1. Who is responsible
This website (https://www.excelharbor.com/) is operated by Excel Harbor. We respect your privacy and handle your personal data carefully, in line with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and applicable data protection law.
Data controller: Excel Harbor
Email: [email protected]
(Full details about the operator are on the Legal Notice page.)
2. What data do we collect?
We collect as little personal data as possible. Specifically:
- Technical data — IP address (anonymised), browser type, operating system, referring website and language setting. This data is needed to keep the site secure and stable.
- Usage statistics — pages visited, clicks and templates downloaded. We only collect this with your consent, given through the cookie banner.
- Contact details — if you write to us: your email address and the content of your message.
We do not require registration, newsletter sign-up or payment details to download templates.
3. Why we use the data (legal basis)
- Protecting the site against abuse (technical data — Art. 6(1)(f) GDPR, legitimate interest).
- Understanding which templates are used most, so we can improve the collection (analytics cookies — Art. 6(1)(a) GDPR, consent).
- Responding to your contact request (Art. 6(1)(f) GDPR).
- Showing ads through advertising networks (only with your explicit consent).
4. Who do we share data with?
We do not sell your data. We only share it with:
- Hosting provider — to run the website (under a data processing agreement in line with Art. 28 GDPR).
- Google Analytics — with an anonymised IP address, only after consent through the cookie banner.
- Advertising network (Google AdSense) — only if you accept personalised advertising.
5. How long do we keep data?
- Access logs: up to 6 months.
- Statistics (anonymised): up to 26 months.
- Emails: up to 24 months after the last reply.
6. Your rights under the GDPR
- Right of access — to know what data we hold about you (Art. 15 GDPR).
- Right to rectification — to have inaccurate data corrected (Art. 16 GDPR).
- Right to erasure — to have your data deleted (Art. 17 GDPR).
- Right to restriction — to restrict processing (Art. 18 GDPR).
- Right to data portability — to receive your data in a common format (Art. 20 GDPR).
- Right to object — to object to processing based on legitimate interest (Art. 21 GDPR).
- Withdraw consent — for cookies and advertising, via the cookie settings on this site.
Email [email protected] to exercise any of these rights. We respond within 30 days (Art. 12(3) GDPR).
7. Right to lodge a complaint
If you are unhappy with how we handle your data, you can lodge a complaint with your local data protection authority at any time.
8. Data breaches
Should a personal data breach occur despite our security measures, we will report it to the competent supervisory authority within 72 hours (Art. 33 GDPR) and, where required, to the individuals affected (Art. 34 GDPR).
9. Changes
We may update this policy if our practices or the law change. The current version is always available on this page.