Legal
Privacy Policy
Maxim Herman is committed to protecting your privacy and the security of your personal data. This privacy policy explains what data we collect, why we collect it, how long we retain it, and what rights you have. It has been drawn up in compliance with the European General Data Protection Regulation (GDPR) and the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
1. Identity and contact details of the controller
The controller responsible for the processing of your personal data is:
- Name: Maxim Herman
- Capacity: Self-employed as a secondary occupation — Freelance front-end developer
- Location: Brussels, Belgium
- Email: hello@maxlinq.com
2. What personal data do we collect?
2.1 Contact form
When you submit the contact form on this website, we process the following data:
- Name
- Email address
- Project type (selected from a dropdown)
- Message / project description
These data are transmitted via EmailJS, a third-party service provider. We do not store form submissions in our own database; messages are delivered directly to Maxim Herman's inbox.
2.2 Cookies and analytics data
This website uses cookies. For full details, please refer to section 6 (Cookies).
2.3 Automatically collected data
On each visit to this website, the following data may be processed automatically, strictly subject to your consent via the cookie banner:
- IP address (anonymised by Google Analytics 4)
- Browser type and version
- Device type (desktop, tablet, mobile)
- Pages visited and time of visit
3. Purposes and legal bases for processing
| Purpose | Data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Responding to contact requests and conducting project conversations | Name, email address, project type, message | Consent (Art. 6(1)(a)) — by completing and submitting the form you give your active consent |
| Website analytics and improvement of the user experience | Anonymised IP, browser and device data, page visits | Consent (Art. 6(1)(a)) — via the cookie banner |
4. Retention periods
- Contact form messages: retained for a maximum of 1 year after the last contact. Messages are then deleted from the inbox.
- Analytics data (Google Analytics 4): in accordance with the retention settings in Google Analytics, by default 14 months.
- Cookie consent logs (CookieYes): retained for as long as necessary to document demonstrable consent, as required by GDPR.
5. Transfers to and sharing with third parties
We never sell your personal data to third parties. We use the following processors, with whom a data processing agreement or appropriate safeguards are in place:
| Processor | Role | Location | Safeguard |
|---|---|---|---|
| EmailJS | Transmission of contact form messages | United States | Standard Contractual Clauses (SCCs) |
| Google Analytics 4 | Website analytics | US / EU | Standard Contractual Clauses (SCCs) |
| CookieYes | Cookie consent management and banner | European Union | Processor established in the EU |
| Hostinger | Web hosting | EU | Processor established in the EU |
The processors listed above are only permitted to process your data in the context of the services they provide to us and not for their own purposes.
6. Cookies
A cookie is a small text file placed on your device when you visit our website. We use the following categories:
6.1 Strictly necessary cookies / local storage
These are required for the website to function correctly and do not require your consent.
| Name | Type | Purpose | Retention |
|---|---|---|---|
theme |
localStorage | Saves your theme preference (light/dark). Not a cookie; stored locally in your browser and never sent to a server. | Until you clear browser storage |
cookieyes-consent |
Cookie | Stores your cookie preferences as set via the cookie banner (CookieYes). | 1 year |
6.2 Analytics cookies
Analytics cookies are placed only after your explicit consent via the cookie banner.
| Name | Provider | Purpose | Retention |
|---|---|---|---|
_ga |
Google Analytics 4 | Distinguishes unique visitors by assigning a randomly generated number as a client ID. | 2 years |
_ga_* |
Google Analytics 4 | Persists the session state for the specific GA4 property. | 2 years |
You can withdraw your consent to analytics cookies at any time via the cookie banner (click the cookie icon in the bottom-left corner of the page).
7. Your rights as a data subject
Under the GDPR (Art. 15–22) you have the following rights with regard to your personal data:
- Right of access (Art. 15): You have the right to know which personal data we hold about you and to receive a copy.
- Right to rectification (Art. 16): You have the right to have inaccurate or incomplete personal data corrected.
- Right to erasure / "right to be forgotten" (Art. 17): You have the right to request that we erase your personal data, subject to the applicable legal conditions.
- Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your data in certain circumstances.
- Right to data portability (Art. 20): You have the right to receive the data you have provided in a structured, commonly used and machine-readable format.
- Right to object (Art. 21): You have the right to object to the processing of your personal data.
- Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of the above rights, please send an email to hello@maxlinq.com. We aim to respond to your request within 30 days of receipt, in accordance with Art. 12 GDPR.
Lodging a complaint
If you believe that the processing of your personal data infringes privacy legislation, you have the right to lodge a complaint with the competent supervisory authority:
Data Protection Authority (GBA/APD)Rue de la Presse / Drukpersstraat 35
1000 Brussels
Belgium
contact@apd-gba.be
www.dataprotectionauthority.be
8. Security of personal data
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or disclosure. This website uses:
- SSL encryption (HTTPS) — all communication between your browser and the server is encrypted.
- Secure hosting via Hostinger — in accordance with applicable security standards.
Despite our efforts, no internet transmission or electronic storage can be guaranteed to be completely secure. We therefore ask you not to send particularly sensitive information via the contact form.
9. Changes to this privacy policy
We reserve the right to amend this privacy policy, for example as a result of new legislation, new services, or technical changes to the website. We recommend checking this policy regularly. Any changes will be published on this page with the date of the most recent update.
Last updated: April 2026.