eualternative.eu privacy policy — score 94/100 (low risk)
Dernière analyse
Le contenu du rapport (résumé, constats, citations) a été généré en anglais et n'est pas localisé.
Nineties Engineering OÜ · eualternative.eu
Détails du rapport
low risqueNineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Évaluation par catégorie
Répartition de la politique selon les principaux domaines de conformité. Bon = solide, moyen = mitigé, faible = préoccupant.
Collection is strictly limited to voluntary contact form submissions and anonymous aggregated statistics, backed by an explicit no-logs policy and no tracking cookies.
The policy is written in plain language and clearly identifies the controller, purposes, legal bases, and user rights, though it lacks specifics on cookie names and exact retention days.
Only Plausible Analytics is disclosed as a third party for anonymous statistics, with no advertising trackers or data sales, but an explicit Article 28 DPA is not confirmed.
The policy explicitly states exclusive EU hosting and affirms that personal data is not transferred to third countries outside the EU/EEA.
The policy is entirely silent on whether user data is used for AI or model training, leaving users unable to verify this practice despite the otherwise minimal data collection.
All major GDPR rights are clearly listed with specific articles cited, and contact details for both the controller and the Estonian supervisory authority are provided.
Constats clés
Clauses notables, problèmes ou bonnes pratiques identifiées (critiques en premier)
Vague retention periods
Retention periods for contact form messages are vague, stating they are kept only 'as long as needed to handle your enquiry and any related follow-up,' without specifying a concrete maximum timeframe or automatic deletion schedule.
Missing DPA confirmation
While Plausible Analytics is described as GDPR-compliant, the policy does not explicitly confirm whether a written Data Processing Agreement under Article 28 GDPR has been concluded with them.
Silent on AI training
The policy is completely silent on whether user data—particularly contact form submissions—is ever used for AI or machine-learning model training.
Unspecified spam cookies
The strictly necessary cookies used for spam protection on the contact form are mentioned but lack specifics on their name, provider, duration, or the exact data they process.
No server logs
The website explicitly states that servers are configured to not log any information, which is an exceptional privacy-by-design measure that eliminates a common source of personal data leakage.
Synthèse pour l'utilisateur
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Posture de conformité
strong
Transferts UE
EU-only hosting with no third-country transfers described.
Signaux détectés
Données et pratiques spécifiques identifiées dans le texte
Extraits probants
Citations directes de la politique à l'appui de ces constats
Server logs: our servers are configured to not log any information.
Contact form messages are kept for as long as needed to handle your enquiry and any related follow-up, and then deleted.
We use Plausible Analytics, a GDPR- and ePrivacy-compliant tool that does not use cookies and does not collect IP addresses.
This website is hosted exclusively on servers located within the European Union. Personal data processed in connection with this website is not transferred to third countries outside the EU/EEA.
The only cookies that may be set are strictly necessary cookies on the contact form, used solely to help protect the form against spam and abuse.
Manquant ou flou
- No mention of AI or machine-learning model training practices or an opt-out mechanism.
- No specific retention schedule or automatic deletion timeframe for contact form personal data.
- No explicit confirmation of an Article 28 GDPR Data Processing Agreement with Plausible Analytics.
- No details on the spam protection cookie provider, cookie names, or expiration periods.
- No information on data backup practices, locations, or retention.
- No description of personal data breach notification procedures.
Questions à poser
- What is the maximum retention period for contact form submissions, and is deletion performed automatically after a fixed number of days?
- Is a written Data Processing Agreement under Article 28 GDPR in place with Plausible Analytics?
- What specific spam protection cookies are set on the contact form, who provides them, and what is their expiration period?
- Are contact form submissions or any other user data ever used to train AI or machine-learning models?
- Are backups of contact form data created, and if so, where are they stored and for how long?
Partager cette analyse
Toute personne disposant de ce lien peut consulter le résultat ci-dessus.
Conçu par DentroChat
Chat IA 100 % européen pour tous
Discutez avec l'IA, travaillez avec des fichiers, générez des images et cherchez sur le web. Les données restent en Europe.