N°04
ES
EL PUERTO
Local diary · Bay of Cadiz · since 2024
Data protection

Privacy policy

What data we touch, what data we don't, and how to exercise your rights.

  • Updated: April 2026

This policy explains, without dressing it up, what personal data this site handles and what it does with it. It has been drafted in line with Regulation (EU) 2016/679 (GDPR) and Spain's Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

1. Data controller

  • Controller: Juan José Villanueva Borrego
  • Residence: El Puerto de Santa María, Cádiz (Spain)
  • Privacy contact: legal@elpuerto.ai
  • Website: elpuerto.ai

As a personal, non-commercial project with no economic activity, there is no legal obligation to appoint a Data Protection Officer (DPO). All requests are handled directly by the controller at the address above.

2. First, what we do not do

This site is designed to minimise the processing of personal data. Specifically:

  • We do not use first-party or third-party cookies. No technical, analytics or advertising cookies. That is why you will not see a consent banner: there is nothing to consent to. Any cookie warning shown by your browser was not placed by this site.
  • We do not use Google Analytics, Meta Pixel, Hotjar, Clarity or any profiling-based tracking.
  • We do not build user profiles, cross-site tracking or behavioural advertising.
  • We do not share, sell or transfer data to third parties for commercial purposes.
  • We do not collect data from children. The content of this site is not aimed at persons under the age of 14 and no data is solicited from that age group.

3. What data we process and why

a) Newsletter subscription

If you voluntarily subscribe to the weekly edition, we ask for your email address and, optionally, your name. These are stored along with the subscription date and the record of your consent in a local database on the site's server.

  • Purpose: to send you the weekly newsletter with a selection of content from the site and, occasionally, communications about the project itself.
  • Legal basis: your explicit consent (art. 6(1)(a) GDPR), which you can withdraw at any time via the unsubscribe link in every email or by writing to legal@elpuerto.ai.
  • Retention: until you unsubscribe. After unsubscribing, your email is removed from the active list.

b) Messages you send us

If you contact us by email (for example, to report an error, exercise your rights or ask a question), we process your email address and the contents of your message solely to reply.

  • Legal basis: your own act of contacting us (legitimate interest in managing communications, art. 6(1)(f) GDPR).
  • Retention: for as long as needed to handle your enquiry and meet any applicable legal obligations, after which messages are archived or deleted.

c) Technical server data

The server hosting the site logs basic technical information (request timestamp, requested URL, browser type) for the sole purpose of keeping the service running, ensuring security and preventing abuse. This information is not linked to identified individuals and is not used for behavioural analysis.

4. Cookie-free audience measurement

To understand, in aggregate, which content resonates, the site uses Plausible Analytics, a European service specifically designed not to collect personal data:

  • No cookies, no localStorage, no browser fingerprinting.
  • No IP address storage. A daily identifier is generated from a hash that prevents tracking the same visitor across days.
  • Data is processed on servers located in the European Union.

Plausible acts as a data processor (art. 28 GDPR). The legal basis is the controller's legitimate interest in knowing aggregate usage statistics (art. 6(1)(f) GDPR), balanced against your rights and freedoms: since the service does not identify visitors or build profiles, the privacy impact is minimal. You can object by writing to legal@elpuerto.ai.

5. Newsletter delivery

Technical delivery of the newsletter is handled by Resend, a transactional email provider. Resend receives your email address and the newsletter content solely to deliver it to your inbox.

  • Role: data processor (art. 28 GDPR).
  • Location: United States. This involves an international transfer of data outside the European Economic Area.
  • Safeguards: the transfer relies on Standard Contractual Clauses approved by the European Commission (Decision 2021/914) and, where applicable, on the EU-U.S. Data Privacy Framework.

6. Web fonts

The site's typefaces (Fraunces and Newsreader) are served from the site's own servers, not from Google Fonts or any other third-party CDN. No third party receives your IP address just because the fonts load. The fonts are published under the SIL Open Font License.

7. Your rights

You may exercise the following rights granted by the GDPR at any time:

  • Access: to know what data of yours we process and obtain a copy.
  • Rectification: to correct inaccurate or incomplete data.
  • Erasure (right to be forgotten): to request the deletion of your data.
  • Objection: to object to processing based on legitimate interest.
  • Restriction: to request restricted processing while a claim is verified.
  • Portability: to receive your data in a structured, machine-readable format.
  • Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to legal@elpuerto.ai stating which right you wish to exercise. We will reply within the one-month period set by the GDPR, or within the extended two-month period if the request is particularly complex (in which case we will notify you). We may ask you to prove your identity if there are reasonable doubts about who is making the request.

8. Complaints to the supervisory authority

If you believe the processing of your data does not comply with applicable law, or if you are dissatisfied with the controller's response, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es. The AEPD is the supervisory authority with jurisdiction in Spain.

9. Security

We apply reasonable technical and organisational measures to protect the data: TLS encryption across all site traffic, restricted access to the site's local database and regular backups. No system is invulnerable, but the volume and sensitivity of data processed here is deliberately low, precisely to minimise the impact of any incident.

10. Changes to this policy

This policy may be updated when the tools, providers or applicable rules change. The date of the most recent revision appears at the top of the document. Where relevant, significant changes will be communicated to newsletter subscribers.

Questions about this policy or your data? Write to legal@elpuerto.ai.