Periscope

Legal

Privacy Policy

Plain language first, formal text below. Information per Art. 13 and 14 GDPR.

Short version

  • The waitlist is a plain email to periscope@surdu.eu. No form provider sits between you and me. Your address and message land in my inbox.
  • I will email you once when audits open up, and not again unless you ask.
  • Pageviews are counted via GoatCounter, a privacy-friendly analytics service. No cookies, no personal data stored, no cross-site tracking. No advertising pixels, no embedded forms.
  • You can ask me at any time to delete your email. One message to periscope@surdu.eu is enough.

1. Controller

Razvan Andrei Surdu
Osterbrook 11B
20537 Hamburg, Germany
Email: periscope@surdu.eu

2. What data is processed and why

2.1 Waitlist signup by email

The waitlist CTA on this site opens your own email client with a pre-filled message to periscope@surdu.eu. When you send it, your email address and the contents of your message arrive in my inbox. The site itself does not transmit any data; the message is sent directly by your mail client.

Purpose: to notify you once when Periscope audits open up, and to reply to any specific question you raise in the message.

Legal basis: Art. 6 (1) (a) GDPR (consent, given by sending the email) for the waitlist notification; Art. 6 (1) (b) GDPR for any pre-contractual steps you initiate.

Retention: until you withdraw consent or the waitlist purpose is no longer relevant, at which point the message and address are deleted. You can ask for deletion at any time.

2.2 Server logs

The site is hosted on GitHub Pages. GitHub Inc. processes standard server logs (including IP address, timestamp, user agent, requested URL) for the purpose of operating, securing, and protecting the service.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating a stable and secure website).

3. Recipients and processors

The following providers are involved in operating this site or handling messages you send to me:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Operates Google Workspace, which hosts the periscope@surdu.eu mailbox and processes incoming and outgoing messages. Processing is governed by the Google Workspace Data Processing Amendment. Cross-border transfers to Google LLC in the United States are covered by the EU–U.S. Data Privacy Framework, to which Google is certified. See Google's privacy policy and the Workspace DPA.
  • GitHub, Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA. Hosting provider for static site delivery. Cross-border transfer is covered by the EU–U.S. Data Privacy Framework. See GitHub's privacy statement.
  • INWX GmbH & Co. KG, domain registrar for surdu.de.
  • GoatCounter, operated by Martin Tournoij (Netherlands). Privacy-friendly pageview analytics. No cookies, no personal data stored, no IP retention, no cross-site tracking. See GoatCounter's privacy policy.

4. Cookies and analytics

This site sets no cookies. Pageviews are counted via GoatCounter, a privacy-friendly analytics service operated by Martin Tournoij (Netherlands). GoatCounter does not use cookies, does not store personal data, does not track visitors across sites, and does not retain IP addresses; it generates a salted, daily-rotating hash of your IP and user agent solely to estimate unique visitors. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in basic, aggregate audience measurement). See GoatCounter's privacy policy at https://www.goatcounter.com/help/privacy. No advertising, no embedded forms, no third-party widgets are loaded.

5. Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have your data erased (Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7 (3)).

To exercise any of these, email periscope@surdu.eu.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for this site is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), datenschutz-hamburg.de.

6. International transfers

Two cross-border data flows may occur:

  • Hosting via GitHub Pages may involve transfer of standard server log data to the United States; this transfer is covered by the EU–U.S. Data Privacy Framework, to which GitHub Inc. is certified.
  • Messages you send to periscope@surdu.eu are processed by Google Workspace under contract with Google Ireland Limited (Dublin). Google may replicate message data to data centers operated by Google LLC in the United States; this transfer is covered by the EU–U.S. Data Privacy Framework, to which Google is certified, and by the Google Workspace Data Processing Amendment.

7. Changes to this policy

This policy may be updated as the site evolves. The current version is always available at this URL. Material changes will be reflected in the "Last updated" date below.

Last updated: 2026-05-06

← Back to Periscope