Privacy Policy
Last updated: 20 May 2026
This Privacy Policy explains how DX Labs, an unincorporated project operated from Germany by Danylo Vietrov ("Operator", "we", "us", or "our"), collects, uses, discloses, and protects personal data when you visit or use DX Labs, available at https://dxlabs.pro, and any related website content, contact forms, newsletter sign-up forms, analytics, and other website features (together, the "Website").
We do not sell personal data, rent personal data, disclose personal data for third-party advertising, or use personal data to build third-party advertising profiles. We collect analytics for our own internal purposes so we can understand, maintain, secure, and improve the Website.
1. Controller details
For personal data that we process for our own purposes, the controller is the individual operator of the Website:
DX Labs
Operator legal name: Danylo Vietrov
Public contact address: Schlagstraße 2, 65193 Wiesbaden, Germany
Email: danylo@dxlabs.pro
We do not currently operate through a registered company or other separate legal entity. If the Website is later transferred to, or operated by, a registered legal entity, we will update this Privacy Policy with the new controller details.
If applicable:
- Data Protection Officer: not appointed
- EU representative: not appointed because the operator is established in Germany
- UK representative: not appointed
The Website does not allow business customers to upload their own customer, user, or employee data. If a future service engagement requires us to process personal data on behalf of a business customer under a Data Processing Agreement, that customer is the controller or processor, and we act as its processor or subprocessor for that customer-controlled data.
2. Scope
This Privacy Policy applies to personal data we process when you:
- visit or browse the Website;
- contact us or request support;
- subscribe to updates or communications;
- discuss or enter into a separate B2B service engagement with us;
- use the Website on behalf of a company or organisation;
- otherwise interact with us online.
This Privacy Policy does not apply to third-party websites or services that we do not control.
3. Personal data we collect
3.1 Data you provide
We may collect personal data you provide directly, such as:
- name;
- work email address;
- company or organisation name;
- job title or role;
- business contact details submitted through forms, email, calls, or other business communications;
- support messages, feedback, forms, and other communications;
- newsletter preferences and related consent or opt-out records;
- information you choose to include in a business enquiry.
3.2 Data collected automatically
When you use the Website, we may collect technical and usage data, such as:
- IP address;
- browser type and version;
- device type, operating system, and language settings;
- pages viewed, referring pages, links clicked, and events within the Website;
- approximate location derived from IP address;
- dates, times, and duration of visits;
- cookie or similar technology identifiers, where used;
- logs needed for security, fraud prevention, debugging, and service reliability.
3.3 Analytics data
We use analytics only for our own internal measurement and improvement of the Website. Analytics may include aggregated or pseudonymous data about visits, pages, interactions, referrers, device types, regions, performance, heatmaps, session replay-style diagnostics, and conversion events.
Our analytics are not used by us for third-party advertising, cross-site advertising profiles, data brokerage, or sale of personal data.
Current or planned analytics and reporting tools may include:
- Google Analytics 4;
- Hotjar or comparable behaviour analytics tools;
- Grafana;
- Tableau;
- similar analytics, observability, reporting, or dashboard tools.
These tools may use cookies, local storage, pixels, scripts, tags, IP addresses, device/browser information, page interaction data, and similar technologies. In the EEA, United Kingdom, and Switzerland, non-essential analytics and behaviour analytics tools should not be loaded until the visitor has given consent through the cookie banner or consent management tool.
If we use Hotjar-style session replay, heatmap, or behaviour analytics tools, we aim to configure them to avoid capturing sensitive information, form contents, passwords, payment details, and unnecessary personal data.
3.4 Data from business customers and users
If you use the Website for a company or organisation, we may process business contact and relationship data about your personnel, such as names, work email addresses, roles, company names, business enquiries, newsletter preferences, and communications with us.
You should not submit personal data about your own customers, employees, end users, or other third parties through the Website beyond ordinary business contact and enquiry information.
3.5 Sensitive data
We do not intentionally collect special category data, such as health data, biometric data, precise political opinions, religious beliefs, trade union membership, genetic data, or data about sex life or sexual orientation through the Website.
Please do not submit sensitive personal data through the Website.
4. How we use personal data and our legal bases
If the GDPR, UK GDPR, or similar law applies, we rely on the legal bases listed below.
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide and operate the Website | website delivery, contact forms, newsletter forms, basic website functionality | legitimate interests; consent where required |
| Maintain and secure the Website | abuse prevention, logs, troubleshooting, fraud prevention, security monitoring | legitimate interests; legal obligation |
| Communicate with you | enquiry responses, support, website notices, project discussions, contract administration | performance of a contract; legitimate interests |
| Analytics and improvement | measuring usage, performance, errors, and feature adoption | legitimate interests where privacy-preserving and legally permitted; consent where required for non-essential cookies or tracking |
| Business enquiries and B2B sales | responding to enquiries, qualifying leads, scheduling calls, preparing proposals | legitimate interests; steps before entering a contract |
| Separate service engagements | proposals, statements of work, project communications, invoices outside the Website | performance of a contract; legal obligation; legitimate interests |
| Legal compliance | responding to lawful requests, enforcing terms, tax/accounting obligations | legal obligation; legitimate interests |
| Business relationship management | managing leads, customer relationships, renewals, and business communications | legitimate interests; consent where required |
| Marketing communications | newsletters, product updates, events | consent where required; legitimate interests where permitted; you can opt out |
| Protect legal rights | claims, disputes, audits, investigations | legitimate interests; legal obligation |
Where we rely on legitimate interests, our interests include operating, securing, improving, and promoting the Website, managing business relationships, responding to B2B enquiries, preventing misuse, and protecting our legal rights. We balance these interests against your rights and expectations.
Where we rely on consent, you may withdraw consent at any time.
5. Cookies and similar technologies
We may use cookies, pixels, local storage, server logs, or similar technologies.
Cookies and similar technologies may be used for:
- strictly necessary functions, such as security, load balancing, and consent preferences;
- preferences, such as language or display settings;
- analytics and behaviour analytics, so we can understand and improve the Website.
In the EEA, UK, and other jurisdictions with similar rules, non-essential cookies or similar tracking technologies are used only with consent unless an exemption applies.
Analytics cookies or trackers may be exempt from consent only in limited circumstances, such as where they are strictly limited to audience measurement for our own Website, produce anonymous statistics, are not combined with other data, do not enable cross-site tracking, are limited to one publisher, use shortened or otherwise protected IP data, have limited retention, and provide an opt-out where required. These conditions can vary by EU Member State.
For visitors in the EEA, United Kingdom, Switzerland, and other jurisdictions with similar rules, we use analytics cookies, Hotjar-style behaviour analytics, and similar non-essential technologies only after consent. You can change or withdraw your consent through https://dxlabs.pro/#cookie-banner.
You can also control cookies through your browser settings. Blocking some cookies may affect Website functionality.
6. When we disclose personal data
We do not sell personal data, rent personal data, or disclose it for third-party advertising.
We may disclose personal data in the following limited circumstances:
- Service providers / processors: providers that process personal data on our behalf and under contract, such as hosting, infrastructure, security, analytics, website behaviour analytics, dashboarding, email, newsletter, customer support, accounting, and professional services.
- Legal and regulatory reasons: courts, regulators, law enforcement, public authorities, or other parties where required by law or reasonably necessary to protect rights, safety, security, or legal interests.
- Business transfers: parties involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, subject to appropriate confidentiality and data protection safeguards.
- With your direction or consent: where you ask us to disclose data or consent to a disclosure.
| Category | Provider | Purpose | Location |
|---|---|---|---|
| Hosting / infrastructure | Vercel | website hosting, deployment, performance, and delivery | United States / global edge infrastructure |
| Analytics | Google Analytics 4 | internal website analytics | United States / global infrastructure |
| Behaviour analytics | Hotjar or comparable tools | heatmaps, behaviour analytics, user experience diagnostics | EEA / United States / global infrastructure, depending on provider |
| Reporting / dashboards | Grafana, Tableau, or comparable tools | internal reporting and dashboards | depends on deployment/provider |
| Email hosting / support communications | Hostinger | email hosting, communications, and support | EEA / global infrastructure, depending on Hostinger configuration |
| Newsletter / marketing email | Hostinger | newsletters, updates, unsubscribe records | EEA / global infrastructure, depending on Hostinger configuration |
| Payments | not applicable for the Website | no website checkout or billing | not applicable |
7. International transfers
Personal data may be processed in Germany, the EEA, the United Kingdom, Switzerland, the United States, and other locations where we or our service providers operate.
If personal data is transferred from the EEA, UK, or Switzerland to a country that has not been recognised as providing adequate protection, we use appropriate safeguards where required, such as Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-US Data Privacy Framework for participating US organisations, or another lawful transfer mechanism.
Because the operator is established in Germany, we have not appointed a separate EU representative. If we appoint UK or Swiss representatives in the future, we will update this Privacy Policy.
8. Retention
We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Typical retention periods are:
| Data category | Typical retention |
|---|---|
| Website enquiry and business contact data | up to 3 years after the last meaningful business interaction, unless needed longer for legal claims or contracts |
| Support and general communications | up to 3 years after the matter is resolved, unless needed longer for legal claims or contracts |
| Security logs | typically up to 12 months, unless needed for investigation |
| Analytics data | typically up to 14 months for event-level analytics, unless configured differently |
| Hotjar-style heatmaps/session diagnostics | typically up to 12 months, unless configured differently or deleted sooner |
| Separate contract, tax, and accounting records | retained for the period required by applicable law |
| Marketing preferences | until you unsubscribe or object, plus suppression records as needed |
| Legal claims and compliance records | as needed for limitation periods, disputes, audits, or legal obligations |
When we no longer need personal data, we delete, anonymise, or securely retain it only as required by law or legitimate business needs.
9. Your privacy rights
Depending on your location and applicable law, you may have rights to:
- request access to personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request deletion of personal data;
- request restriction of processing;
- object to processing based on legitimate interests;
- request data portability;
- withdraw consent at any time, where processing is based on consent;
- object to direct marketing;
- not be subject to a decision based solely on automated processing that produces legal or similarly significant effects;
- lodge a complaint with a data protection authority.
To exercise rights, contact us at danylo@dxlabs.pro. We may need to verify your identity before responding.
If you are in the EEA, you may lodge a complaint with your local supervisory authority. If you are in the UK, you may contact the UK Information Commissioner's Office. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Some rights are not absolute and may depend on our role, legal basis, applicable law, and whether we need data to provide the Website, comply with law, or protect legal rights.
10. Business customer data processing
The Website does not currently allow business customers to upload their own customer, user, or employee data.
Where a separate B2B service engagement requires us to process personal data on a customer's documented instructions, the customer is responsible for:
- providing required notices to individuals;
- establishing a lawful basis for processing;
- handling data subject requests unless the DPA states otherwise;
- ensuring the data may lawfully be submitted to us;
- entering into a DPA with us where required.
We will process customer-controlled personal data according to the applicable agreement and DPA.
11. Security
We use reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.
No system is perfectly secure. You are responsible for using the Website from secure devices and networks.
If you believe your personal data has been compromised, contact us at danylo@dxlabs.pro.
12. Children
The Website is a B2B website and is not directed to children or anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at danylo@dxlabs.pro so we can take appropriate action.
If the Website becomes directed to minors or likely to be used by minors, this policy must be expanded to include age-appropriate notices, parental consent rules where applicable, and child-specific safeguards.
13. Automated decision-making
We do not use personal data for solely automated decisions that produce legal or similarly significant effects.
If this changes, we will update this Privacy Policy and provide information required by applicable law.
14. Marketing communications
You can opt out of marketing emails by using the unsubscribe link in the email or contacting us at danylo@dxlabs.pro.
Even if you opt out of marketing, we may still send non-marketing messages, such as security, legal, support, or transaction notices.
15. Do Not Track and global privacy controls
Some browsers or extensions send "Do Not Track" or similar signals. Because there is no uniform legal or technical standard for these signals, we do not currently respond to all such signals unless required by law.
Where required by applicable law, we will honour legally recognised opt-out preference signals.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as by posting a notice on the Website or sending an email.
The updated Privacy Policy will take effect on the date stated at the top of the policy or as otherwise stated in the notice.
17. Contact
For privacy questions or requests, contact:
DX Labs
Operator legal name: Danylo Vietrov
Public contact address: Schlagstraße 2, 65193 Wiesbaden, Germany
Email: danylo@dxlabs.pro
Security: danylo@dxlabs.pro
If applicable:
EU representative: not appointed because the operator is established in Germany
UK representative: not appointed
Data Protection Officer: not appointed
