Legal
Privacy notice
This notice explains how this portfolio website processes personal data in line with the EU General Data Protection Regulation (GDPR) and transparency expectations. It is for information only and is not legal advice; consider independent review for your circumstances.
Last updated:
Data controller
- Name: Patrick C. Ogbonna
- Email: contact@patrickogbonna.com
- Address: Ireland (full postal address available on request for data protection correspondence)
What we process and why
The table below describes the main processing activities on this site, the categories of personal data involved, and the GDPR lawful basis relied on.
| Purpose | Data categories | Legal basis |
|---|---|---|
| Operating the site (security, rate limiting, abuse prevention) | Technical data (e.g. IP address, User-Agent), timestamps | GDPR Art. 6(1)(f) — legitimate interests in securing and operating the service |
| Optional analytics (Vercel Web Analytics, Speed Insights, duplicate event log in Redis when configured) | Pseudonymous usage metrics, coarse event properties (no message bodies) | GDPR Art. 6(1)(a) — consent via the cookie banner; you can withdraw by choosing "Essential only" or clearing preferences |
| Responding to contact form enquiries | Identity & contact details you submit (name, email, company, opportunity type, message); delivery metadata | GDPR Art. 6(1)(a) — consent given by ticking the privacy confirmation before submit |
| Theme preference (light / dark / system) | Stored choice in browser storage | GDPR Art. 6(1)(f) — limited operational preference; essential to usability |
Recipients and subprocessors
Depending on configuration, personal data may be processed by the following categories of recipients. Each link opens the provider's privacy information.
- Vercel Inc. — Hosting, edge network, optional Web Analytics & Speed Insights. Privacy policy
- Upstash — Redis (rate limiting, contact & analytics ledgers when configured). Privacy policy
- Resend — Transactional email delivery (contact form, when configured). Privacy policy
Transfers outside the EEA
Some subprocessors are established outside the European Economic Area. Where data is transferred internationally, the provider typically relies on EU Commission adequacy decisions or standard contractual clauses / supplementary measures. See each processor's documentation for detail.
Retention
- Rows are trimmed to CONTACT_LOG_MAX newest entries (default 2,500). Plan manual or scripted deletion in Upstash if you need fixed retention (e.g. 24 months).
- Event rows are trimmed to ANALYTICS_LOG_MAX newest entries (default 5,000).
- Messages in the controller’s mailbox are kept according to that mailbox’s retention rules.
- Cookie / local consent records follow the durations described under Cookies & similar technologies.
Your rights
Where GDPR applies, you may have the right to access, rectify, erase, restrict processing, data portability, and object, as well as to withdraw consent at any time where processing is based on consent (without affecting lawfulness before withdrawal). You may lodge a complaint with a supervisory authority (in Ireland, the Data Protection Commission).
To exercise rights or ask questions, contact the controller at contact@patrickogbonna.com. Identity verification may be required before disclosing or changing records.
Automated decision-making
No solely automated decisions or profiling within the meaning of GDPR Art. 22 are carried out on this site.
Changes
This notice may be updated when the site or integrations change. Material changes will be reflected here with an updated date.