Privacy Policy

Last Updated: November 23, 2025

1. Introduction

This Privacy Policy explains how GravelFinder ("we", "us", or "our") collects, uses, and protects your personal data when you use our website. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Belgian data protection laws.

2. Data Controller

Website: GravelFinder (Personal Project)
Operator: Individual, non-commercial publisher
Email: [email protected]
Location: Belgium

3. What Data We Collect

We collect the following types of data when you use our website:

Analytics Data: Click events, link interactions, page views, and usage patterns
Technical Data: IP address (hashed for privacy), browser type, device type, timestamp of visits
Location Data: Map interactions and geographical coordinates you enter when planning routes
Cookies: Small text files stored on your device (see Cookie Policy for details)

4. How We Use Your Data

We use your personal data for the following purposes:

To provide and improve our gravel road finding service
To analyze website usage and track which features are most popular
To understand user behavior and improve user experience
To monitor technical performance and fix bugs
To comply with legal obligations

5. Legal Basis for Processing

Under GDPR, we process your data based on:

Consent: Analytics cookies and tracking require your explicit consent through our cookie banner
Legitimate Interest: We have a legitimate interest in improving our service, analyzing usage patterns, and monitoring technical performance

Breakdown by data type:

Analytics Data (click events, page views): Consent (via cookie banner)
Technical Data (IP address hashing, browser type): Legitimate interest
Location Data (map coordinates you enter): Consent (by using the service)
Functional Data (preferences, settings): Legitimate interest (necessary for service functionality)

6. Data Storage and Retention

Analytics Data: Stored on our server and in your browser's local storage
Retention Period: We retain analytics data for up to 12 months, after which older data may be deleted
Location: This website is hosted by ULYSSIS, with servers located in Belgium. Cloudflare is used as a CDN and DNS provider, which may temporarily cache content in global edge locations (including outside the EU) for performance and security purposes.
Backups: Automatic backups are created and retained for up to 30 days

Note on International Data Transfers: While our primary servers are in Belgium (EU), Cloudflare's CDN may cache content globally. Cloudflare complies with GDPR and uses Standard Contractual Clauses (SCCs) for data transfers outside the EU.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Remember your preferences and settings
Track website usage and analytics
Identify unique visitors (using hashed IP addresses)

For more information, please see our Cookie Policy.

8. Third-Party Services

Our website uses the following third-party services that may collect data:

Cloudflare CDN: Used for content delivery, DNS services, and DDoS protection. May temporarily cache website content in global edge locations. Cloudflare's privacy policy: cloudflare.com/privacypolicy
OpenStreetMap / Leaflet: For displaying interactive maps
Overpass API: For retrieving road data
Open-Elevation API: For retrieving elevation data

These services may have their own privacy policies. We do not control how they process your data.

9. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

When required by law or legal process
With our hosting provider (necessary for website operation)
With your explicit consent

10. Your Rights Under GDPR

As a user in Belgium/EU, you have the following rights:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at [email protected].

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Hashing of IP addresses (no raw IPs stored)
Secure server infrastructure
Regular backups
Access controls and authentication

12. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]
Response Time: We will respond to your request within 30 days as required by GDPR.

15. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Rue de la Presse 35, 1000 Brussels, Belgium
Website: www.dataprotectionauthority.be

Home | Cookie Policy | Terms & Conditions