Back to home
Legal

Privacy Policy

Last updated: 31 May 2026

1. Who is responsible

This website (rgstudios.se) is operated by Redda Guelai, based in Stockholm, Sweden. I am the data controller for any personal data processed through this site under the EU General Data Protection Regulation (Regulation 2016/679, "GDPR").

For any privacy-related question or to exercise your rights, contact me at privacy@rgstudios.se.

2. What personal data is collected

The only personal data actively collected is what you submit through the CV download form:

  • Your full name
  • Your email address
  • Your explicit consent (a flag plus the time consent was given)
  • Technical records strictly required to deliver the verification code and the download link (a hashed one-time code, a single-use download token, and timestamps for expiry and usage)

I do not log your IP address, user agent, device fingerprint, or any tracking identifier in connection with the CV form. This site does not use advertising cookies or third-party analytics that profile visitors.

3. Why it is processed and legal basis

  • Delivering the CV you requested — to send the verification code, the secure download link, and to confirm delivery.
    Legal basis: performance of a request you initiated and your consent (Art. 6(1)(a) GDPR).
  • Security and abuse prevention — short-lived verification codes and one-time tokens to prevent the CV from being requested or downloaded by someone other than you.
    Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in keeping the service secure.
  • Replying if you contact me — if you email me, I process your message to respond.
    Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

4. Who has access

Your data is stored on managed infrastructure provided by Supabase (database) and Cloudflare (hosting), which act as data processors under written terms. Verification and CV-delivery emails are sent through Lovable Cloud's email infrastructure from the verified domain notify.rgstudios.se.

I do not sell, rent, or share your personal data with any third party for marketing purposes.

5. International transfers

The processors above may host or process data outside the EU/EEA. Where that occurs, transfers are protected by the European Commission's Standard Contractual Clauses or an equivalent adequacy mechanism under Chapter V of the GDPR.

6. How long it is kept

  • Verification codes: deleted automatically when they expire (15 minutes).
  • Download tokens: expire 7 days after issuance and cannot be reused.
  • CV request records (name, email, consent, timestamps): retained for up to 12 months so I can follow up on the request, then deleted. You can ask for deletion sooner at any time.
  • Email correspondence: kept as long as needed to handle the conversation.

7. Your rights under the GDPR

You have the right to:

  • Access the personal data I hold about you (Art. 15).
  • Have inaccurate data corrected (Art. 16).
  • Have your data erased (Art. 17).
  • Restrict or object to processing (Art. 18 and 21).
  • Receive your data in a portable format (Art. 20).
  • Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3)).

To exercise any of these rights, email me at privacy@rgstudios.se. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another EU supervisory authority.

8. Cookies

This site does not set marketing or analytics cookies. Only strictly necessary technical storage required to operate the page (such as remembering an open dialog within a session) is used. No consent banner is shown because no non-essential cookies are placed.

9. Changes to this policy

If this policy is updated, the new version will be published on this page with a revised "last updated" date.