Who we are, who this is for
Controller: Gharvynnthit, with a studio at Nieuwe Looiersstraat 3H, 1017 VA Amsterdam, Netherlands, reachable at contact@gharvynnthit.world and +31 20 623 5949. The public site is gharvynnthit.world. This policy is written for visitors, readers, and people who use our contact form. It does not try to set rules for the entire internet; it covers what happens when you load our pages in a standard browser and interact with the consent tool.
The date chips in the hero use your device’s clock for display only. The legal “last material update” to the written policy may still be noted in the closing section when we make substantive changes.
What cookies, pixels, and similar keys are
Most people mean three things at once: HTTP cookies (small name-value pairs a server asks the browser to store and send back), first-party and third-party scripts that can read a container set by a vendor, and local storage or session storage in the browser. We use a small local storage string to store your “Accept / Reject / customised” state so that the banner is not needlessly shown on every new tab if you have already decided. We do not use so-called “super-cookies” or other unusual device identifiers, and we do not attempt to track you across unrelated sites unless you have switched on marketing, and a provider is configured in line with the privacy policy and this document.
Strictly necessary items include security tokens, load-balancing or abuse-prevention data where our host adds them, and the consent key itself. In the ePrivacy sense, that key is “necessary” because, without a proof of consent, we cannot know whether to load optional scripts.
Analytics (optional) is where we might place an anonymised or pseudonymous identifier so we can see which public articles are most read, how long a typical session is, and whether errors spiked. We do not set out to know your name from those tools.
Marketing (optional) is reserved for when we test advertising or use consent-based retargeting. It may be dormant for long stretches; when we activate a vendor, we will document it in the internal register of processing and update this page in advance when the change is material. Not switching marketing on in the bar means, in a correctly configured build, the marketing placement code should not execute.
- Necessary
- Local storage (consent)
- Optional analytics
- Optional marketing
- Server logs (see privacy policy)
How the consent banner ties together
When you first arrive, the banner at the bottom offers Reject (necessary only), Cookie settings (per category), and Accept all. The footer’s “Cookie settings” link reopens the same box without resetting your earlier decision unless you change it. We store a JSON object in localStorage with boolean flags, a time stamp, and a simple version so we can migrate if the schema ever changes. Clearing site data in the browser will delete that file and the banner will come back, which is expected behaviour.
If you block third-party storage entirely, some design elements may still work, but a vendor that expects a cookie in an iframe might be limited. In that case we will still respect your “reject optional” position by not running those parts that depend on a consent signal we no longer can read. Write to us if you see something inconsistent, because the goal is alignment between text and what the network panel shows.
Storage duration, refresh, and browser controls
Session cookies are deleted when the browser session ends, unless a provider mislabels them, in which case we follow up. Persistent cookies, when used, are kept only as long as the product documentation allows; our working assumption for preference-type rows is a maximum of twelve months unless a shorter period is set in the product UI. The consent log you store locally is kept until you remove it, we bump the version, or the domain name changes. You can always use private browsing, block categories in the browser, or use “delete site data” for our origin without asking us in advance, understanding that the site may not remember a granular choice until you re-save it.
Vendors, processors, and international transfers
We host static pages and a contact workflow that may, in the future, pass through a EU-based processor. When we connect analytics or marketing, we will choose entities that can sign a data processing agreement, offer EU hosting where feasible, and support minimised configurations. If a provider processes data in a country without an adequacy decision, we will rely on standard contractual clauses or another valid transfer tool and reflect that in the records required under the GDPR, including the Article 30 record that lists purposes and security measures. You are not required to use marketing to read our educational articles, and the site should remain useful with marketing disabled.
How this links to your data rights
The personal data that cookies can generate, such as an online identifier or a technical log, may be part of a larger processing activity described in the privacy policy. You may ask for access, erasure, restriction, or for us to help you object to a particular processing operation where the law allows. For complaints, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local EEA lead authority, depending on your residence and the facts. Withdrawing consent for optional categories is immediate for future processing from the point you save, without affecting the lawfulness of data processed earlier under a valid opt-in, where the GDPR allows that rule.
Where we use consent as the legal basis for a non-essential tool, the withdrawal path is the same as the “Reject” and “Settings” path on this page, plus a general email if you do not have the device with you. We will confirm receipt in reasonable time and adjust configurations as soon as the stack allows, noting that DNS or cache delays can be outside our day-one control but should not be hidden from you in communication.
Last material review of this policy text: 25 April 2026. Substantive changes will be recorded here with a new date line.