Saltar al contenido
Last updated: June 2026

Privacy Policy

1. Data Controller

  • Data Controller: Santiago Fernández Seoane
  • Project: Makineo (beta phase)
  • Contact: [email protected]

2. Data We Process

When you register or use Makineo, we process the following data:

  • Account: username, email address, password (stored encrypted with bcrypt), date of birth, city
  • Public profile: bio, profile picture, favorite genres, visible city
  • Platform activity: saved events, confirmed attendances, ratings, followed artists
  • Communications: email address if you subscribe to the newsletter (with explicit consent)
  • Technical data: IP address, device type, browsing data for analytics purposes (Google Analytics, subject to your consent)

3. Purpose and Legal Basis for Processing

  • Account and service management

    Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Necessary for you to use the platform.

  • Newsletter and event-related communications

    Legal basis: consent (Art. 6(1)(a) GDPR). Only applies if you expressly select the corresponding option. You may withdraw your consent at any time.

  • Web analytics

    Legal basis: consent (Art. 6(1)(a) GDPR). Only applies if you accept analytics cookies. We use Google Analytics with anonymized IP addresses.

  • Legal compliance

    Legal basis: legal obligation (Art. 6(1)(c) GDPR). To respond to requests from competent authorities.

4. Minors

Makineo is intended for individuals over the age of 16. We do not knowingly collect data from minors under that age. If you become aware that a minor has provided data without parental consent, please contact us so that we can proceed to delete it.

5. Data Retention

  • — Account data is retained for as long as the account remains active
  • — When you delete your account, your data is erased within a maximum of 30 calendar days
  • — Newsletter data is deleted when you unsubscribe
  • — Analytics data is retained according to Google Analytics' configuration (maximum 14 months)

6. Disclosure of Data to Third Parties

We do not transfer your personal data to third parties for commercial purposes. The only parties with access to data are:

  • Infrastructure providers (servers, database) acting as data processors under contract
  • Google Analytics for web analytics, with anonymized IP addresses and only where you have given consent
  • Competent authorities where required by law

7. Your Rights

Under the GDPR and the LOPDGDD (Organic Law 3/2018), you have the right to:

  • Access: find out what data we hold about you
  • Rectification: correct inaccurate data
  • Erasure: request the deletion of your data
  • Portability: receive your data in a structured format
  • Objection and restriction: object to certain processing activities or request that they be restricted
  • Withdrawal of consent: at any time, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, write to us at [email protected]. You may also file a complaint with the Spanish Data Protection Agency (AEPD).

7. Consent Records (GDPR Art. 7)

We record explicit consents in the user_consents table to comply with GDPR Art. 7. Each consent record includes:

  • — Type of consent (terms, privacy, analytics, marketing)
  • — Accepted/rejected
  • — Exact date and time of the decision
  • — Client IP address (for audit purposes)
  • — User-Agent (browser used)

You may withdraw your consent at any time. See Section 7 (Your Rights).

8. Cookies

Makineo uses its own cookies that are strictly necessary for the operation of the session. Google Analytics analytics cookies are only activated with your prior consent (requested when you first access the site). We do not use advertising or profiling cookies.

You can manage your cookie preferences at any time through your browser settings, or by withdrawing your consent in your profile.

9. Security

We apply appropriate technical and organizational measures to protect your data: password encryption with bcrypt, communications over HTTPS, restricted access to personal data, and servers located within the European Union.

10. Changes to This Policy

We may update this policy to reflect legal or service changes. We will notify you of any material changes by email or through a notice on the platform. The date of the last update appears at the top of this document.