Privacy Policy

Privacy Policy

In accordance with Articles 13 and 14 of the GDPR (Regulation 2016/679), this document (the “Privacy Notice”) describes the processing of personal data – any data that can be used to identify a natural person – on the digital platform https://covid-hl.org/ (the “Service”).

The Data Administrator reserves the right to change portions of this Policy without prior notice. Changes are effective upon publication. Continued use of the Service constitutes acceptance of the updated Terms and Conditions. Users may request deletion of data and termination of access if the changes are deemed unacceptable.

1. Categories of personal data processed

The website collects the following types of data:

A. Operational Technical Logs

Infrastructure metadata: Routine server operations can generate records of IP addresses, domain identifiers, resource paths (URIs), timestamped requests, HTTP protocols, and file dimensions. While such data is not inherently personally identifiable, it can potentially be linked to external data sets to determine user identity.

B. Tracking Technologies

The website uses cookies, pixel tags, and similar mechanisms to record interaction metrics (e.g., page visits, link engagement). These identifiers may persist across sessions. For more information, see  the Cookie Policy  .

2. Purposes of data use

The information is processed for the following purposes:

Infrastructure Operations:  Data retention through technical systems.  Hosting services provided by SiteGround Spain SL  based on contractual agreements.

Aggregate Analytics:  Compilation of non-personal statistical models.  Anonymous datasets provided to Google LLC  .

User experience analysis:  Evaluation of platform interaction patterns.  Interaction data transferred to Google LLC  .

Personalized Advertising:  Providing behaviorally targeted advertising.  Data shared with Google LLC for remarketing purposes  .

3. Processing Methodologies

Data is processed through automated systems, digital interfaces, and organizational protocols tailored to specific purposes. Access is limited to authorized personnel (e.g., technical teams, administrative staff) and external parties (e.g., IT providers, logistics partners) bound by confidentiality obligations as joint controllers or processors.

4. Legal basis for processing

Data processing is justified within the following framework:

  • Explicit consent to specific processing activities;
  • Contractual necessity, including due diligence before entering into a contract;
  • Statutory or regulatory obligations applicable to the Data Controller;
  • Public interest mandates or official powers granted to the Data Controller;
  • Legitimate interests pursued by the Data Controller or third parties, if proportionate;
  • Important protection of the interests of natural persons, including users and third parties.

5. Geographic scope of data processing

Information is processed at the Data Controller’s main operational facilities and in any other geographical locations where authorized third parties (e.g., suppliers, service partners) operate. Transfers are carried out in accordance with GDPR safeguards, including standard contractual clauses for cross-border data flows.

6. Security mechanisms

Data is protected using advanced encryption protocols, multi-layered access controls, and routine third-party audits. The data controller implements industry-standard technical and organizational measures to mitigate the risk of unauthorized access, alteration, or disclosure, ensuring compliance with applicable data protection frameworks.

7. Retention periods

Data is stored only for the period required to achieve the purpose of its collection, including contract periods, statutory retention obligations, or pending legal disputes. Data provided based on consent is stored until the consent is withdrawn. After storage, the data is permanently anonymized or securely destroyed within 30 days, making it impossible to recover.

8. Disabling automated decision-making

No algorithmic decision-making systems (e.g., profiling) are used to assess, influence, or determine personal rights or significant interests. All decisions affecting users involve solely human intervention and contextual assessment.

9. User rights and requests

You have the following rights under the GDPR:

  • Withdraw consent at any time;
  • Request that processing activities cease;
  • Accessing and viewing stored personal data;
  • rectification of inaccurate or incomplete data;
  • Restrict processing under certain conditions;
  • Requests for permanent deletion (“right to be forgotten”);
  • Obtain portable copies of your data to transfer to alternative providers;
  • File complaints with supervisory authorities or seek judicial remedies.

Reports can be submitted using the contact details provided in this Policy. Responses are provided free of charge within 30 days, subject to identity verification. In complex cases, this period may be extended by an additional 60 days upon prompt notification.