Last Updated: Sometime After the EU Got Mad · Effective: Retroactively, We Hope
Data Processing
We process zero data. This makes us the most GDPR-compliant organization on earth. You cannot violate data protection laws if you do not process data. This is either brilliant strategy or complete incompetence. (It's the second one.)
Right to Be Forgotten
You are already forgotten. We have no record of your visit. We have no records of anything. Our database is a Google Sheet that someone accidentally deleted last month. Your right to be forgotten has been automatically exercised.
Data Protection Officer
Per GDPR Article 37, we have appointed Kevin (age 15) as our Data Protection Officer. His qualifications include:
- Watching a YouTube video about GDPR
- Owning a hoodie that says "HACK THE PLANET"
- Being the only person who volunteered
He is available Wednesdays 3–4pm.
Cross-Border Data Transfers
We do not transfer data across borders because we do not transfer data. The furthest our data has ever traveled is from one side of the computer lab to the other, when Kevin emailed himself a file instead of using a USB drive.
Cookie Consent
We display two (2) cookie consent banners on our homepage. Neither of them does anything. We set zero cookies. The banners exist because a website template included them and we were too afraid to remove them. We believe this level of cookie transparency exceeds GDPR requirements.
Breach Notification
In the event of a data breach, we will notify all affected parties within 72 hours as required by GDPR. Since we have no data to breach, we expect this obligation to remain permanently unfulfilled. However, the wifi password (password123) has been public knowledge since 2023. We are unclear on whether this counts.