Skip to content

Privacy Notice

This notice explains how I handle personal data when you visit alfredpersson.com or contact me through the channels linked from this site. Last updated: 2026-05-07.

Who is responsible

The controller of personal data described in this notice is:

SveaSync Solutions Ltd
Suite 129B, The Junction Business Hub, Calebasses 20201, Mauritius
Business Registration Number: C25222841

Contact: Alfred Persson, Head of IT, privacy@sveasync.com

I do not have a designated Data Protection Officer. For any privacy question, use the contact details above.

What this site is

alfredpersson.com is a static website built with MkDocs Material and hosted on GitHub Pages. There are no forms on the site, no login, no analytics, no advertising trackers, and no comments. The site sets no tracking cookies of its own.

What personal data I process and why

When you visit the site

  • What: the GitHub Pages hosting platform automatically receives standard web server information when you load a page, including your IP address, the page requested, the time of the request, and your user agent (browser and operating system).
  • Why: this is necessary to deliver the page to you and to allow GitHub to maintain platform security and integrity.
  • Legal basis: legitimate interests under Article 6(1)(f) GDPR in providing the site and protecting it from abuse.
  • Who handles it: GitHub, Inc. (a subsidiary of Microsoft Corporation), as an independent controller for its platform-level logs. See GitHub's privacy statement at https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement.

Fonts and scripts are self-hosted

The site is built with the MkDocs Material privacy plugin, which downloads typefaces (Inter, JetBrains Mono) and JavaScript libraries at build time and serves them from the same origin as the rest of the site. Your browser does not make requests to Google Fonts, Cloudflare cdnjs, or any other third-party content delivery network when you visit the site.

When you book an intro call

  • What: the "Book Free Intro Call" buttons link to my Calendly booking page. If you book, Calendly collects the information you provide (typically name, email address, time zone, and any answers to scheduling questions) and shares it with me.
  • Why: to schedule and prepare for the call.
  • Legal basis: Article 6(1)(b) GDPR (taking steps prior to entering into a contract at your request) and Article 6(1)(f) GDPR (legitimate interest in preparing for the call) for any context you choose to provide.
  • Who handles it: Calendly LLC processes the booking on my behalf as a processor. See https://calendly.com/privacy.
  • Retention: I keep booking records for as long as needed to follow up on the conversation, and in any event delete them within twenty-four (24) months of the call unless you become a client (in which case the engagement letter governs retention).

When you email me

  • What: if you send me an email at alfred@sveasync.com (or a related address), I receive your email address, name (if included), and the content of the message.
  • Why: to respond to your message and, where relevant, continue a conversation about a potential engagement.
  • Legal basis: Article 6(1)(b) GDPR (taking steps prior to entering into a contract at your request) where the message relates to a possible engagement, or Article 6(1)(f) GDPR (legitimate interest in responding to correspondence) otherwise.
  • Who handles it: Google LLC processes email on my behalf as a processor under the Google Workspace Data Processing Addendum. Google Workspace data is processed in Google data centres globally, including in the United States, with appropriate transfer safeguards in place under Google's terms.
  • Retention: I keep correspondence for as long as the conversation is active, and otherwise delete it within twenty-four (24) months unless you become a client.

The icons in the footer link to my profiles on GitHub and LinkedIn. Clicking them takes you to those platforms, which then process your visit under their own privacy notices. I do not receive personal data from you simply by you visiting those profiles.

International transfers

I am based in Mauritius. When you contact me by email or book a call, your personal data is transferred from your location to Mauritius. Mauritius is not subject to a European Commission adequacy decision. I rely on the Standard Contractual Clauses adopted by the European Commission (Decision (EU) 2021/914) where a transfer falls under that framework, supported by appropriate technical, contractual, and organisational safeguards. A Transfer Impact Assessment for transfers to Mauritius is available on request.

Personal data may also be transferred to or accessed from the United States as part of the services I rely on. GitHub, Inc. (GitHub Pages hosting) and Google LLC (Google Workspace email) each rely on their own transfer safeguards under Articles 45 to 49 GDPR; see their respective privacy notices for details. Where Google or its sub-processors are certified under the EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795), Google may rely on that adequacy decision.

Cookies and similar storage

The site sets no tracking cookies. The MkDocs Material theme uses your browser's local storage to remember a small number of preferences (for example, your light or dark mode choice). This information stays in your browser and is not sent to me or to any third party.

Your rights

Under the GDPR you have the right to:

  • access the personal data I hold about you;
  • have inaccurate data corrected;
  • ask for the data to be deleted, where the legal basis allows;
  • ask for processing to be restricted, where the legal basis allows;
  • object to processing based on legitimate interests;
  • receive your data in a portable format, where the legal basis allows; and
  • withdraw consent, where I have relied on consent (which on this site is rare; the bases above are typically contract or legitimate interests).

To exercise any of these rights, email privacy@sveasync.com. I will respond within thirty (30) days. If you live in the European Economic Area or the United Kingdom, you also have the right to complain to your local supervisory authority. In Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): https://www.imy.se.

You may also complain to the Mauritius Data Protection Office (https://dataprotection.govmu.org), which supervises my processing as a controller established in Mauritius.

How long I keep data

Retention is set out per source above. In short:

  • Bookings and email correspondence: while active, otherwise deleted within twenty-four (24) months.
  • Site visit logs held by GitHub: governed by GitHub, typically days to months.
  • Engagement records (if you become a client): governed by the engagement letter and applicable record-keeping obligations.

Updates

I update this notice when the data flows on the site change. Material changes are flagged in the page header (the "Last updated" date). The current version is the one on this page; previous versions are not archived publicly but are available on request.

Contact

For any question about this notice or about how I handle personal data, email privacy@sveasync.com.