or profiling cookies and stores no non-essential information on your device. Because no non-essential cookies are used, no cookie consent banner is required.
4. Recipients and processors
The Site relies on the following third parties:
- Vercel Inc. — hosting and content delivery, acting as a processor under a data processing agreement. It processes the server access data described above on the controller's behalf. See Vercel's privacy policy.
- External links. Links to LinkedIn, Telegram, and email open services run by other providers, each governed by its own privacy policy.
All fonts are served directly from the Site's own infrastructure; no external font network (such as Google Fonts) is used, so no data is transmitted to a font provider.
5. International transfers
The hosting provider (Vercel) is established in, or may process data in, countries outside the European Economic Area, including the United States. Where personal data is transferred to such countries, it is safeguarded by appropriate measures within the meaning of Chapter V of the GDPR, in particular the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
6. Retention
Server access logs are retained only for a short period by the hosting provider for security and operational purposes and are then deleted or anonymised. Messages you send are kept for as long as necessary to handle our correspondence and to comply with any applicable legal retention obligations, after which they are deleted.
7. Your rights
Under the GDPR you have the right to:
- access your personal data (Art. 15);
- have inaccurate data rectified (Art. 16);
- have your data erased (Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing based on legitimate interests, on grounds relating to your particular situation (Art. 21).
To exercise any of these rights, contact anirik.design@gmail.com. There is no automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
8. Right to lodge a complaint
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work, or the place of the alleged infringement (Art. 77 GDPR). A list of national authorities is available from the European Data Protection Board.
9. Children
The Site is not directed at children and does not knowingly process personal data of children.
10. Changes to this policy
This policy may be updated from time to time. Any changes will be published on this page with a revised “Last updated” date.