Privacy policy

Data controller

The controller responsible for the personal data collected through https://bestiarypedia.com is [Configurar en admin] ([Configurar en admin]), with tax ID/VAT [Configurar en admin] and registered office at [Configurar en admin]. For any question related to the protection of your data, you can contact the controller at [email protected].

Data we collect

The site processes the minimum personal information necessary for its operation. Specifically, we may process the following categories of data:

• Technical browser data (IP address, user-agent, browser language, referer) logged on the server for security and diagnostic purposes, kept for a maximum of 30 days.
• Non-personal identifiers (cookies and localStorage) associated with your usage preferences: language, visual theme and favorites. This data stays on your device and is not transferred to the server unless future sync is enabled.
• Data voluntarily provided through the press form (name, email, outlet, message) to reply to your inquiry. Kept while the conversation is open and, afterwards, up to 12 months for editorial traceability.
• Data submitted when reporting content (email, description) to handle the review or takedown request, kept for 24 months as documentary evidence of the process.
• Technical and preference cookies as described in the cookies policy. We do not use third-party advertising cookies without your prior consent.

Legal basis for processing

The processing of data is based on the following legal grounds under Article 6 of the GDPR: (a) legitimate interest of the controller for security logs and editorial traceability; (b) the freely given consent of the data subject for non-essential cookies and any newsletter subscription; (c) contractual execution or pre-contractual measures to handle inquiries sent through the press form; (d) compliance with legal obligations where applicable.

Retention periods

Data is kept only for the time necessary to fulfill the purpose for which it was collected. Technical logs: 30 days. Press inquiries: up to 12 months after closing the conversation. Content notifications: 24 months. Browser preferences: until the user deletes them. After the relevant period, data is deleted or anonymized.

Processors and transfers

To operate the site, relies on service providers acting as processors. All processors are bound by contracts compliant with Article 28 of the GDPR and equivalent safeguards:

• Hosting and cloud infrastructure provider, located in the European Union, in charge of serving the site and processing technical logs.
• Content delivery network (CDN) to accelerate the delivery of static assets. Processes traffic metadata without associating it with identifiable personal data.
• Providers of AI models used to generate text and images from editorial prompts. They do not receive personal data from site visitors.
• If metrics are added in the future, this will be done with tools that respect privacy by design (no tracking cookies) and after notice in this policy.

We do not carry out international transfers of data outside the European Economic Area without adequate safeguards (standard contractual clauses, adequacy decisions or equivalents). You may request a copy of the applicable safeguards at [email protected].

Your rights

Under Articles 15 to 22 of the GDPR, you have the right to:

• Access the personal data we process about you.
• Rectify data that is inaccurate or incomplete.
• Request the deletion of your data when it is no longer necessary or you withdraw your consent.
• Request the restriction of processing while a request is being resolved.
• Receive in a structured format the data you have provided, where technically feasible.
• Object to processing based on legitimate interest when grounds related to your particular situation apply.

To exercise any of these rights, simply write to [email protected].

Lodging a complaint with a supervisory authority

If you believe that the processing of your data does not comply with the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or the supervisory authority competent in your country of residence.

Security measures

[Configurar en admin] applies reasonable technical and organizational measures to protect data against unauthorized access, loss or alteration: encryption in transit (TLS), role-based access control, hardened two-factor authentication on internal management systems, encrypted backups and periodic audits of dependencies.

Minors

The site is intended for a general adult and accompanied juvenile audience due to its cultural and educational nature. We do not knowingly request or process personal data of minors under 14 without consent from their parents or legal guardians. If we detect that such data has been collected, we will delete it without delay.

Changes to this policy

[Configurar en admin] may update this policy to reflect regulatory changes or operational improvements. The date of last revision appears at the top. Substantial changes will be announced reasonably in advance through visible notices on the site.