Skip to content

Privacy Policy

This policy explains how we process personal data under the EU General Data Protection Regulation (GDPR). Because we offer services to people in the EU, the GDPR applies to us under Art. 3(2) even though the company is established in the United States and operated from the United Arab Emirates.

Last updated 15 June 2026

Draft — highlighted fields still need real values, and the legal text should be reviewed by counsel before this page is published.

Controller#

The controller responsible for processing your personal data is GAMPERTIO LLC (Ordeo (designsystem.services)), 3833 Powerline Rd, Suite 201, Fort Lauderdale, FL 33309, USA. Email: hello@designsystem.solutions. Phone: [[PHONE]]. Full company details are in our Imprint.

EU and UK representatives (Art. 27)#

Our EU representative under Art. 27 GDPR is [[EU_REP]]. If we serve customers in the United Kingdom, our UK GDPR representative is [[UK_REP]]. You may contact the relevant representative directly about any data-protection matter.

What we process and why#

We process the following categories of personal data, each on the legal basis noted:

  • Contact and enquiry data (name, email, company, message) when you email us or submit a form — to respond to your request and take pre-contractual steps (Art. 6(1)(b)) or on the basis of our legitimate interest in handling enquiries (Art. 6(1)(f)).
  • Contract and billing data when you engage our services — to perform the contract and meet legal accounting obligations (Art. 6(1)(b) and (c)).
  • Server log data (IP address, user agent, timestamp) automatically collected when you visit — for security and stable operation, on our legitimate interest (Art. 6(1)(f)).
  • Analytics and cookie data, only where you have given consent (Art. 6(1)(a)); you can withdraw consent at any time.

Recipients and processors#

We share personal data only with service providers that process it on our behalf under data-processing agreements (Art. 28 GDPR) — for example hosting, email, scheduling, payment, and analytics providers — and where required with public authorities. We do not sell personal data.

Hosting and technical operation#

This website is hosted by Vercel Inc., San Francisco, California, USA, which processes the server log data described above on our behalf as a processor under Art. 28 GDPR. Where you book a call or submit a form, the booking or form provider integrated on the relevant page processes the data you enter solely to deliver that function, likewise as our processor. The legal basis for hosting and technical provision is our legitimate interest in a secure and efficient presentation of our site (Art. 6(1)(f)).

International transfers#

We are established in the United States and operate from the United Arab Emirates, so your data may be transferred to and accessed from outside the EU/EEA. For transfers to the US we rely on the EU–US Data Privacy Framework where the recipient is certified, and otherwise on the European Commission's Standard Contractual Clauses (SCCs). Access from the United Arab Emirates is covered by SCCs together with supplementary safeguards. A copy of the relevant safeguards is available on request.

Retention#

We keep personal data only as long as necessary for the purpose it was collected for, or as long as statutory retention periods (for example under applicable tax and accounting law) require, after which it is deleted or anonymised.

Your rights#

Under the GDPR you have the right to:

  • access your personal data and request a copy (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have your data erased (Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw any consent at any time, without affecting prior processing (Art. 7(3)).

To exercise any of these rights, contact us at hello@designsystem.solutions or contact our EU representative named above.

Right to complain#

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

Automated decision-making#

We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR.

Cookies and analytics#

We set strictly necessary cookies required to operate the site. Any analytics or non-essential cookies that store or access information on your device are loaded only after you give consent (Art. 6(1)(a) GDPR, together with the EU ePrivacy Directive 2002/58/EC as implemented in your country). You can change or withdraw your choice at any time via the cookie settings, without affecting the lawfulness of prior processing.

Children#

Our services are directed at businesses and professionals, not at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy#

We may update this Privacy Policy to reflect changes in our processing or in legal requirements. The current version published on this page, marked with the “Last updated” date above, always applies.