Legal
Privacy notice
How we handle personal data on this website, the lawful bases we rely on, and the rights you have under the GDPR.
Last updated: 29 June 2026
Who we are
This website, dayone-web.com, is operated by Nikolaos Chatzimanolis trading as Day One Web Studio, based in Paphos, Cyprus. For the purposes of the EU General Data Protection Regulation (GDPR) and Cyprus data-protection law, we are the data controller for the personal data described in this notice.
If you have any questions about this notice or how we handle your data, contact us at contact@dayone-web.com.
What we collect, and why
We only collect personal data you give us, or that is needed to run the site securely.
- Enquiries you send us. When you use the contact or feedback form, or email or message us, we receive your name, email address, and the contents of your message. We use this to respond to you and, where relevant, to take steps toward a possible working relationship.
Lawful basis: taking steps at your request prior to entering a contract, and our legitimate interest in responding to enquiries (Art. 6(1)(b) and 6(1)(f) GDPR). - Booking a call. If you book a call through a scheduling link, the calendar provider collects the details you enter (such as name, email, and chosen time) to arrange the call.
Lawful basis: steps prior to a contract and our legitimate interest (Art. 6(1)(b) and 6(1)(f) GDPR). - Analytics — only with your consent. If you accept analytics cookies on our banner, Google Analytics collects usage data such as the pages you view, approximate location (your IP address is anonymised), and device and browser information. Nothing is loaded until you accept, and you can decline without any loss of functionality.
Lawful basis: your consent (Art. 6(1)(a) GDPR and the ePrivacy rules on cookies). - Technical logs. Our hosting provider automatically records standard server-log data (such as IP address, request time, and pages requested) to keep the site available and secure.
Lawful basis: our legitimate interest in operating and securing the site (Art. 6(1)(f) GDPR). - Your consent choice. We store your cookie choice in your browser’s local storage so we don’t ask again on every visit. This is strictly necessary and does not require consent.
Cookies and similar technologies
We do not set any non-essential cookies before you give consent. The only thing stored without consent is your cookie preference itself (in local storage), which is strictly necessary to remember your choice.
If you accept analytics, Google Analytics sets cookies (for example _ga and _ga_*) to distinguish visitors and measure usage. We have enabled IP anonymisation. You can withdraw consent at any time by clearing this site’s cookies and local storage in your browser, or by adjusting your browser settings; the banner will then appear again on your next visit.
Who we share data with
We never sell your personal data. We share it only with service providers (processors) who help us run the site and respond to you, and only as far as needed:
- Resend — delivers the emails sent from our forms.
- ImprovMX — forwards email sent to our addresses.
- Google (Analytics) — measures site usage, only where you have consented.
- Our hosting provider — serves the website and keeps technical logs.
- Our scheduling provider — handles call bookings, where you use that option.
We may also disclose data where we are legally required to do so, or to establish, exercise, or defend legal claims.
International transfers
Some of our providers are based outside the European Economic Area, including in the United States. Where data is transferred outside the EEA, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
How long we keep it
We keep enquiry and correspondence data for as long as needed to deal with your request and our relationship, and for a reasonable period afterwards (generally up to 24 months from our last contact), unless a contract or the law requires us to keep it longer. Analytics data is retained according to our Google Analytics settings (currently up to 14 months). Technical logs are kept only for a short period.
Your rights
Under the GDPR, you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to our processing;
- receive your data in a portable format; and
- withdraw consent at any time, without affecting processing already carried out.
To exercise any of these rights, email us at contact@dayone-web.com. We will respond within one month.
Complaints
If you believe we have not handled your data properly, you can lodge a complaint with the supervisory authority in Cyprus, the Office of the Commissioner for Personal Data Protection, or with the supervisory authority in your own EU country. We’d appreciate the chance to address your concerns first, so please consider contacting us before you do.
Children
This website is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16.
Automated decision-making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
Changes to this notice
We may update this notice from time to time. When we do, we will revise the “last updated” date above. Material changes will be made clear on this page.