Privacy policy
The readable kind.
What gets collected, why and what you can do about it.
Data controller
Matic Korošec, operating as NextGEN SOLUTIONS, IT storitve in svetovanje, Matic Korošec s.p., Cesta talcev 12, 3320 Velenje, Slovenia. Reachable via the contact page. This is my website: https://nextgen-solutions.xyz.
Analytics - only with your consent
I use Google Analytics 4 (Google Ireland Ltd.) to understand which pages get read. It stays completely off until you click "Accept" in the cookie notice - no analytics cookies are set and nothing is sent to Google before that. The legal basis is your consent (GDPR Art. 6(1)(a)).
When you accept, Google Analytics sets these cookies:
| Cookie | Lifetime | Purpose |
|---|---|---|
_ga | 2 years | Distinguishes visitors |
_ga_* | 2 years | Keeps session state |
IP addresses are anonymized. Advertising features are disabled (ad storage and ad personalization are hard-set to denied). Analytics data is retained for 14 months, then deleted. Google may process data outside the EU under the EU-US Data Privacy Framework and standard contractual clauses.
You can withdraw or change your choice at any time via theCookies link in the footer - it reopens the notice.
Bot check on the contact page
The contact page uses Cloudflare Turnstile (Cloudflare, Inc.) to confirm you are human before revealing my email address, protecting it from scrapers. Turnstile processes technical browser signals for this single purpose and does not track you across sites. Legal basis: legitimate interest (Art. 6(1)(f)) in preventing abuse.
It only loads when you press the button to reveal the address. Until you do, the contact page makes no third-party requests at all and Turnstile sets no cookies either way.
CDN and security (Cloudflare)
The whole site is served through Cloudflare (Cloudflare, Inc.), which sits in front of the server as a CDN and security layer. Every request passes through it, so Cloudflare briefly processes your IP address and request metadata to route traffic, cache pages and filter attacks. Legal basis: legitimate interest (Art. 6(1)(f)) in keeping the site fast and available. Cloudflare acts as a processor and is certified under the EU-US Data Privacy Framework.
When Cloudflare's bot filter verifies that a request comes from a real browser, it sets a cf_clearance cookie recording that the check passed, so you are not re-checked on every page. It contains no profile and does not track you across sites. As a strictly necessary security cookie it is exempt from the consent requirement, which is why the cookie notice does not ask about it. The cookie can persist in your browser for up to a year, but the clearance it carries is short-lived - typically 30 minutes - after which the check simply runs again.
Server logs
Like practically every web server, mine keeps standard access logs (IP address, requested URL, timestamp and user agent) for security and debugging. Legal basis: legitimate interest (Art. 6(1)(f)). Logs are rotated and deleted on a regular schedule and are not used for profiling.
If you email me
Your message and address land in my inbox and stay there. They are not shared with anyone, added to any list or used for anything except replying to you. Ask and I will delete the correspondence.
What this site doesn't do
No accounts, no comments, no contact forms, no newsletters, no advertising, no social-media pixels, no profiling and no selling of data. Ever.
Your rights
Under the GDPR you can request access to, correction of or deletion of your personal data; restriction of processing; data portability; and you can object to processing based on legitimate interest. Withdrawing consent is as easy as giving it (footer → Cookies). If you believe I've handled your data improperly, you can complain to the Slovenian supervisory authority: Informacijski pooblaščenec, Dunajska cesta 22, 1000 Ljubljana (ip-rs.si).
Last updated: 17 July 2026.