RADAR - Regulatory Assessment for Digital Services Act Risks

Privacy Policy

Overview

This privacy policy explains how RADAR (Regulatory Assessment for Digital Service Act Risks) collects and processes information when you use our website at https://radar.checkfirst.network, subscribe to our newsletter, or use our REST API.

Last updated: 18 August 2025

Data Controller

CheckFirst Oy
Business ID: FI3143603-4
PL 7, 00351
Helsinki, Finland
Email: privacy@checkfirst.network

What We Collect

🗄️

Server Logs

Our web server automatically collects:

  • IP addresses
  • Browser type and version
  • Pages visited and time of visit
  • Referring website (if any)

Retention: Server logs are automatically deleted after 30 days.

📊

Analytics Data

We use Piwik Pro analytics (cloud version) to understand how visitors use our site. This collects:

  • Pages viewed and actions taken
  • Time spent on site
  • General location (country/city level)
  • Device and browser information
  • Anonymized IP address (last 2 bytes masked)

Note: Piwik Pro is configured to respect "Do Not Track" browser settings and uses IP anonymization.

Retention: Analytics data is automatically deleted after 14 months.

✉️

Newsletter Subscription

If you subscribe to RADAR Breakfast newsletter, we collect:

  • Your email address
  • Subscription date and time
  • Subscription preferences and consent status
  • Newsletter interaction data (opens, clicks)

Service Provider: We use Brevo (formerly SendinBlue) to manage newsletter subscriptions. Brevo processes data in accordance with GDPR and stores data on EU servers.

Retention: Your subscription data is kept as long as you remain subscribed. You can unsubscribe at any time using the link in any newsletter.

🔌

REST API Usage

When you use our REST API, we collect:

  • API endpoint accessed
  • Request timestamp and response time
  • HTTP method and status code
  • User agent string (should contain your URL or email)
  • IP address of the requesting server

Important: We require developers to include a contact URL or email in their User-Agent header to help us contact them if issues arise.

Retention: API logs are kept for 30 days for debugging and security purposes, then automatically deleted.

📝

Feedback Information

When you click on our feedback link, you are directed to a Google Form. The form collects:

  • Your feedback message
  • Optional: Your email address (if you choose to provide it)
  • Timestamp of submission

Any information you provide is subject to Google's privacy policy. Submission is voluntary.

Why We Collect This Data

We use this information to:

  • Ensure the security and proper functioning of our website and API
  • Understand how visitors use RADAR to improve the service
  • Analyze traffic patterns and optimize website performance
  • Send you newsletter updates about DSA compliance and RADAR improvements (only if subscribed)
  • Debug API issues and contact developers when problems arise
  • Respond to feedback and suggestions

Legal Basis

We process this data based on:

  • Legitimate interests (Article 6(1)(f) GDPR): For server logs, analytics, and API usage monitoring to maintain and improve our service
  • Consent (Article 6(1)(a) GDPR): For newsletter subscriptions and when you voluntarily provide feedback
  • Contract performance (Article 6(1)(b) GDPR): For providing API services according to our terms of use

Data Storage and Transfers

Where your data is stored:

  • Website hosting: OVH servers located in France (EU)
  • Analytics data: Piwik Pro servers located in Germany (EU)
  • Newsletter data: Brevo servers located in EU (France/Germany)
  • API logs: OVH servers located in France (EU)
  • Feedback data: Google servers (may include transfers outside the EU under Google's data protection measures)

All data remains within the EU except for optional feedback submissions through Google Forms.

Data Sharing

We do not sell, trade, or transfer your information to third parties. The only external services involved are:

  • OVH - Our hosting provider (France)
  • Piwik Pro - Analytics service (Germany)
  • Brevo - Newsletter service (EU)
  • Google - Only when you choose to use the feedback form

All service providers are contractually bound to protect your data and use it only as instructed by us.

Your Rights

Under GDPR, you have the right to:

📋 Access

Request a copy of the personal data we hold about you

✏️ Correction

Request correction of inaccurate data

🗑️ Deletion

Request deletion of your data ("right to be forgotten")

🚫 Object

Object to processing of your data

📦 Data Portability

Receive your data in a structured, machine-readable format

📢 Complaint

File a complaint with the Finnish Data Protection Ombudsman

To exercise any of these rights, please contact us using the details below.

Cookies

🍪

This website uses minimal cookies:

  • Piwik Pro analytics cookies: Used to distinguish unique visitors and sessions (expires after 13 months)
  • Opt-out cookie: Set if you choose to opt out of analytics tracking
  • Newsletter form cookies: Temporary session cookies used by the newsletter subscription form (expires when you close your browser)

These are first-party cookies only. We do not use advertising or third-party tracking cookies.

API Usage Guidelines

⚙️

For developers using our REST API:

  • Please include a User-Agent header with your contact information (URL or email)
  • Example: User-Agent: MyApp/1.0 (https://example.com; contact@example.com)
  • This helps us contact you if we detect issues with your integration
  • API usage is subject to our terms of service and rate limits

We only use API logs for debugging and security purposes. They are never shared with third parties.

Contact

For any privacy-related questions or to exercise your rights, please contact:

CheckFirst Oy
Email: privacy@checkfirst.network

Changes to This Policy

We may update this privacy policy as needed. Any changes will be posted on this page with an updated revision date. For significant changes, we will provide a more prominent notice on our website.

← Back to RADAR Framework