This Privacy Policy describes how Dmytro Sheremet, operating as sheremet.dev ("we", "us", "our"), collects, uses, stores, and protects personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and other applicable data protection legislation.
This Policy applies to all personal data processed by sheremet.dev in connection with:
This Policy does not apply to personal data processed by sheremet.dev as a data processor on behalf of clients. In such cases, the client acts as the data controller and the applicable Data Processing Agreement governs that relationship.
We may collect the following categories when you contact us or engage our services:
When you visit sheremet.dev, basic technical information may be collected by our hosting provider (Cloudflare), including: IP address and approximate geolocation, browser type and version, pages visited and time on site, and referring URL.
This data is processed by Cloudflare under their own privacy policy. We do not use cookies for tracking or advertising purposes. Any analytics are anonymous and aggregated.
We may receive personal data from LinkedIn, referral partners, or public professional directories when assessing a potential engagement.
We only process your personal data when we have a valid legal basis under Article 6 GDPR:
| Basis | When We Apply It |
|---|---|
| Art. 6(1)(b) Contract | Managing your project, issuing invoices, taking pre-contractual steps at your request. |
| Art. 6(1)(f) Legitimate interests | Responding to enquiries, maintaining client records, improving services, security monitoring — provided your interests do not override ours. |
| Art. 6(1)(c) Legal obligation | Compliance with applicable law, including tax and accounting obligations. |
| Art. 6(1)(a) Consent | Marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing. |
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law:
| Category | Retention Period |
|---|---|
| Client & project data | 5 years after the end of the last engagement |
| Financial & invoicing records | 7 years (Croatian tax law requirement) |
| Email & communication records | 3 years after the last exchange |
| Website analytics data | 12 months (aggregated, anonymised) |
| Job application data | 6 months unless you consent to longer retention |
When data is no longer required, it is securely deleted or anonymised.
We do not sell, rent, or trade your personal data to any third party for commercial purposes, ever.
We may share your data with trusted third-party service providers acting as data processors, strictly for the purposes described in this Policy:
We may disclose personal data to competent authorities when required by applicable law, court order, or to protect our legal rights.
Some of our sub-processors are located outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred to a third country, we ensure appropriate safeguards are in place, including:
You may request details of the specific safeguards by contacting us at the address above.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration:
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you without undue delay.
As a data subject, you have the following rights which you may exercise free of charge by contacting us:
We will respond to all requests within one calendar month. This may be extended by two further months for complex requests, with prior notice.
Where sheremet.dev processes personal data on behalf of a Client as a data processor (e.g. when managing infrastructure that handles the Client's users' data), a separate Data Processing Agreement (DPA) will be executed in accordance with Article 28 GDPR.
Clients who require a DPA should contact us prior to commencement of the relevant services.
The sheremet.dev website does not use third-party tracking or advertising cookies. Cloudflare may set functional cookies strictly necessary for security and performance (e.g. bot detection). These cookies are not used to build profiles or track you across other websites.
No cookie consent banner is presented because no non-essential cookies are set.
Our services are directed exclusively at businesses and professional individuals. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have inadvertently collected such data, we will delete it promptly.
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify existing clients of material changes by email at least 30 days before the changes take effect.
The current version is always available at sheremet.dev/privacy. The "Effective Date" at the top indicates when it was last revised.
For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices:
This document was prepared in accordance with GDPR (EU) 2016/679. © 2026 Dmytro Sheremet · sheremet.dev · Split, Croatia