Privacy policy
1. Introduction and scope
This Privacy Policy explains how KAPION d.o.o. (“Company,” “we,” “us,” or “our”), operating through Rok Benko, collects, uses, and protects information in connection with the developer portfolio website at rokbenko.com (the “Website”).
This policy applies to all visitors who access the Website. The Website is a personal portfolio: it presents work, skills, and contact information, and no services are sold or contracted through it. The AI consulting site at rokbenko.com/ai and the filmmaking site at rokbenko.com/video have their own privacy policies covering the services offered there.
By accessing the Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the Website.
2. Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person, as defined under the General Data Protection Regulation (GDPR) Article 4(1).
- “Website” means the developer portfolio website accessible at rokbenko.com, including all pages, content, and functionality.
- “Visitor” means any individual who accesses or browses the Website.
- “Usage Data” means anonymized, non-personally-identifiable data about how the Website is accessed and used, collected automatically through analytics tools.
3. Data controller
The data controller responsible for the processing of Personal Data described in this policy is:
KAPION d.o.o.
Kocljeva ulica 16, 9000 Murska Sobota, Slovenia
Registration number: 1683438000
VAT ID: SI32880227
Email: roksstartups@gmail.com
Represented by: Rok Benko
4. Data collection — types and methods
The Website is designed with a minimal data collection approach. Below is a complete description of all data collected, organized by collection method.
Data you provide directly:
- Email correspondence: When you contact me via email, I receive your email address, name (if provided), and the content of your message. This data is provided voluntarily by you.
Data collected automatically:
- Vercel Analytics: The Website uses Vercel Analytics, a privacy-friendly, cookieless analytics service. It collects anonymized Usage Data including page views and referral sources. Vercel Analytics does not use cookies, does not collect IP addresses, and does not track individual users across sessions. This data cannot be used to identify you personally.
- Vercel Speed Insights: The Website uses Vercel Speed Insights, a performance monitoring service that collects anonymized Core Web Vitals metrics (such as loading, interactivity, and visual-stability measurements) for the pages you visit. Vercel Speed Insights does not use cookies and does not track individual users across sessions. This data cannot be used to identify you personally.
- Functional preferences:The Website stores your language preference (English, Slovenian, or German) and your animation performance preference in your browser's localStorage. These are functional preferences stored locally on your device and are never transmitted to any server.
Data not collected: The Website does not set cookies, does not use tracking pixels, does not use device fingerprinting, does not create user accounts, and does not process payment information. Vercel Analytics does not collect or store IP addresses. Standard server infrastructure may process IP addresses as part of delivering web pages, but these are not stored or used for tracking purposes. No special category data (Article 9 GDPR) is collected.
5. Purposes of processing
Personal Data is processed for the following specific purposes:
- Responding to inquiries: To reply to your emails and answer questions about my work.
- Website analytics: To understand how the Website is used and to improve its content and performance using anonymized, aggregated Usage Data.
- Legal compliance: To comply with applicable legal obligations.
Personal Data is not used for advertising, profiling, automated decision-making, or AI/ML model training.
6. Legal basis for processing (GDPR)
Under Article 6 of the GDPR, each processing activity is based on a specific lawful basis:
- Legitimate interests (Article 6(1)(f)): Processing anonymized Website Usage Data for website improvement and performance monitoring. The legitimate interest is maintaining and improving the Website. Given that the data is anonymized and cookieless, the impact on individual privacy is minimal.
- Pre-contractual steps and legitimate interests (Article 6(1)(b) and 6(1)(f)): When you contact me via email, your contact information is processed to respond to your inquiry. The legitimate interest is managing business communications and responding to inquiries.
- Legal obligation (Article 6(1)(c)): Retaining records as required by Slovenian and EU law.
7. Data sharing and disclosure
Personal Data is not sold, rented, or shared for advertising or marketing purposes. Data may be disclosed only in the following limited circumstances:
- Vercel (website hosting, analytics, and performance monitoring):The Website is hosted on Vercel's infrastructure. Vercel processes anonymized Usage Data through Vercel Analytics and Vercel Speed Insights. Vercel is based in the United States and participates in the EU-US Data Privacy Framework.
- Email provider: Email correspondence is processed through the email service provider (Google/Gmail). Google is based in the United States and participates in the EU-US Data Privacy Framework.
- Legal requirements: Personal Data may be disclosed if required by law, regulation, or court order, or to protect the rights, safety, or property of the Company or others.
Personal Data is shared only with the service providers listed above, or with similar service providers engaged in the future to support the Website. This policy will be updated to reflect any material changes in third-party data sharing.
9. Data retention
Personal Data is retained only as long as necessary for the purposes described in this policy. Specific retention periods:
- Email correspondence: Retained for the duration of the inquiry, plus a reasonable period (up to 2 years) for potential follow-up and record-keeping. Deleted upon request, subject to legal retention obligations.
- Website Usage Data (Vercel Analytics and Vercel Speed Insights): Anonymized and aggregated. Because this data cannot identify individuals, it may be retained indefinitely for trend analysis.
- Functional preferences (localStorage): Stored on your device until you clear your browser data. Not retained by the Company.
When Personal Data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.
10. Your Rights
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:
- Right of access (Article 15): Request a copy of the Personal Data I hold about you.
- Right to rectification (Article 16): Request correction of inaccurate or incomplete Personal Data.
- Right to erasure (Article 17): Request deletion of your Personal Data where there is no compelling reason for continued processing.
- Right to restriction (Article 18): Request that I restrict processing of your Personal Data in certain circumstances.
- Right to data portability (Article 20): Request your Personal Data in a structured, commonly used, machine-readable format.
- Right to object (Article 21): Object to processing based on legitimate interests.
- Right to lodge a complaint: File a complaint with the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec) at ip-rs.si or with any other competent supervisory authority in the EEA.
If you are located in the United Kingdom, you have equivalent rights under the UK GDPR. You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
How to exercise your rights: Send your request to roksstartups@gmail.com. I will respond within one month of receiving your request. If the request is complex, this may be extended by up to two additional months, in which case you will be informed of the delay and the reasons for it. No fee is charged for exercising your rights unless requests are manifestly unfounded or excessive.
11. International data transfers
The Company is based in the Republic of Slovenia, a member of the European Union. Some third-party services used in connection with the Website are based in the United States:
- Vercel (hosting, analytics, and performance monitoring) — participates in the EU-US Data Privacy Framework.
- Google/Gmail (email) — participates in the EU-US Data Privacy Framework.
Transfers to the United States are safeguarded by the EU-US Data Privacy Framework adequacy decision adopted by the European Commission in July 2023, or by Standard Contractual Clauses where applicable. If you have questions about the safeguards in place, please contact me.
12. Security measures
I take commercially reasonable measures to protect Personal Data from unauthorized access, alteration, disclosure, or destruction. These measures include:
- The Website is served over HTTPS (TLS encryption) for all connections.
- Email communications use standard encryption provided by the email service provider.
- Third-party services (Vercel, Google) maintain their own security certifications and practices.
No method of transmission over the internet or electronic storage is 100% secure. While I strive to use commercially acceptable means to protect your Personal Data, I cannot guarantee its absolute security.
13. Children's privacy
The Website is not directed to individuals under the age of 18. I do not knowingly collect Personal Data from children. If I become aware that Personal Data has been inadvertently collected from a child, I will take steps to delete it promptly. If you believe a child has provided me with Personal Data, please contact me at roksstartups@gmail.com.
14. Third-party services and links
The Website contains links to third-party services including GitHub, LinkedIn, X (formerly Twitter), Stack Overflow, and YouTube. These services operate under their own privacy policies and terms of service. I am not responsible for the privacy practices, content, or availability of any third-party service.
When you click a link to a third-party service, you leave the Website and your interaction with that service is governed by their policies. I encourage you to review the privacy policies of any third-party service you visit.
15. Automated decision-making and AI
The Website does not employ automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. No visitor data is used to train AI or machine learning models. If this changes in the future, this policy will be updated and appropriate safeguards, including opt-out mechanisms, will be implemented.
16. Changes to this policy
This Privacy Policy may be updated from time to time to reflect changes in data practices or legal requirements. When material changes are made, the “Effective Date” at the top of this page will be updated.
Your continued use of the Website after any changes constitutes acceptance of the updated policy.
Previous versions of this policy may be available upon request.
17. Additional jurisdiction-specific disclosures
For visitors from the European Economic Area (EEA): This policy has been drafted in compliance with the General Data Protection Regulation (EU) 2016/679. The legal bases for processing are detailed in Section 6. International transfer safeguards are described in Section 11. Your full rights are listed in Section 10. You may also submit disputes to the European Commission's Online Dispute Resolution platform.
For visitors from the United Kingdom:Your rights under the UK GDPR are equivalent to those described in Section 10. The relevant supervisory authority is the Information Commissioner's Office (ICO). Data transfers to the United States are protected by the UK Extension to the EU-US Data Privacy Framework or UK International Data Transfer Agreements where applicable.
For visitors from California (USA):Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to know what Personal Data is collected, request its deletion, and opt-out of the sale or sharing of Personal Data. The Website does not sell or share Personal Data as defined under the CCPA. Because no sale or sharing occurs, Global Privacy Control (GPC) signals do not trigger additional action, though the Website's practices are already consistent with the opt-out preferences GPC signals represent. For questions, contact me at the email address above.
For visitors from Brazil: Under the Lei Geral de Proteção de Dados (LGPD), you have rights including access, correction, anonymization, portability, and deletion of your Personal Data. The legal bases described in Section 6 apply equivalently under LGPD. To exercise your rights, contact me at the email address above. I will respond within 15 days.
18. Contact
If you have any questions about this Privacy Policy, please contact us at:
KAPION d.o.o.
Kocljeva ulica 16, 9000 Murska Sobota, Slovenia
Registration number: 1683438000
VAT ID: SI32880227
Email: roksstartups@gmail.com