8t3.net / Privacy
🔒

Privacy Policy

We don’t track you. Here’s what actually happens with your data.

Updated July 2025
On This Page

The Short Version

Before the legal language: here is what you need to know in plain terms.

  • We do not track you. This website does not use analytics, tracking pixels, advertising cookies, browser fingerprinting, or any form of behavioral profiling.
  • We do not place tracking cookies. Not on the landing page, not on the gateway pages, not anywhere. The only cookies are functional session cookies required for multi-step gateway validation to work.
  • Some links have creator-enabled access logging. This is not tracking in the conventional sense. It is a visitor logbook — like signing in at a building reception. If a creator has enabled it, you will be told exactly what information they will see, and you must explicitly consent before anything is shared. You can always decline.
  • We do not sell data. Not to advertisers, not to data brokers, not to anyone.
  • Infrastructure providers exist. DNS resolvers, hosting companies, internet service providers, content delivery networks, and government agencies operate their own systems that may log network-level data about your connection. We do not control these external mechanisms.

The rest of this document explains each of these points in detail.

Data Controller

For The data controller for personal data processed through the 8t3.net service and full legal entity details, registration numbers, and authorized representatives, see our Impressum.

What We Do Not Do

To be clear about what does not happen when you visit 8t3.net or click a short URL:

  • No analytics services. We do not use Google Analytics, Matomo, Plausible, or any other analytics platform. There is no JavaScript tracking code on our pages that reports your behavior to a third party.
  • No tracking cookies. We do not set cookies for the purpose of identifying you across visits, profiling your interests, or tracking your browsing behavior. This applies to the landing page, gateway pages, and all other pages on 8t3.net.
  • No advertising or retargeting. We do not serve advertisements and do not participate in any advertising network. No retargeting pixels, no conversion tracking, no ad-related cookies.
  • No browser fingerprinting. We do not collect or analyze your browser characteristics (screen size, installed fonts, WebGL renderer, etc.) for identification purposes.
  • No behavioral profiling. We do not build profiles about you based on which links you click, how often you visit, or any other behavioral pattern.
  • No data selling or sharing for marketing. We do not sell, rent, trade, or otherwise make available any visitor data to third parties for marketing, advertising, or profiling purposes.

What We Do Collect

The following minimal data processing occurs as a necessary part of operating the service:

Standard Server Logs

Like virtually every web server on the internet, our server automatically generates access logs when a request is made. These logs may include:

  • Your IP address
  • The date and time of the request
  • The URL requested
  • Your browser’s user-agent string
  • The HTTP referrer (the page you came from, if your browser sends it)
  • The HTTP response code

These logs exist for server administration, security, and abuse prevention. They are not analyzed for visitor profiling, not cross-referenced with other data sources, and not used for any marketing purpose. Server logs are retained according to standard operational practices and may be automatically rotated and deleted.

Functional Session Data

When you access a short URL that requires multi-step gateway validation (age confirmation, tracking consent, agreement acceptance, onerous clause acceptance), the server stores temporary session data to remember which steps you have completed. This data:

  • Contains only step-completion flags (e.g., “age confirmed: yes”)
  • Is tied to a standard PHP session identifier stored in a functional cookie
  • Is cleared when you are successfully redirected to the destination
  • Is also cleared when your browser session ends
  • Is not used for tracking, profiling, or identification

Aggregate View Counts

Each short URL has an aggregate view counter that increments when a successful redirect occurs. This counter records only the total number — it does not record who viewed the link or when individual views occurred (unless creator-enabled access logging is active, see below).

Creator-Enabled Access Logging

This is the most important section of this policy to understand, because it describes the one situation where personal information about you may be shared with another person through this platform.

What It Is

Some link creators enable a feature called “view tracking.” Despite the name, this is more accurately described as access logging — a record of who accessed a specific resource and when. The purpose is typically legal or administrative: documenting who received a confidential document, who accessed a press kit under embargo, who viewed contract terms, or who downloaded project materials.

Think of it as signing a visitor logbook at a building reception desk, or as the “read receipt” function in email. The creator wants to know that a specific person received access to a specific resource at a specific time. That is the full extent of what this feature does.

What It Is Not

This is not behavioral tracking. The system does not:

  • Follow you after you leave the gateway page
  • Monitor what you do on the destination website
  • Track how long you spend on any page
  • Record your browsing history, clicks, scrolls, or interactions
  • Build a profile about you across multiple links or visits
  • Place any cookies for subsequent identification
  • Share your data with anyone other than the specific link creator

One link, one log entry, one creator. That is the scope.

What the Creator Sees

If you consent to access logging, the link creator will be able to see:

  • Your name and surname (as registered on your A’ Design Award account)
  • Your email address (as registered on your A’ Design Award account)
  • Your account ID
  • The date and time you accessed the link

The creator does not see your IP address, your browser information, your location, your device type, or any other technical data. IP addresses are recorded in system logs for abuse prevention by platform administrators only and are not exposed to creators through any interface.

What It Requires From You

Access logging can only happen when all three of the following conditions are met:

  1. The creator explicitly enabled it when configuring the short URL. Most short URLs on the platform do not have this feature enabled.
  2. You have an A’ Design Award account and are logged in. This means you have already voluntarily provided your name, surname, and email address for other purposes (competition registration, account creation). The gateway does not collect new information from you — it asks whether you consent to share information you have already provided.
  3. You explicitly consent on the gateway page. Before any information is shared, you are shown a consent page that lists your exact name, exact email, and exact account ID, and tells you that the link creator will be able to see this information and the date and time of your visit. You must click “Accept” to proceed. If you click “Decline,” you are not redirected, no view is recorded, and no information is shared with the creator.

There is no scenario in which your personal information is shared with a creator without your knowledge and explicit, affirmative consent.

Creator’s Data Responsibilities

When a creator receives your access log data (after you have consented), the creator becomes an independent data controller under applicable data protection law, including the General Data Protection Regulation (GDPR). This means:

  • The creator is independently responsible for how they use, store, and protect your data.
  • The creator must have their own lawful basis for processing your data.
  • The creator must respond to any data access, correction, or deletion requests you direct to them.
  • The platform is not responsible for a creator’s subsequent use of your data after it has been made available to them through the access log.

If you have concerns about how a specific creator is handling your data, you should contact them directly. If you believe a creator is misusing data obtained through the platform, you may also contact our support team.

View Agreements & Logged Acceptance

Some short URLs require you to accept agreement text or onerous clauses before being redirected. When this is the case, access logging is automatically enabled because the creator needs a record that a specific person accepted specific terms at a specific time. This is not surveillance — it is a legal necessity for documented consent.

The same consent mechanism applies: you will be shown what information will be shared, and you may decline at any step. If you decline, no redirect occurs and no record is created.

The platform records the existence of the log entry (your account ID, the short URL ID, and the timestamp). The full text of the agreement you accepted is stored as part of the short URL configuration. Together, these records serve as evidence that a specific person viewed and accepted specific terms — which may be important for both parties in a legal or commercial context.

External Infrastructure & Third Parties

We believe honest privacy disclosure requires acknowledging what happens outside our systems. When you access any website — including 8t3.net — your request passes through multiple layers of infrastructure, each operated by independent third parties with their own data practices:

Your Internet Service Provider (ISP)

Your ISP can see that you connected to 8t3.net and the A’ Design Award server infrastructure. Depending on your ISP’s practices and applicable law in your jurisdiction, they may log this connection data. We have no control over your ISP’s data retention or surveillance practices.

DNS Providers

When your browser resolves the domain 8t3.net to an IP address, this lookup is handled by DNS resolvers (which may be your ISP’s, or a third-party service like Cloudflare DNS, Google Public DNS, or others). These DNS providers may log your query. We have no control over DNS-level logging.

Hosting & Infrastructure Providers

The servers that host 8t3.net are operated by third-party hosting providers. These providers may maintain their own infrastructure logs (network traffic, connection metadata) as part of their standard operations and security practices. We select providers with responsible data practices, but we cannot guarantee or control their internal logging.

Content Delivery Networks (CDNs)

Static resources (such as fonts loaded from Google Fonts or the Bootstrap framework loaded from jsDelivr) are served from third-party CDNs. When your browser requests these resources, the CDN provider receives your IP address and request metadata. These are standard web infrastructure services used by the vast majority of websites.

Government & Regulatory Authorities

Government agencies in various jurisdictions may operate lawful interception, data retention, or surveillance programs that capture network traffic or metadata. The scope and legality of such programs varies by jurisdiction. We are subject to Italian and EU law regarding data disclosure to authorities, and we will comply with valid legal orders. We do not voluntarily share data with any government agency.

The Destination Website

After you are redirected from 8t3.net to a destination URL, you are on a different website with its own privacy practices. The destination website may use analytics, tracking cookies, advertising networks, or any other data collection mechanisms. We have no control over and assume no responsibility for the privacy practices of destination websites. We encourage you to review the privacy policy of any website you visit.

We disclose all of the above not to alarm you, but because we believe genuine transparency means acknowledging the full picture — not just the part we directly control.

Cookies

8t3.net uses one type of cookie: a standard PHP session cookie (PHPSESSID or equivalent). This cookie:

  • Is strictly functional — it allows the gateway to remember which validation steps you have completed during a multi-step process (age verification, consent, agreement acceptance)
  • Contains only a random session identifier — no personal data, no tracking data
  • Expires when you close your browser
  • Is cleared by the server when your redirect is completed
  • Cannot be used to identify you across visits or across different short URLs

We do not use:

  • Tracking cookies
  • Analytics cookies
  • Advertising or retargeting cookies
  • Third-party cookies (other than those that may be set by externally loaded resources like fonts or CSS frameworks, which are standard web infrastructure)
  • Persistent cookies of any kind set by our application

Under ePrivacy Directive (2002/58/EC) and Italian implementation (D.Lgs. 196/2003, as amended), strictly necessary cookies that are essential for providing a service explicitly requested by the user do not require consent. Our session cookie falls into this category.

Under the General Data Protection Regulation (GDPR), every processing of personal data requires a legal basis. Here is how each type of processing on 8t3.net is justified:

Processing Activity Legal Basis
Server access logs (IP, timestamp, URL) Legitimate interest (Art. 6(1)(f)) — security, abuse prevention, server administration
Session cookie for gateway steps Necessary for service (Art. 6(1)(b)) — you requested the redirect, steps are required to complete it
Aggregate view counter increment Legitimate interest (Art. 6(1)(f)) — no personal data involved
Creator-enabled access logging Explicit consent (Art. 6(1)(a)) — you are informed and must affirmatively accept before any data is shared
Agreement acceptance timestamp Legitimate interest / Legal obligation (Art. 6(1)(f) / Art. 6(1)(c)) — documenting contract formation

Data Retention

  • Server logs: Retained according to standard server administration practices. Logs may be automatically rotated and overwritten. We do not maintain server logs indefinitely for the purpose of visitor identification.
  • Session data: Cleared upon successful redirect or browser session end. Not retained.
  • Aggregate view counts: Retained for the lifetime of the short URL. Contains no personal data.
  • Access log entries (creator-enabled): Retained for as long as the short URL exists in the system and the creator’s account is active. Creators may be able to access these records through their control panel. If a short URL is deleted or the creator’s account is terminated, access log data may be retained in archived form for legal compliance purposes.
  • Agreement acceptance records: Retained for the duration necessary to demonstrate that consent or agreement was given, which may extend beyond the lifetime of the short URL for legal compliance reasons.

Your Rights

Under the GDPR and applicable data protection law, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — You may request confirmation of whether we process your personal data and, if so, access to that data.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18 GDPR) — You may request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR) — Where processing is based on consent and carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent (such as creator-enabled access logging), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing performed before withdrawal. Note that once an access log entry has been created and made available to the creator, we cannot retroactively remove it from the creator’s knowledge.

To exercise any of these rights, contact us through our impressum page with sufficient detail to identify yourself and the data in question. We will respond within the timeframes required by applicable law (generally 30 days under GDPR).

You also have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for the data controller is the Italian Data Protection Authority (Garante per la protezione dei dati personali).

International Data Transfers

The data controller is established in Italy, within the European Economic Area (EEA). Server infrastructure is hosted within the EEA or in jurisdictions for which the European Commission has issued an adequacy decision.

If any processing involves transfer of personal data outside the EEA (for example, through third-party infrastructure providers), such transfers are protected by appropriate safeguards as required by GDPR Chapter V, including Standard Contractual Clauses (SCCs) or adequacy decisions.

When you are redirected to a destination URL, you leave the 8t3.net infrastructure entirely. The destination website may be hosted anywhere in the world, subject to its own data transfer practices. We have no control over this.

Children

8t3.net is not directed at children. We do not knowingly collect personal data from children under the age of 16 (or the applicable age of digital consent in the child’s jurisdiction). Some short URLs may include age verification gates configured by creators — these are the creator’s responsibility.

If you believe that a child’s personal data has been processed through the platform without appropriate consent, please contact us through our impressum page and we will take steps to investigate and, if appropriate, delete the data.

Security

We implement appropriate technical and organizational measures to protect the personal data we process, including:

  • HTTPS encryption for all connections to 8t3.net
  • Only https:// destination URLs are permitted — no unencrypted http:// links
  • Parameterized database queries to prevent injection attacks
  • Session data isolation per short URL
  • IP address restriction from creator-facing interfaces (creators cannot see visitor IPs)
  • Append-only change logs for audit trail integrity

No system is perfectly secure. We cannot guarantee absolute security of data in transit or at rest. If you become aware of a security vulnerability, please report it to us through our impressum page.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page. If we make material changes to how we handle personal data, we will communicate the changes through the website.

We encourage you to review this policy periodically. Your continued use of the service after changes become effective constitutes acknowledgment of the updated policy.

Contact

For privacy-related questions, data subject requests, or concerns about how your data is handled and to view complete legal entity information, please see our Impressum.
For usage terms, see our Usage Terms.

In summary: We do not track you. We do not profile you. We do not sell your data. The only scenario where personal information is shared with another person through this platform is creator-enabled access logging, which requires your explicit, informed consent on every occasion. You can always decline. For anything else, the infrastructure between you and us — your ISP, DNS providers, hosting companies — has its own practices that we are transparent about but cannot control.