Privacy Policy (GDPR)

1. Data Controller

The GenAI Community EU website (genaicommunity.eu) is operated by:

• My Tech Plan, S.L. (hereinafter, "My Tech Plan" / "we")
• Tax ID (NIF): B72963432
• Address: C/ Hermosilla nº 48, Esc. Derecha, Planta 1, 28001, Madrid (Spain)
• Contact email: community@genaicommunity.eu
• Privacy email: rgpd@mytechplan.com

2. Scope

This policy applies to browsing on genaicommunity.eu and to the forms it offers (contact, sponsorship/partnership, and newsletter), as well as to related communications managed by My Tech Plan as part of the GenAI Community EU project.

Specific events or chapters may involve additional processing (for example, sharing data with co-organizers or sponsors for their own purposes). In such cases, a specific notice or annex applicable to that event will be provided.

3. Personal Data We Process

3.1 Identification and contact

Name and email (and, in the sponsorship form, phone number when provided).

3.2 Professional data

Company and role/position, voluntarily provided through the sponsorship/partnership form.

3.3 Message content

Any information you choose to include in the message field of a form.

3.4 Technical data

IP address, logs, and browsing data associated with the use of the website and its cookies/equivalent technologies (see Cookies).

3.5 Special categories of data (Art. 9 GDPR)

We do not request or knowingly process special categories of data (such as health, ideology, religion, or biometric data).

4. Purposes, Legal Bases, and Retention

4.1 Responding to enquiries (contact & sponsorship forms)

Purpose: handling your message, sponsorship/partnership requests, and related communications.

Legal basis: your consent and/or pre-contractual measures taken at your request.

Retention: for the time needed to handle your request and, afterwards, up to 24 months for follow-up and record-keeping, unless a longer legal period applies.

4.2 Newsletter

Purpose: sending the GenAI Community EU newsletter (community posts, chapter events, and summit news).

Legal basis: your consent, given when you subscribe.

Retention: until you unsubscribe or withdraw your consent.

4.3 Site security and spam prevention

Purpose: protecting forms against abuse and bots (Google reCAPTCHA Enterprise).

Legal basis: our legitimate interest in the security and integrity of the service.

Retention: for the time necessary for security analysis, in accordance with the provider's policy.

5. Recipients

We may share personal data with providers that deliver services necessary to operate the website. These providers process data under our instructions and the corresponding data processing agreements:

• Vercel Inc. — website hosting and serverless functions.
• Resend — transactional email delivery for form notifications.
• Google (reCAPTCHA Enterprise, Tag Manager, Analytics) — spam protection and, subject to your consent, audience analytics.

We may also disclose data to public authorities, courts, and tribunals where there is a legal obligation to do so.

6. International Transfers

Where providers process data outside the European Economic Area (EEA), we apply the appropriate safeguards required by data protection regulations (for example, European Commission adequacy decisions or Standard Contractual Clauses) to ensure an equivalent level of protection.

7. Your Rights

You may exercise the following rights: access, rectification, erasure, objection, restriction of processing, portability, and withdrawal of consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

To exercise them, write to rgpd@mytechplan.com, indicating the right you wish to exercise. We may request additional information to verify your identity. You may also file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have not been adequately addressed.

8. Security

We apply reasonable technical and organizational measures appropriate to the risk, including access controls, encryption of communications (TLS), and incident management procedures, to protect personal data against destruction, loss, alteration, or unauthorized access.

9. Minors

This website is not directed at minors under 14 years of age, and we do not knowingly collect their personal data. If we become aware that data from a minor under 14 has been provided without authorization, we will delete it as soon as possible.

10. Cookies

We use cookies and similar technologies. Consent is requested through a banner when you first access the website, and you can change your preferences at any time via the "Manage cookies" link in the footer.

Necessary

Essential for the site to function. No consent required.

Analytics

Help us understand how the site is used. Only activated with your explicit consent.

Third-party services

• Google Tag Manager / Analytics: management of analytics scripts (loaded only with consent).
• Google reCAPTCHA Enterprise: spam protection for forms; may set cookies to verify user interaction.
• Vercel Analytics: privacy-friendly, aggregate traffic measurement that does not use cookies or track individuals across sites.

11. Changes

We may update this Privacy Policy to reflect legal, technical, or operational changes. The current version will always be available on the website, with its date of last update.