Legal
Privacy Policy
As of: March 2026
We take the protection of your personal data very seriously. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data on our website.
1. Controller
HenselX, Marc Hensel
Contrada Aria delle Donne 39, 87041 Acri (CS), Italy
E-Mail: hello@henselx.io | Tel: +39 324 2511 984
2. Legal Basis for Processing
The processing of your personal data is based on the EU General Data Protection Regulation (GDPR) and Legislative Decree 196/2003 (Privacy Code):
- Art. 6(1)(a) GDPR – Consent
- Art. 6(1)(b) GDPR – Contract performance
- Art. 6(1)(c) GDPR – Legal obligation
- Art. 6(1)(f) GDPR – Legitimate interest
3. Hosting and Technical Infrastructure
Our website and all associated services are operated exclusively on servers within the European Union:
- Reverse Proxy / Public Gateway: Aruba Cloud S.p.A., Via Borgognona 6, 00187 Roma, Italy – VPS instance "stromboli" (data processing agreement in place)
- Application server: Aruba Cloud S.p.A. – VPS instance "etna", region IT (data processing agreement in place)
- Database and backend: PocketBase, self-hosted on Aruba Cloud VPS "stromboli", region IT, Italy
- Network connections: NetBird (WireGuard-based), self-hosted – no third-party provider
No data is transferred to third countries outside the EU.
Aruba Cloud S.p.A. acts as a data processor pursuant to Art. 28 GDPR. The data protection obligations are part of Aruba Cloud's 'Terms and Conditions Cloud and Data Centre Services', which automatically become part of the contract and fulfil the requirements of Art. 28 GDPR (binding instructions, technical and organisational measures, support and deletion obligations).
4. Collection and Processing of Personal Data
4.1 When Visiting Our Website
Each time our website is accessed, the following data is automatically stored in server log files:
- IP address of the requesting computer (anonymized after 7 days)
- Date and time of access
- Name and URL of the retrieved file
- Amount of data transferred
- Notification of whether the retrieval was successful
- Browser and operating system
Legal basis: Art. 6(1)(f) GDPR. Deletion period: 30 days.
4.2 Contact Form
If you send us an inquiry via the contact form, your details including the contact information you provided will be stored with us for the purpose of processing the request. Legal basis: Art. 6(1)(b) GDPR.
4.3 Cookies
We use only technically necessary cookies. Tracking or marketing cookies are not used.
The following cookies are set:
| Cookie Name | Purpose | Storage Duration | Third Party |
|---|---|---|---|
| NEXT_LOCALE | Stores the selected language of the website | Session / 1 year | No |
Legal basis for technically necessary cookies: Art. 6(1)(f) GDPR (legitimate interest in the uninterrupted operation of the website). No consent is required for these cookies.
Additionally, we store your cookie consent status in the local browser storage (localStorage). This entry is not transmitted to our servers and is not subject to cookie regulations.
5. Your Rights
Under the GDPR, you have the following rights with regard to us:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, please contact us at: hello@henselx.io
6. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent data protection authority. In Italy, this is the Garante per la Protezione dei Dati Personali.
7. Data Security
- Our website uses SSL/TLS encryption (HTTPS)
- All connections between our servers are encrypted with the WireGuard protocol
- No data transfer to third countries outside the EU