Privacy Policy
Legal information for visitors of the ERDesigns website.
Privacy Policy
Last Updated: 2025-02-27
1. Introduction
ERDesigns (Ernst Reidinga), based in Belgium, operates the website https://erdesigns.be (the “Website”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679).
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have regarding your data.
2. Data Controller
ERDesigns (Ernst Reidinga)
Belgium
Email: privacy@erdesigns.be
For all data protection inquiries, please contact Ernst Reidinga at privacy@erdesigns.be.
3. What Data We Collect
3.1 Data Collected Automatically
- Server logs: IP address, browser type, operating system, access timestamps, and requested URLs. Collected for security and operational purposes. Retained for 30 days.
- Session cookie (ERDSESS): A session identifier used for admin panel login state and CSRF protection. Contains no personal data. See our Cookie Policy.
- Consent state (erd-cookie-consent): Stores your cookie consent decision in your browser's localStorage so the banner is not shown on every page. Contains no personal data.
- Page view statistics: Page URL path and date only — aggregated server-side. No IP addresses, browser fingerprints, or cookies are used for analytics.
3.2 Data You Provide
- Admin accounts: Email address and hashed password for admin panel access.
- Demo API / Playground: Source code you submit for compilation is processed in memory only and is not stored.
3.3 Data We Do NOT Collect
- We do not use third-party analytics services (no Google Analytics, no Facebook Pixel).
- We do not serve third-party advertisements.
- We do not use tracking or marketing cookies.
- We do not build user profiles or track you across other websites.
- We do not sell, rent, or trade personal data.
4. Legal Basis for Processing
We process personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Website hosting and delivery | Legitimate interest (Art. 6(1)(f)) |
| Admin authentication | Legitimate interest (Art. 6(1)(f)) |
| Cookie consent management | Legal obligation (Art. 6(1)(c)) |
| Page view analytics (server-side) | Legitimate interest (Art. 6(1)(f)) |
| Software downloads | Contract performance (Art. 6(1)(b)) |
| Playground / Demo API | Consent (Art. 6(1)(a)) |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Server logs | 30 days |
| Cookie consent records | 24 months |
| Page view statistics (aggregated) | Indefinite |
| Admin account data | Duration of account |
| Audit logs | Indefinite (compliance) |
| Playground submissions | Not stored (in-memory only) |
6. Data Sharing and Transfers
- We do not sell personal data.
- We share data only with EU-based service providers who act as data processors under appropriate agreements:
- Hosting provider — for website delivery
- No international transfers — all data remains within the European Union.
7. Your Rights Under GDPR
You have the following rights:
- Right of access (Art. 15) — request a copy of your personal data.
- Right to rectification (Art. 16) — correct inaccurate data.
- Right to erasure (Art. 17) — request deletion of your data (“right to be forgotten”).
- Right to restrict processing (Art. 18) — limit how we use your data.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact us at: privacy@erdesigns.be
We will respond within 30 days as required by GDPR.
8. Security Measures
We implement appropriate technical and organisational measures to protect your data:
- HTTPS encryption on all pages
- CSRF protection on all forms (session-based tokens)
- Password hashing using bcrypt
- Session hardening (HttpOnly, Secure, SameSite=Strict cookies)
- Input validation and prepared database statements
- Hashed personal identifiers in consent records (SHA-256 HMAC)
- Append-only audit logging for GDPR compliance
9. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit — GBA):
Website: https://www.gegevensbeschermingsautoriteit.be
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date. For material changes, we may notify you via a website banner.
Version 2 — Last updated: 2026-02-27 18:01:35