Mario G.G.

Version: 1.0

Last Updated: May 16, 2025

This Privacy Policy explains how we collect, use, and protect your personal data when you visit mariogomezgarcia.com, a personal portfolio showcasing software development projects.

1. Data Controller

Mario Gómez Garcia
[email protected]

2. Personal Data We Collect

We collect the following personal data:

  • Authentication Data: Username and password (hashed) for registered users.
  • Invite Link Data: A cookie set via invite links to grant access to projects.
  • Technical Data: IP address, browser type, and device information for security and analytics (anonymized where possible).
  • Cookies: Strictly necessary cookies for authentication and access control.

3. Purposes and Legal Basis

We process personal data for the following purposes:

  • Provide Access: To authenticate users and grant access to projects (Legal Basis: Contractual Necessity, GDPR Article 6(1)(b)).
  • Security: To protect the Website from unauthorized access (Legal Basis: Legitimate Interest, GDPR Article 6(1)(f)).
  • Analytics: To analyze Website usage with anonymized data (Legal Basis: Consent, GDPR Article 6(1)(a)).

4. Cookies

We use the following cookies:

  • Authentication Cookie: Strictly necessary to maintain user sessions. Expires when the browser closes.
  • Invite Link Cookie: Strictly necessary to enable access via invite links. Expires after 30 days.
  • Analytics Cookie: Optional, used for anonymized analytics (requires consent). Expires after 6 months.

You can manage cookies via our cookie banner or your browser settings. Strictly necessary cookies do not require consent.

5. Data Sharing

We share personal data with:

  • Hosting Provider: Akamai/LiNode, with servers in NL, Amsterdam, under a GDPR-compliant Data Processing Agreement.
  • Hosting providers (acting as processors under my instructions).
  • Google (YouTube) when you view the embedded video.

6. Data Retention

I do not sell or share your personal data with third parties except:

  • Authentication Data: Until account deletion or inactivity for 6 months.
  • Invite Link Cookies: For 30 days or until revoked.
  • Technical Data: For 6 months, then anonymized.

7. Your Rights

Under the GDPR, you have the right to:

  • Access, rectify, or erase your personal data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent (where applicable).
  • Lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

Contact us at [email protected] to exercise your rights.

8. Data Security

We implement technical and organizational measures, including:

  • HTTPS encryption.
  • Hashed passwords.
  • Regular security audits.

9. International Data Transfers

If data is transferred outside the EEA, we use Standard Contractual Clauses or rely on adequacy decisions to ensure GDPR compliance.

10. Changes to This Policy

We may update this policy to reflect legal or operational changes. Check this page for the latest version.

11. Contact Us

For questions or complaints, contact Mario Gómez Garcia at [email protected].