Privacy Policy

Our fundamental business principle is the protection of your privacy and personal data.

Privacy of users and data protection are human rights. We have a duty to care for the people whose data we have collected. Data is a responsibility and must be collected and processed only when necessary.

Our Privacy Protection Principles

ESP32 CAN Sniffer adheres to the following principles with the aim of protecting your privacy:

  • We do not collect more information than necessary
  • We do not use your data for purposes that are not stated
  • We do not store your data if it is no longer needed
  • We never sell, lend, or distribute or publicly publish your personal data
  • We do not send your data to third parties
  • We do not use any automated processing for decision-making or profiling
  • We do not track visits to our website without your consent
  • We do not transfer your personal data outside the EU/EEA to a third country or international organization
  • We continuously verify that your data is stored securely

ESP32 CAN Sniffer collects only limited amounts of information about you that are necessary to respond to your request and, we hope, in establishing a long-term and credible business relationship.

Table of Contents

Data Controller

The data controller for this website and your personal data is:

ESP32 CAN Sniffer
Contact: esp32contact@gmail.com

How and What Data We Collect?

Although you can use our website without providing any personal data, after you contact us via the contact form or directly via our email address, ESP32 CAN Sniffer collects information about you.

Personal Data We Collect

Information you fill in (personal data such as your name, email address, organization) or send via direct email will be processed and stored so we can contact you and respond to your request. Our pages are not intended for persons under 16 years of age, and if you are under 16 years old, do not give us your personal data without the consent of your parents.

  • Name: Required for order processing and license activation
  • Email address: Required for order confirmation, license delivery, and support communication
  • Shipping address: Required only if physical products are shipped
  • Payment information: Processed securely by third-party payment processors (we do not store full payment details)

Software Data Collection

The ESP32 CAN Sniffer software may collect the following non-personal system information only when you explicitly choose to report a bug or crash:

  • Operating system and version
  • CPU information (cores, usage, frequency)
  • RAM information (total, used, available)
  • Disk space information
  • Application version and license type
  • Connection status and performance settings
  • Crash logs and error messages (when reporting crashes)

Important: This system information is collected only with your explicit consent when you click "Report Bug" or "Report Problem". No data is collected automatically without your action.

License Verification and Anti-Piracy Monitoring

To ensure license compliance and prevent unauthorized use, the ESP32 CAN Sniffer software performs periodic online license verification. As part of this process, our license administration system records the following information:

  • Last online verification timestamp: The date and time when your license was last verified online
  • Hardware ID: A unique identifier based on your computer's hardware configuration (bound to your license)
  • License status: Whether your license is active, expired, or revoked

Purpose and Legal Basis (GDPR Article 6): This data collection is necessary for:

  • Contract performance: Verifying that you are using the software in accordance with your license agreement
  • Legitimate interests: Protecting our intellectual property rights and preventing software piracy

Purpose and Legal Basis for Data Collection

The only purpose and legal basis for processing your personal data is to prepare the most appropriate response to your request before entering into any business relationship or in terms of executing a contractual relationship between you and ESP32 CAN Sniffer, if such a relationship has already been established.

Lawful Basis for Processing (GDPR Article 6)

We process your personal data based on the following lawful bases:

  • Contract performance: Processing necessary to fulfill your order and provide the software license
  • Legal obligation: Processing required by Croatian tax and accounting laws (7-year retention)
  • Legitimate interests: Processing for customer support, fraud prevention, and software improvement
  • Consent: For optional data collection such as bug reports, crash diagnostics, and analytics cookies

How Long Will Your Personal Data Be Stored?

In response to your inquiry via our email address, we will respond to your request. If further communication between you and ESP32 CAN Sniffer will not exist, we will delete all your personal data no later than 6 months after the last contact.

As long as we have open communication in terms of establishing business cooperation, we will continue to store and use your personal data necessary for establishing our business relationship, as well as during the duration of our contractual relationship.

Retention Periods

  • Order and customer data: 7 years from the date of purchase (required by Croatian tax and accounting laws)
  • License activation data: For the duration of the license validity plus 7 years for legal compliance
  • Support communications: 3 years from the last contact, unless longer retention is required for dispute resolution
  • Bug reports and crash diagnostics: Maximum 90 days from submission, unless you explicitly consent to longer retention
  • Marketing consent data: Until consent is withdrawn or 2 years of inactivity, whichever comes first

Of course, at any time you have the right to request the cessation of further processing of your data, and we will respect your choice.

How We Will Use Your Data

We use your personal data exclusively for the purposes stated in this privacy policy. We do not use your data for purposes that are not stated, and we do not share your data with third parties except as described below.

Data Sharing and Third Parties

We do not sell, rent, or share your personal data with third parties except:

  • Payment processors: Required to process payments (data is handled according to their privacy policies)
  • Shipping providers: Required to deliver physical products (only shipping address is shared)
  • Legal requirements: When required by law or to protect our legal rights

All third-party service providers are required to maintain appropriate security measures and use your data only for the specified purposes.

Website Analytics

We use Google Analytics to understand how visitors interact with our website and to improve our services. Google Analytics collects anonymized data about website usage, including page views, user sessions, traffic sources, and device types.

Data Collected by Google Analytics:

  • Page views: Which pages are visited and how long visitors stay
  • Traffic sources: Where visitors came from (search engines, direct links, etc.)
  • Device information: Browser type, device type, screen resolution (anonymized)
  • Geographic data: Country/region (anonymized, IP addresses are anonymized)

Purpose and Legal Basis: This data is collected with your consent (GDPR Article 6(1)(a)) to understand website traffic patterns, improve website performance, and make informed decisions about product development.

Data Storage and Retention: Google Analytics data is stored by Google according to their privacy policy. We have enabled IP anonymization, and data is retained according to Google Analytics settings (typically 26 months).

Your Control: You can control Google Analytics cookies through the cookie consent banner. If you decline analytics cookies, Google Analytics will not be loaded and no tracking will occur.

Information Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure servers, and access controls.

Your personal data is protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed. This is done through appropriate professional technical, physical, and procedural measures.

We use a reference global platform for cloud services to ensure the highest data protection, both for our internal business documentation and for your personal data.

About Our Website Server

This website is hosted by a reference web hosting service provider. All traffic (file transfer) between this website and your internet browser is encrypted and delivered via HTTPS level.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33 and 34.

Cookies

Cookies are small text files placed on your device that help provide browser interface customization. If you are concerned about cookies, most internet browsers allow you to prevent the installation of cookies.

To properly manage our website, by using necessary cookies we store anonymous data in our systems to ensure website functionality, without processing your personal data. Our website may also install other cookies, but only with your consent, and if you give consent, you can always withdraw it later without consequences for browsing our website.

Cookie Types We Use

Our website uses the following types of cookies:

Cookie Type (Duration) Purpose
cookie-consent Persistent (365 days) Stores your cookie consent preference (allow/deny)
_ga Persistent (2 years) Google Analytics - Distinguishes unique users (only set if you accept analytics cookies)
_ga_XXXXXXXXXX Persistent (2 years) Google Analytics - Stores session state (only set if you accept analytics cookies)
_gid Persistent (24 hours) Google Analytics - Short-term user identification (only set if you accept analytics cookies)
_gat Persistent (1 minute) Google Analytics - Request throttling (optional, only set if you accept analytics cookies)

Cookie Consent

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept All: Accept all cookies including analytics cookies
  • Reject: Reject all non-essential cookies (only essential cookies will be set)
  • Customize: Choose which cookies to accept (essential cookies are always active)

You can change your cookie preferences at any time by clicking the cookie consent banner or by clearing your browser cookies.

Essential Cookies: These cookies are necessary for the website to function and cannot be disabled. They do not collect personal information.

Analytics Cookies: These cookies (Google Analytics) are only set if you explicitly accept them. They help us understand how visitors use our website. You can disable them at any time.

Your Rights

At any time, you are free to contact us for the purpose of:

  • ACCESS to all personal data that ESP32 CAN Sniffer has collected about you
  • RECTIFICATION of inaccurate or incomplete personal data that ESP32 CAN Sniffer has about you
  • ERASURE of personal data that ESP32 CAN Sniffer has collected about you
  • RESTRICTION of processing of your personal data by ESP32 CAN Sniffer if you want us not to delete them or use them further
  • OBJECTION to the processing of your personal data by ESP32 CAN Sniffer
  • REQUEST for your personal data that you have given to ESP32 CAN Sniffer in a commonly used machine-readable format, for the purpose of transfer to a third party

If you wish to exercise any of the above rights, please feel free to:

And we will respond within 15 days.

Your GDPR Rights (Detailed)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Article 15): Request a copy of your personal data we hold
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Article 17): Request deletion of your data ("right to be forgotten"), subject to legal obligations
  • Right to restrict processing (Article 18): Request limitation of how we process your data
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to object (Article 21): Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for optional data processing at any time

To exercise any of these rights, please contact us at esp32contact@gmail.com. We will respond within 30 days as required by GDPR.

Right to File a Complaint with Supervisory Authority

At any time, you can file a complaint directly with the competent supervisory authority, especially in the EU country where you have your usual residence or place of work, if you believe that our processing of your personal data is not lawful.

Direct contacts of the Croatian national supervisory authority are:

AGENCY FOR PERSONAL DATA PROTECTION (AZOP)
Ulica Metela Ožegovića 16
HR - 10 000 Zagreb
Phone: +385 1 4609 000
Email: azop@azop.hr
Web: www.azop.hr

Marketing and Sales

We would like to send you information about our services that might interest you. After we establish the first direct contact and after you send us your personal data, we will respond to your request and separately request your consent for any further marketing activities towards you. Without your consent, we will not provide any marketing activity.

If we already have an established business cooperation, based on our legitimate interest, we retain the possibility of contacting you regarding news and possible ways of expanding our business cooperation if they are in your interest. At any time, you have the right to request the cessation of any of our marketing activities, and we will fully respect your choice.

Improvement of This Privacy Policy

We reserve the right to periodically adapt and improve the text of this Privacy Policy, primarily for the purpose of respecting legal changes, or changes in purposes and methods of processing. However, we will not limit or change your rights that arise from this Privacy Policy or from the relevant legal regulations to your detriment.

In the event that changes occur to the rules that may affect your rights, we will notify you in a timely and direct manner in an appropriate way.

Last Updated: January 2025
This Privacy Policy was last updated: January 2025

← Return to Home