Privacy Policy
Last updated: 29 May 2026 · RGPD / GDPR compliant
Who we are
Sitetals.com is operated by QUIKFORGE LIMITED (trading as Sitetals), a company incorporated in Hong Kong (BR No. 79555262). Registered office: Unit 2A, 17/F, Glenealy Tower, No.1 Glenealy, Central, Hong Kong S.A.R. Director: Olivier Jobert. Contact: legal@sitetals.com
What data we collect and why
- Domain names you submit for scanning — to perform the compliance check you requested. Legal basis: contract performance (Art. 6(1)(b) GDPR).
- Email address — when you order a report, to deliver your access key and invoice. Legal basis: contract performance.
- Company name and billing address — collected at the time of purchase to issue a VAT-compliant invoice. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
- Payment data — processed by Stripe. We do not store card numbers. Legal basis: contract performance.
- Contact-form messages — if you write to us, we process your email address and message to reply. Providing a name is optional; any name you give is used only to address our reply and is never added to invoices (invoices show your company name and billing address only). Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Technical logs — we operate on a data-minimised basis and do not retain visitor IP addresses or server access logs. Requests are processed transiently to serve pages and protect the service from abuse, but no IP-based access log is stored. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
Responsible Disclosure Outreach — Business Email Addresses
As part of our compliance research programme, we send informational notifications to website operators whose sites show potential EU compliance issues. This involves processing generic business email addresses (e.g., info@, contact@, datenschutz@) that are publicly listed on the operators' own websites or in their security.txt files.
Legal basis: Art. 6(1)(f) GDPR — Legitimate Interest. We have conducted a Legitimate Interest Assessment (LIA) which concludes that our interest in promoting transparency about EU data protection compliance, and the interest of the business operator in being informed of potential regulatory risks, is not overridden by the data subjects' privacy rights, given the following safeguards:
- Only one email is ever sent per domain — no follow-ups, no reminders
- Only generic business addresses are used (never personal named addresses unless listed in
security.txt) - No email tracking pixels or link-click trackers are used in outreach emails
- An immediate, permanent opt-out is provided in every email and at optout@compliance.sitetals.com
- All compliance checks were performed by passive, unauthenticated public HTTP requests only
Full details of our methodology are published at sitetals.com/methodology.html. If you are a business operator who received one of our disclosure emails and wish to be removed from our lists, please reply with "Unsubscribe" / "Abmelden" / "Désabonner" or email optout@compliance.sitetals.com.
What we do NOT collect
- No analytics tracking (no Google Analytics, no Matomo, no tracking pixels)
- No advertising cookies
- No third-party scripts that transfer data outside the EU
- No social media tracking buttons
Cookies
We use only one cookie — a first-party cookie to remember your cookie consent choice. No tracking, no analytics, no third-party cookies. See our Cookie Policy.
Data retention
Free scan results are retained for 90 days for operational purposes, then automatically deleted.
Paid reports are made available for download for up to 24 hours after generation, then deleted from our servers. Reports for large/enterprise plans may be available for up to 24 hours to allow download during business hours.
Email addresses and invoicing data are retained for the duration of the contractual relationship plus 10 years to meet legal accounting and record-keeping obligations.
Your rights (RGPD)
You have the right to access, rectify, erase, restrict processing of, and port your personal data. To exercise these rights, contact: legal@sitetals.com. You also have the right to lodge a complaint with the CNIL (France) or, in Germany, the competent state data protection authority (the Landesdatenschutzbehörde of the relevant Bundesland). Private-sector data protection in Germany is supervised by the 16 state authorities, not the federal BfDI.
We do not rely on consent as a legal basis for any processing. Where processing is based on legitimate interest, you have the right to object at any time.
Data transfers outside the EU
This website is hosted on a Hostinger VPS located in Malaysia. QuikForge Limited acts as data exporter/controller and Hostinger International Ltd. as data importer/processor for this transfer; it is governed by the EU Standard Contractual Clauses (2021/914, Module Two, Controller-to-Processor) incorporated in Hostinger's Data Processing Agreement (rev. 2026-04-15), with the UK International Data Transfer Addendum (IDTA) covering transfers of data originating from the United Kingdom. Payment processing is handled by Stripe, Inc. (USA), certified under the EU-US Data Privacy Framework.
Data Controller
QUIKFORGE LIMITED is the data controller. Data-protection enquiries and requests from data subjects or supervisory authorities can be addressed to legal@sitetals.com and will be handled in accordance with applicable data-protection law. Sitetals does not currently have a formally appointed Data Protection Officer (DPO); requests are handled directly by the data controller within a maximum of 30 days.
Singapore — Personal Data Protection Act (PDPA)
Sitetals provides compliance scanning services for websites operating in Singapore under the Personal Data Protection Act 2012 (PDPA). For users and website operators in Singapore, the relevant supervisory authority is the Personal Data Protection Commission (PDPC). If you have concerns about how we handle your personal data, you may lodge a complaint at pdpc.gov.sg.
We collect and process personal data in accordance with the PDPA's data protection obligations, including the purposes for collection, notification, and access/correction obligations. All data collected in connection with Singapore-jurisdiction scans is handled consistently with our general privacy practices described above. We do not appoint a Data Protection Officer at this time, as our processing does not meet the threshold requiring mandatory DPO designation under the PDPA.
Hong Kong — Personal Data (Privacy) Ordinance (Cap. 486)
Sitetals.com is operated by QUIKFORGE LIMITED, a data user established in Hong Kong. We handle personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") and the six Data Protection Principles ("DPPs").
Personal Information Collection Statement (DPP1). When you use our service we collect the data described in "What data we collect and why" above (domain names, email address, company and billing details, and payment data processed by Stripe; we do not retain visitor IP addresses or server access logs). The purposes of collection are: performing the compliance scan you request, delivering reports and invoices, meeting accounting and legal obligations, and securing our service. Providing this data is voluntary, but without it we cannot provide the service or issue an invoice. Personal data may be transferred to the classes of transferees described in "Data transfers" above (our hosting provider and our payment processor); we do not sell personal data or transfer it for any other party's marketing.
Use and retention (DPP2, DPP3). We use personal data only for the purposes stated above or a directly related purpose, and retain it no longer than necessary, per the periods in "Data retention" above.
Security (DPP4). We apply reasonable technical and organisational safeguards against unauthorised access, processing, erasure, loss or use.
Openness (DPP5). This Privacy Policy sets out the kinds of personal data we hold and our main policies and practices for handling it.
Your access and correction rights (DPP6, ss.18–22). You may request access to, and correction of, the personal data we hold about you. A reasonable fee may be charged for complying with a data access request, as permitted by the PDPO. To make a request, contact our Privacy Compliance contact at legal@sitetals.com. You may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) at pcpd.org.hk.