Privacy Policy

Last updated: April 2026

1. Data Controller

Responsible within the meaning of the GDPR:

defaultbitch.com
Suite 5743, 24B Moorefield Rd, Johnsonville, Wellington 6037, New Zealand
Email: info@defaultbitch.com

2. Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing:

  • Identity data (e.g. name, company)
  • Contact data (e.g. email address)
  • Content data (e.g. message text in contact form)
  • Usage data (e.g. pages visited, time of access)
  • Meta/communication data (e.g. IP address, browser information)

3. Legal Basis

We process personal data based on the following legal grounds under the GDPR:

  • Consent (Art. 6(1)(a) GDPR) – The data subject has given consent.
  • Contractual performance (Art. 6(1)(b) GDPR) – Processing for the performance of a contract or pre-contractual measures.
  • Legitimate interests (Art. 6(1)(f) GDPR) – Processing for the purposes of our legitimate interests, unless overridden by the interests of the data subject.

4. Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements and the state of the art to ensure a level of protection appropriate to the risk. These include:

• Encrypted data transmission (HTTPS/TLS) for the entire website
• HTTP Strict Transport Security (HSTS) to enforce encrypted connections
• Content Security Policy (CSP) to protect against cross-site scripting
• No integration of external services or CDNs – all resources are served from our own server
• Hardened session configuration (HttpOnly, Secure, SameSite=Strict)
• CSRF protection for all forms
• Server-side input validation and sanitization

5. Data Collection When Visiting the Website

5.1 Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits automatically:

  • Browser type and version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Date and time of the server request
  • IP address

This data is not merged with other data sources. Collection is based on Art. 6(1)(f) GDPR. The data is automatically deleted after 30 days.

5.2 No External Services

This website does not load any external resources from third-party servers. All fonts, stylesheets, scripts, images and icons are served exclusively from our own server. There is no tracking, no profiling, and no data transfer to third parties. No CDNs, no Google Fonts, no Google Analytics, and no social media plugins are used.

6. Contact Form

When you submit an inquiry via our contact form, the information you provide will be stored for the purpose of processing and for any follow-up questions.

The following data is collected:

  • First and last name (required)
  • Email address (required)
  • Company name (optional)
  • Message text (required)
  • IP address (automatic, for abuse protection)
  • Time of submission

Processing is based on Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in answering inquiries). Your data will remain with us until you request deletion, revoke consent, or the purpose for storage ceases. Mandatory legal retention periods remain unaffected.

7. Spam Protection

To protect against automated abuse (spam), we use technical protection measures in the contact form. These are based exclusively on technical methods (timestamp verification, JavaScript challenge, honeypot fields) and do not collect any additional personal data. No external anti-spam services such as Google reCAPTCHA are used. Legal basis: Art. 6(1)(f) GDPR.

8. Cookies and Session Data

This website uses only technically necessary session cookies for:

  • CSRF protection (Cross-Site Request Forgery prevention) for the contact form
  • Rate limiting to protect against abuse of the contact form

Session cookies are automatically deleted when you close your browser. They contain no personal data and are not used for tracking or analytics. No tracking cookies, marketing cookies, or third-party cookies are used. A cookie consent banner is therefore not required under applicable law.

9. Hosting

This website is hosted by [HOSTING PROVIDER]. The host collects the server log data described in section 5.1 based on Art. 6(1)(f) GDPR. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the host.

10. Email Contact

If you contact us by email, your inquiry including all personal data (name, email, content) will be stored for the purpose of processing. No disclosure to third parties. Legal basis: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

11. Your Rights

You have the right at any time to:

  • Access your stored personal data (Art. 15 GDPR)
  • Rectification of inaccurate personal data (Art. 16 GDPR)
  • Erasure of your stored data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability – receive your data in a structured, machine-readable format (Art. 20 GDPR)
  • Object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Withdraw consent at any time with effect for the future (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, please contact: info@defaultbitch.com

12. Data Security

This website uses SSL/TLS encryption for security reasons. An encrypted connection is indicated by "https://" in the browser address bar and the lock icon. When encryption is active, data you transmit to us cannot be read by third parties.

13. Changes to This Privacy Policy

We reserve the right to update this privacy policy to comply with current legal requirements or to reflect changes to our services. The updated privacy policy will apply to your future visits.