Privacy Policy

Data Controller

Dragons Media, a trade name of Browns Internettjeneste, is the data controller for the personal data processed through this website. We are based in Norway and operate under the Norwegian Personal Data Act (Personopplysningsloven) which implements the EU General Data Protection Regulation (GDPR).

For questions about this policy or your personal data, contact us at: hello@dragonsmedia.net

The supervisory authority for data protection in Norway is Datatilsynet.

What Data We Collect

Contact Form Submissions

When you submit our contact form, we collect:

• Your name
• Your email address
• Service and budget selections
• Your message content
• Your IP address (for security and rate limiting)
• Your browser user-agent string
• Timestamp of submission

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) to respond to your enquiry and prevent abuse. Your IP address is hashed for rate limiting purposes and not stored in plain text.

Retention: Contact form submissions are retained for up to 12 months, after which they are deleted unless an ongoing business relationship exists.

Analytics

We use Cloudflare Zaraz to manage analytics scripts on this website. Analytics tools are only loaded after you give consent through our cookie consent banner. When consented, we may collect:

• Pages visited and time spent
• Referring website
• General geographic location (country or region level)
• Device type, browser, and operating system

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time by updating your cookie preferences.

Cloudflare Services

This website uses Cloudflare as a content delivery network and security provider. Cloudflare may process:

• Your IP address (to route traffic and provide DDoS protection)
• Browser metadata

We also use Cloudflare Turnstile on our contact form to verify human visitors. Turnstile collects browser interaction data to assess whether a visitor is human, without using traditional CAPTCHA challenges. Cloudflare processes this data as a data processor under their Privacy Policy.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for security, performance, and spam prevention.

Cookies and Session Data

This website uses the following cookies:

• Session cookie (PHPSESSID) — Strictly necessary. Used for CSRF protection on the contact form. Expires when you close your browser.
• Cloudflare cookies (__cf_bm, cf_clearance) — Strictly necessary. Used for bot detection and security. Managed by Cloudflare.
• Zaraz consent cookie — Functional. Stores your cookie consent preferences.
• Analytics cookies — Performance. Only set after you consent via the cookie banner. Managed through Cloudflare Zaraz.

Strictly necessary cookies do not require consent under GDPR as they are essential for the website to function.

How We Use Your Data

We use personal data solely for the following purposes:

• Responding to contact form enquiries
• Understanding how visitors use our website (with consent)
• Protecting our website from abuse, spam, and attacks
• Improving our services and website performance

We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.

Third-Party Processors

We share personal data with the following third-party processors, only to the extent necessary for the purposes described above:

• Cloudflare, Inc. — CDN, security, Turnstile, Zaraz (US-based; EU data processing commitments in place)
• Email hosting provider — to deliver contact form submissions via SMTP

All processors are bound by data processing agreements and process data only on our instructions.

International Data Transfers

Some of our processors are based outside the EEA, notably Cloudflare, Inc. in the United States. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — Request a copy of the personal data we hold about you
• Right to rectification — Request correction of inaccurate data
• Right to erasure — Request deletion of your personal data
• Right to restriction — Request that we limit how we process your data
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interest
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email us at hello@dragonsmedia.net. We will respond within 30 days.

You also have the right to lodge a complaint with Datatilsynet if you believe your data protection rights have been violated.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• HTTPS encryption for all traffic
• CSRF token protection on forms
• Rate limiting and bot prevention
• Hashed IP storage for rate limiting
• Access controls on server infrastructure
• Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)

Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be noted by updating the date below. We encourage you to review this page periodically.