Privacy Policy
Last updated: 6 July 2026
Your privacy matters to me. This policy explains what personal data this website processes, why, and the rights you have. I process personal data only in line with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Scope
This policy applies to the website vilascreo.com and its subdomains. It covers the contact form and the technical operation of the site. The site does not target children and is not intended for them.
2. Controller
The controller responsible for data processing on this site is Santiago Vilas Creo, Zürich, Switzerland. For any data-protection matter you can reach me directly at [email protected].
3. Legal bases
I process your data on the basis of: your request and pre-contractual steps you ask for (Art. 6(1)(b) GDPR); my legitimate interest in a secure, functioning website and in answering inquiries (Art. 6(1)(f) GDPR); and, where relevant, your consent (Art. 6(1)(a) GDPR). The corresponding provisions of the Swiss revFADP apply in parallel.
4. Categories of data
Contact data - the name, email address and message you submit through the contact form.
Technical and usage data - collected automatically in server logs when you visit (e.g. IP address, browser type, date and time, page requested).
Local storage - a small flag stored in your browser to remember your language choice. It is not a tracking cookie and is never sent to a server.
5. Purposes of processing
I process this data to: operate, deliver and secure the website; receive and reply to your inquiries; prevent spam and abuse of the contact form; and comply with legal obligations. I do not use your data for advertising, profiling or automated decision-making, and I never sell it.
6. Server log files
When you access the site, my hosting provider automatically processes technical data in server logs to deliver the pages and keep the service secure and stable. These logs are kept for a short period and are not combined with other data to identify you.
7. Third-party services
Cloudflare - hosting, CDN and security for the site (Cloudflare Pages).
Cloudflare Turnstile - a privacy-friendly anti-spam check on the contact form (only when enabled).
Resend - delivers your contact-form message to my inbox by email.
These providers act as processors on my behalf under data-processing agreements; they may not use your data for their own purposes.
8. International data transfers
Some of these providers may process data outside Switzerland or the EU (e.g. in the USA). Where that happens, the transfer is safeguarded by appropriate measures such as the EU Standard Contractual Clauses and technical protections like encryption in transit.
9. Retention periods
I keep contact messages only as long as needed to handle your inquiry and any follow-up, then delete them. Server logs are retained short-term by the hosting provider for security and troubleshooting. The language flag stays in your browser until you clear it.
10. Data security
The site is served exclusively over encrypted HTTPS (TLS). I rely on hardened, reputable infrastructure, least-privilege access and standard safeguards to protect your data. Please note that no transmission over the internet can be guaranteed 100% secure.
11. Your rights
You have the right to access, rectify, delete or port your data, to restrict or object to processing and to withdraw consent at any time. To exercise any of these rights, just write to me at [email protected]. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.
12. Updates and contact
I may update this policy as the site evolves. The current version always lives at this address with the date shown above. Questions about data protection? Write to me at [email protected].