Privacy Policy

Ayuda
1

PRIVACY, COOKIES & DATA PROTECTION POLICY

1. Commitment to Privacy

Madeira Community (“we”, “our”, or “us”) is strongly committed to protecting your personal data and respecting your privacy. This Privacy, Cookies & Data Protection Policy (“Policy”) explains how we collect, use, process, and protect the personal information of our Users when they access and use the Madeira Community platform.

We process your personal data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679) and applicable Portuguese data protection laws (Law No. 58/2019).

2. Data Controller

The data controller responsible for personal data processed through the Platform is:

  • Controller: Denys Kovalenko, a private individual based in Funchal, Madeira, Portugal, operating the Madeira Community platform.

  • Registered contact address: as set out in our Terms of Service (Part 10, Section 11).

  • Email: admin@madeira.community

You may contact the controller at any time regarding this Policy or the processing of your personal data using the email above.

3. Data We Collect

To provide and improve our Services, we collect minimal necessary data, which may include:

  • Information You Provide: Email address, username, profile information, and any Content you voluntarily upload or share on the Platform.

  • Automatically Collected Data: IP address, browser type, device information, log data, and timestamps related to your activity on the Platform.

  • Communication Data: Metadata and content of communications sent through the Platform, including public forums and private messages.

4. How We Use Your Data

We use your personal data for the following lawful purposes:

  • To create, manage, and secure your Account.

  • To operate, maintain, and provide the features of the Platform.

  • To communicate with you regarding account updates, legal notices, or security alerts.

  • To enforce our Terms of Service and protect the community from fraud, abuse, and illegal activity.

5. Legal Bases for Processing

Depending on the circumstances, we process personal data on one or more of the following legal bases:

  • Performance of a contract (e.g., providing forum access and services);

  • Compliance with legal obligations (e.g., data retention for law enforcement, moderation of illegal content);

  • Legitimate interests in operating, securing, and improving the Platform;

  • Consent, where required by applicable law (e.g., for non-essential cookies or specific marketing communications).

6. Children & Age Requirement

The Platform is not intended for children under the age of 16. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected personal data from a person under 16, we will take reasonable steps to delete it.

7. Artificial Intelligence & Automated Processing

The Platform utilizes third-party artificial intelligence systems, automated moderation technologies, and analytics tools to ensure community safety and operational efficiency. Specifically, we utilize:

  • Artificial Intelligence Providers: The Platform uses the providers listed in the Sub-Processors table in Section 9 below to support Platform functionality, safety, translation, moderation, and operational services. We do not use additional AI providers for personal data processing unless this Policy is updated or where otherwise permitted by law.

  • Processing Scope: These providers may process Content, metadata, and communications solely to perform these specific functions. Users should not upload sensitive private documents, payment credentials, identity documents, or highly sensitive personal data unless strictly necessary. We do not intentionally send payment credentials or account passwords to AI providers. However, Content voluntarily submitted by Users (including in private messages) may be processed by automated systems where necessary for moderation, safety, translation, spam prevention, or legal compliance.

  • Automated Moderation & Private Communications: Certain private communications may be processed by automated safety, moderation, spam-detection, fraud-prevention, translation, or unlawful-content detection systems where reasonably necessary to maintain Platform security, integrity, legal compliance, and community safety.

8. Cookies, Tracking Technologies & Analytics

The Platform uses cookies and similar tracking technologies to ensure core functionality and understand user engagement.

  • Essential Cookies: Strictly necessary for account login, security authentication, and site stability. These do not require consent.

  • Matomo (cookieless analytics): Matomo is configured in a privacy-friendly, cookieless mode and may be used without storing analytics cookies on your device. It is self-hosted within the European Union.

  • Google Analytics (GA4): Google Analytics is a non-essential analytics tool and is activated only after you provide explicit consent.

8.1 Consent Management & Google Consent Mode v2

  • We use CookieYes as our cookie-consent management tool. Through the consent banner, you can Accept, Reject, or Customize the use of non-essential cookies and tracking technologies.

  • Your consent preferences are recorded so that we can respect and demonstrate your choices. You may change or withdraw your consent at any time through the consent management tool.

  • We implement Google Consent Mode v2 for Google tags. Google Analytics and related non-essential Google tags do not run until you have provided the corresponding analytics consent.

9. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share limited information only in the following circumstances:

  • With trusted service providers, hosting providers, and technical partners (such as our AI providers mentioned above) acting as data processors under strict confidentiality agreements.

  • If required by law, court order, or lawful requests by public authorities to comply with legal obligations or prevent imminent harm.

User data may be stored, processed, backed up, or transmitted through infrastructure and hosting providers located within the European Union, including data centers located in the Netherlands, Germany, or other European jurisdictions used by the Platform and its service providers.

Where personal data is transferred outside the European Economic Area (EEA), the Platform relies on appropriate safeguards recognized under the GDPR, including adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent legal mechanisms where applicable.

9.1 Service Providers & Sub-Processors

The Platform relies on the following trusted third-party service providers, who act as data processors under data processing agreements and applicable safeguards. Each processes personal data only to the extent necessary to perform the specific function described below:

| Service Provider | Purpose | Data Processed | Location / Transfer Safeguard |

|—|—|—|—|

| OpenAI | Automated translation and semantic search (embeddings) | Post content, metadata | Outside EEA — Standard Contractual Clauses |

| Mistral AI | Automated content and private-message moderation, spam detection | Content, including private messages | European Union (France) |

| Anthropic | AI-assisted processing, safety, and operational support | Content, metadata | Outside EEA — Standard Contractual Clauses |

| Communiteq | Managed Discourse hosting infrastructure | All forum data | European Union (Netherlands) |

| Hetzner | Virtual server hosting (self-hosted analytics and automated services) | Analytics data, operational data | European Union (Germany) |

| CookieYes | Cookie-consent management | Cookie preferences, consent records | Processed under CookieYes infrastructure and applicable data processing safeguards |

| Google Analytics (GA4) | Traffic and engagement analytics (consent-based) | Usage behavior, IP address | Outside EEA — Standard Contractual Clauses |

| Matomo (self-hosted, cookieless) | Traffic and engagement analytics | Usage behavior | European Union (Germany, self-hosted on Hetzner) |

| Akismet | Spam detection and prevention | Content, IP address | Outside EEA — Standard Contractual Clauses |

| Google OAuth | Optional sign-in / authentication | Email address, basic profile data | Outside EEA — Standard Contractual Clauses |

| DonDominio | Email service for Platform communications | Email content and metadata | European Union (Spain) |

| Stripe | Payment processing (only when payment features are activated; not currently in active use) | Payment and transaction data | Applicable safeguards including Standard Contractual Clauses where relevant |

The Platform may add, replace, or update service providers where reasonably necessary for operational, technical, security, or legal reasons. Where required by applicable law, this Policy will be updated accordingly.

10. Your Privacy Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.

  • Right to Rectification: Request correction of inaccurate or incomplete data.

  • Right to Erasure (Right to be Forgotten): Request deletion of your personal data or Account.

  • Right to Restriction: Request the limitation of processing of your data.

  • Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.

  • Right to Object: Object to data processing based on legitimate interests.

  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

  • Rights Regarding Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, subject to the exceptions permitted under the GDPR.

Requests will be handled within the timeframes required by applicable data protection laws. Where permitted by applicable law, we may refuse to act on requests or charge a reasonable fee where requests are manifestly unfounded, excessive, repetitive, or abusive. In such cases, we will explain the reason for our decision where required by law. Users also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD) or with another competent supervisory authority within the European Union.

Supervisory Authority:

  • Comissão Nacional de Proteção de Dados (CNPD)

  • Website: https://www.cnpd.pt

  • Address: Av. D. Carlos I, 134, 1.º, 1200-651 Lisboa, Portugal

  • Email: geral@cnpd.pt

To exercise any of these rights, please contact us using the details provided below.

11. Data Retention

We retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, enforce our Terms, protect Platform security, and maintain operational integrity.

The following general retention principles apply by category:

| Data Category | Retention Approach |

|—|—|

| Account data | Retained while the Account is active, and for a reasonable period after deletion where necessary for legal, security, or operational purposes. |

| Public posts | May remain visible or be anonymized after Account deletion in order to preserve discussion integrity and continuity. |

| Private messages | Retained while the Account or service is active, unless deleted or anonymized where technically possible. |

| Security and server logs | Typically retained for up to 12 months, and longer where necessary for abuse prevention, security, or legal disputes. |

| Consent records | Retained for as long as necessary to demonstrate that valid consent was obtained. |

| Payment records | Retained as required by applicable tax and accounting law. |

| Backups | Deleted or rotated in accordance with standard backup cycles. |

Certain records, logs, moderation data, backups, security-related information, and anonymized or aggregated content may be retained for longer periods where reasonably necessary and permitted under applicable law.

12. Data Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. However, no internet transmission is completely secure, and we cannot guarantee absolute security.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Privacy & Data Protection Contact:

  • Email: admin@madeira.community

Effective Date: June 1, 2026

Last Updated: June 1, 2026

Version: 1.0

2

Edit the first post in this topic to change the contents of the Privacy Policy page.