Legal

Privacy notice

This notice explains how this portfolio website processes personal data in line with the EU General Data Protection Regulation (GDPR) and transparency expectations. It is for information only and is not legal advice; consider independent review for your circumstances.

Last updated:

Data controller

  • Name: Patrick C. Ogbonna
  • Email: contact@patrickogbonna.com
  • Address: Ireland (full postal address available on request for data protection correspondence)

What we process and why

The table below describes the main processing activities on this site, the categories of personal data involved, and the GDPR lawful basis relied on.

PurposeData categoriesLegal basis
Operating the site (security, rate limiting, abuse prevention)Technical data (e.g. IP address, User-Agent), timestampsGDPR Art. 6(1)(f) — legitimate interests in securing and operating the service
Optional analytics (Vercel Web Analytics, Speed Insights, duplicate event log in Redis when configured)Pseudonymous usage metrics, coarse event properties (no message bodies)GDPR Art. 6(1)(a) — consent via the cookie banner; you can withdraw by choosing "Essential only" or clearing preferences
Responding to contact form enquiriesIdentity & contact details you submit (name, email, company, opportunity type, message); delivery metadataGDPR Art. 6(1)(a) — consent given by ticking the privacy confirmation before submit
Optional Job tools admin workspace (CVs, matching, optimisation, cover letters)When deployed: CV and derived profile data, job postings, match scores, drafts, technical and security-audit metadata (no raw bodies in audit logs by design)Depends on deployment — typically legitimate interest and/or contractual pre-employment processing; confirm with counsel before production use with real candidates
Theme preference (light / dark / system)Stored choice in browser storageGDPR Art. 6(1)(f) — limited operational preference; essential to usability

Recipients and subprocessors

Depending on configuration, personal data may be processed by the following categories of recipients. Each link opens the provider's privacy information.

  • Vercel Inc.Hosting, edge network, optional Web Analytics & Speed Insights. Privacy policy
  • UpstashRedis (rate limiting, contact & analytics ledgers when configured). Privacy policy
  • ResendTransactional email delivery (contact form, when configured). Privacy policy
  • OpenAI, LLCOptional embeddings and language models when the Job tools backend is deployed with AI features enabled (CV/cover-letter pipelines). Privacy policy
  • Your cloud Postgres / object storage providerPersistence for Job tools (e.g. candidate profiles, job catalog) when that stack is deployed — supplier depends on your hosting choice. Privacy policy

Transfers outside the EEA

Some subprocessors are established outside the European Economic Area. Where data is transferred internationally, the provider typically relies on EU Commission adequacy decisions or standard contractual clauses / supplementary measures. See each processor's documentation for detail.

Retention

  • Rows are trimmed to CONTACT_LOG_MAX newest entries (default 2,500). Plan manual or scripted deletion in Upstash if you need fixed retention (e.g. 24 months).
  • Event rows are trimmed to ANALYTICS_LOG_MAX newest entries (default 5,000).
  • When Redis is configured, admin proxy actions under /admin/job-tools are logged to a capped list (JOB_TOOLS_AUDIT_LOG_MAX, default 3,000) with redacted paths and a salted hash of the admin email — never request/response bodies.
  • Messages in the controller’s mailbox are kept according to that mailbox’s retention rules.
  • Cookie / local consent records follow the durations described under Cookies & similar technologies.

Your rights

Where GDPR applies, you may have the right to access, rectify, erase, restrict processing, data portability, and object, as well as to withdraw consent at any time where processing is based on consent (without affecting lawfulness before withdrawal). You may lodge a complaint with a supervisory authority (in Ireland, the Data Protection Commission).

To exercise rights or ask questions, contact the controller at contact@patrickogbonna.com. Identity verification may be required before disclosing or changing records.

Cookies & similar technologies

The site uses browser storage and, only after you opt in to analytics, cookies and third-party scripts for measurement. Use "Cookie preferences" in the footer to change your analytics choice.

Name / keyTypePurposeDuration
theme / next-themesLocal storageRemembers light / dark / system display preference (essential UX).Persistent until cleared
patrick-portfolio:gdpr-consent:v1Local storageRecords your analytics decision for the banner UI (essential for consent state).Persistent until cleared
pp_analyticsHttpOnly cookie (first-party)Present only when you accept analytics; authorises server-side analytics ingest.~13 months
Vercel Analytics / Speed InsightsThird-party scriptsLoaded only after analytics opt-in. See Vercel Analytics privacy.Session / per vendor policy

Automated decision-making

This public portfolio site does not make solely automated decisions about visitors within the meaning of GDPR Art. 22. If you deploy the optional Job tools backend for candidate matching or ranking, those features may involve scoring or suggestions that could become significant in a hiring context — design human review, document the legal basis, and assess whether Art. 22 obligations apply before use in real recruitment decisions.

Changes

This notice may be updated when the site or integrations change. Material changes will be reflected here with an updated date.

← Back to portfolio