Data & Privacy
This page explains how I handle the information you share when you contact me through this website. I follow data protection principles inspired by the EU General Data Protection Regulation (GDPR) and good information security practices such as ISO/IEC 27001. In simple terms: I only collect what I need, use it for clear purposes, keep it no longer than necessary, protect it carefully, and respect your rights.
This page is for transparency and good practice. It is not formal legal advice.
Last updated: November 22, 2025
At a Glance
Key points about your data
I only use your details to review and respond to your request, and to deliver services you ask for.
I do not sell or rent your personal data.
I only collect the minimum data needed to understand your enquiry and respond.
Technical data (like browser information, device information and security logs) is collected to keep the website secure.
Cloudflare provides DNS, SSL/TLS and security services for this site and may process technical data as part of that.
You can ask for access, correction or deletion of your data by emailing [email protected].
Who We Are & Scope
This website is operated by Md Redwan Ahmed. References to "I", "me" or "we" mean Md Redwan Ahmed and any trusted collaborators working under his direction (for example, when delivering security services).
This notice covers the website redwan.work and especially the contact form at contact.
Contact for Privacy Matters
For all data and privacy questions, or to exercise your rights, you can email: [email protected]
What Data We Collect Through the Contact Form
The contact form collects three categories of information: required fields, optional fields, and technical or auto-generated fields.
Important Notice
Please do not include sensitive personal information (such as health data, government ID numbers, or confidential information about third parties) in the free-text fields. If a project genuinely requires handling such data, we will agree on appropriate safeguards separately.
RequiredUser-Facing Fields
| Field | Purpose |
|---|---|
| Full Name | To identify who is contacting me |
| Primary contact method for responses | |
| Country | To understand location and applicable regulations |
| Time Zone | To coordinate communication timing |
| Service Type | To understand what services you need |
| Project Summary | To understand the scope and nature of your enquiry |
| Urgency | To prioritize responses appropriately |
| GDPR Consent | Confirmation that you agree to data processing |
OptionalUser-Facing Fields
These fields help tailor communication and proposals to your preferences but are not required to submit the form.
AutomaticTechnical & System-Generated Data
These fields are collected automatically to keep the service secure, prioritize work, and help with troubleshooting if needed.
| Field | Purpose |
|---|---|
| Ticket ID | Unique identifier to track your enquiry |
| Source Page | URL path where the form was submitted |
| User Agent | Browser and OS info for troubleshooting |
| Device Type | Desktop/Mobile/Tablet classification |
| Priority | Auto-derived from urgency |
| Timestamp | Date and time of submission |
| Security Signals | Bot detection (validated, not stored) |
Why We Collect This Data & Our Legal Bases
I follow GDPR principles including lawfulness, fairness and transparency, purpose limitation, data minimisation, and storage limitation. Data is processed only for the specific purposes described on this page.
Legal Bases for Processing
Consent
When you tick the "I agree…" checkbox on the contact form, you confirm that you have read this page and allow processing of your details for the purposes described.
Legitimate Interest & Pre-Contractual Steps
There is a reasonable expectation that if someone asks about security services, their details will be used to respond, provide a quote, or prepare an agreement.
What We Don't Do
- Data is not used to build marketing profiles
- Data is not used for unrelated advertising
- Data is not sold to data brokers or third parties
How We Use Your Data
To read and respond to your enquiry
To prepare proposals, statements of work, or contracts if you decide to move forward
To manage and follow up on ongoing projects or support tickets
To manage records required by law (for example, tax and accounting records if a project goes ahead)
To protect the website and services from abuse, fraud, and security threats (including via IP-based rate limiting, security logs and anti-bot checks)
To improve how the site and contact process work (for example, by understanding which services are most requested)
How Long We Keep Your Data
Data retention periods are based on ISO 27001-style practices and legal requirements:
Contact Form Enquiries (No Contract)
Kept for up to 24 months from the last meaningful interaction, then securely deleted or anonymised.
Client Projects & Contracts
Relevant contact form data is kept as part of project and accounting records, typically for up to 7 years to meet legal and tax obligations.
Technical & Security Logs
Including server and security logs, typically kept for up to 12 months, unless they need to be kept longer for investigating security incidents, fraud, or legal disputes.
These time periods may be adjusted if required by law. Data is reviewed periodically to ensure it is still necessary.
Where Data is Processed & Who We Share It With
The main data controller is Md Redwan Ahmed. Personal data is stored and processed using secure cloud services located in reputable regions (for example, the EU/EEA, UK, or other locations with adequate safeguards).
I use secure cloud productivity and storage tools to manage contact form submissions, email and project records. These providers are selected based on their security posture and data protection commitments.
Categories of Recipients
Cloud hosting and infrastructure providers (for running the website and sending email)
Security and performance providers (such as the content delivery network and DDoS protection service)
Professional advisors (for example, accountants or legal advisors) where necessary
Data Sharing Policy
- Data is not sold or rented
- Data is only shared when necessary to provide the service, comply with the law, or protect rights and security
Security Measures
I implement technical and organisational measures inspired by ISO/IEC 27001 standards to protect your data. While no system can guarantee absolute security, reasonable and proportionate controls are in place.
Security Controls
Encryption in Transit
HTTPS/TLS for all traffic between your browser and the site
Access Control
Restricted to Md Redwan Ahmed and trusted collaborators under confidentiality obligations
Authentication
Strong authentication, unique accounts, and least-privilege access principles
Monitoring & Logging
Security monitoring and logging of access and changes
Trusted Infrastructure
Use of reputable cloud providers with their own security certifications
Regular Updates
Regular patching and hardening of software where reasonably possible
Incident Response
In the event of a security incident, I follow a structured process: detect, contain, investigate, notify where required by law or good practice, and implement improvements to prevent recurrence.
Your Rights
Based on GDPR-style rights, you have the following data protection rights:
Access
Request a copy of your data
Rectification
Ask for corrections to inaccurate data
Erasure
Ask for deletion where data is no longer needed or where consent is withdrawn
Restriction
Ask to restrict or object to certain processing
Portability
Ask for data to be provided in a portable format where technically feasible
These rights may be subject to certain legal limitations (for example, where records must be kept for tax or regulatory reasons).
How to Exercise Your Rights
To exercise any of these rights, please email [email protected] from the address you used in the contact form and describe your request. I will respond as soon as reasonably possible.
Cookies, Technical Data & Cloudflare
This site uses strictly necessary cookies and similar technologies for security and performance. These are essential for the site to function and are not used for advertising or tracking your browsing on other websites.
Cloudflare Services
Cloudflare, acting as DNS, CDN, and security provider, may collect technical data such as IP address, request details, system configuration, and cookies to defend against attacks and ensure reliable delivery.
These cookies and logs are used only for security and service delivery, not for advertising.
Technical Data Collected
IP address
Browser type and version
Operating system
Referrer URL
Date/time of access
Security events (e.g., blocked requests, challenge results)
Learn More About Cloudflare
Cloudflare Privacy Policy - General infrastructure services
Cloudflare Cookie Policy - Information about cookies used
Cloudflare Turnstile Privacy Notice - Bot protection details
You are encouraged to review these documents for details of how Cloudflare processes data in its role as service provider.
Cloudflare Turnstile (Bot Protection)
The contact form uses Cloudflare Turnstile to protect against automated abuse and spam. This helps ensure that genuine enquiries are prioritized.
How Turnstile Works
Turnstile collects and processes certain client-side signals (for example, IP address, User Agent, and related technical fingerprints) to determine whether a request is legitimate. According to Cloudflare, this is done in a privacy-preserving way and is not used for ad targeting.
In most cases, Turnstile runs in the background with no user interaction required. Occasionally, a simple verification check may be shown.
For more details, see Cloudflare's Turnstile privacy page.
Law Enforcement, Audits & Legal Obligations
Data may be disclosed to law enforcement or regulators if there is a legal obligation to do so (for example, a valid court order or binding request from a regulatory authority).
Each request will be checked to ensure it is lawful, necessary and proportionate
Only the minimum amount of data necessary will be shared
Where legally permitted, the affected individual will be informed
In the context of security audits or compliance assessments, only strictly necessary information will be shared with auditors under appropriate confidentiality obligations.
Updates to This Page
This Data & Privacy page may be updated if the site or processing activities change. The most recent version will always be available at privacy.
If significant changes are made, I will take reasonable steps to notify users who have recently submitted contact forms. Continued use of the site after changes indicates acceptance of the updated policy.
Questions About This Policy?
If you have any questions about this privacy notice or how your data is handled, please email [email protected]