Privacy notice

1. Controller

The controller responsible for this website is Géza Kuti, Bülach (ZH), Switzerland. For privacy questions or requests, use the contact page or the contact route shown on the legal notice. Direct phone and private messaging details are not published.

2. Scope

This notice applies to the public website at kutigeza.com, the meeting request and direct message forms, the CV download form, the newsletter interest form, and related site administration. It is written primarily for Swiss data protection law, in particular the Swiss Federal Act on Data Protection, and covers controller identity, processing purposes, recipient categories, foreign processing locations, retention, and rights. If the EU or UK GDPR applies to a specific interaction, the relevant additional rights and safeguards are respected as far as applicable.

3. Personal data collected

The site is designed to collect as little personal data as practical. Depending on how you use it, the following data may be processed:

• Website access data: IP address, browser and device information, requested URLs, timestamps, referrer information, and security or error logs processed by hosting infrastructure.
• Meeting/contact requests: name, email address, phone number, optional company and role, preferred meeting format, preferred date and timeslot, conversation focus, message, consent status, and anti-spam metadata.
• Direct messages: name, email address, subject, message, validation status, approval timestamp, source, and anti-spam metadata.
• CV download requests: name, email address, source, timestamp, and anti-spam metadata before the downloadable PDF with direct contact details is generated.
• Newsletter interest: email address, optional name, selected topic preferences, consent timestamp, source, and subscription status.
• Admin use: authentication/session data for the private CMS/admin area, where enabled.
• Theme preference: the public site stores the selected light/dark/system theme in browser local storage. This is kept on your device and is not used for profiling.

4. Purposes of processing

Personal data is processed for the following purposes:

• operating, securing, debugging, and improving the website;
• responding to contact requests and arranging coffee, tea, or online conversations;
• validating direct-message senders before a written message is delivered;
• providing a downloadable CV after a name and email are submitted;
• managing professional follow-up and conversation context;
• recording consent and preventing spam or abuse;
• preparing newsletter delivery through Kit if you choose to subscribe;
• complying with legal obligations or protecting legitimate legal interests.

5. Recipients and service providers

Personal data is not sold. Data may be processed by carefully selected service providers that are necessary for operating the site and communication flow:

• Vercel: hosting, CDN, deployment, and operational logs.
• Supabase: database, authentication, and storage for meeting requests, direct messages, CV download records, newsletter interest, and admin functions when backend services are enabled.
• Resend: transactional email for direct-message validation links and approved message notifications when outbound email is enabled.
• Kit: newsletter delivery, subscriber consent management, unsubscribe handling, and basic audience segmentation when you explicitly subscribe.
• Microsoft, Google, Zoom, or similar meeting tools: only when a meeting is arranged through those services.
• LinkedIn or other external sites: only if you choose to open external profile or social links.

Access to contact, direct-message, and newsletter data is limited to the website operator and any explicitly authorized administrator needed to operate the site.

6. International transfers

Some providers may process data outside Switzerland, including in the EU/EEA, the United Kingdom, or the United States. Where required, transfers are based on an adequacy decision, standard contractual clauses, provider data processing terms, or another recognized safeguard under applicable data protection law.

7. Retention

Data is kept only for as long as needed for the purposes above, unless a longer period is required for legal, security, or evidence reasons. As a practical baseline:

• contact messages are normally reviewed and deleted when follow-up is no longer needed, usually within 24 months after the last relevant interaction;
• CV download records are normally reviewed and deleted when professional follow-up is no longer needed, usually within 24 months after the last relevant interaction;
• newsletter interest records are kept until withdrawal, unsubscribe, failed validation, or removal during list cleanup;
• unapproved direct messages are normally deleted or archived during cleanup; approved direct messages are kept while they are useful for follow-up and consent/evidence records;
• security and server logs are kept according to provider defaults and operational needs;
• admin authentication/session data is retained according to the relevant authentication provider settings.

8. Your rights

Subject to applicable law, you may request information about personal data processed about you, ask for inaccurate data to be corrected, request deletion, object to or restrict certain processing, ask for data portability where applicable, or withdraw consent for future processing. To exercise these rights, use the contact page or the contact route shown on the legal notice, and identify it as a privacy request.

You may also contact the Swiss Federal Data Protection and Information Commissioner at edoeb.admin.ch.

9. Cookies, local storage, and analytics

The public website does not use advertising cookies or behavioral advertising profiles. It may use Vercel Web Analytics to understand aggregated page usage and improve the site. The theme switcher uses browser local storage to remember your light, dark, or system preference. Admin authentication may use session cookies for authorized administrators. External providers such as Kit, LinkedIn, Google, Microsoft, or Zoom may use their own cookies and tracking once you leave this site, receive newsletter emails, or use their services.

10. Security

The site uses technical and organizational measures intended to protect personal data, including HTTPS, server-side validation, anti-spam fields, server-only backend credentials, restricted admin access, and database row-level security where Supabase is used. No internet service can be made completely risk-free, so do not submit passwords, financial information, medical information, legal secrets, or other highly sensitive material through public website forms.

11. Automated decisions and profiling

The site does not use personal data from public visitors for automated decision-making with legal or similarly significant effects. Basic anti-spam checks and operational security filtering may be used.

12. Changes to this notice

This notice may be updated when the website, backend, newsletter setup, or applicable legal requirements change. The date at the top shows the latest version.