Privacy Policy
1. Data Controller and Privacy Commitment
The data controller of this website is Diego Orlando, a professional photographer based in San Sebastián, Guipúzcoa, Spain. This site has been designed and developed following the «privacy by design» principle, as recognized by Article 25 of the General Data Protection Regulation (GDPR), which means that personal data protection has been considered a fundamental element from the project's very conception. This proactive approach to privacy is implemented through a technical structure that minimizes personal data collection while maximizing information protection measures.
2. Data Processing and Cookies
This website has been designed following the principle of data minimization, which means it does not directly collect any personal information. The website does not implement contact forms, does not require user accounts, and does not maintain databases with personal information on its servers.
To ensure proper functioning and security of the website, as well as to protect the intellectual property rights of the photographic content, it is necessary to process certain technical information through two specialized service providers: Cloudflare for website hosting and security, and SmartFrame for the protection and secure display of images. This processing is strictly limited to the technical data necessary to provide these essential services.
Additionally, to enhance the browsing experience, the site uses the browser's local storage (localStorage) for the sole purpose of maintaining the user's selected language preferences. This technical functionality operates exclusively on the user's device, with the information never leaving the local browser or being accessible from any external server. Due to its local nature and strictly technical purpose, this storage neither allows nor aims for personal identification of users.
The legal basis for processing the necessary technical information is founded on legitimate interest in providing a secure web service and protecting intellectual property rights of the content, always under the principle of data minimization and applying appropriate technical and organizational measures to ensure user privacy.
3. Third-Party Services
3.1 Cloudflare
This website is hosted on Cloudflare Pages, whose data processing is based on legitimate interest in accordance with Article 6.1.f of the General Data Protection Regulation (GDPR). This legitimate interest is justified by several fundamental needs for service operation: ensuring the technical security of the website and its users against cyber threats, maintaining optimal service availability and performance, providing secure connections through SSL/TLS encryption, and preventing fraudulent access while protecting site integrity.
In this context, Cloudflare processes essential technical information such as IP addresses and basic connection metadata. This processing is strictly necessary for the basic functioning of the web service and is primarily carried out on globally distributed edge servers. The technical data processed represents the minimum required to provide a secure and efficient web service.
For international data transfers, Cloudflare implements appropriate safeguards through the EU-US Data Privacy Framework and EU Standard Contractual Clauses. The data is not used to individually identify users nor shared with third parties, except when legally required.
The relationship with Cloudflare is governed by a Data Processing Agreement that establishes the obligations and responsibilities of both parties in data processing, ensuring compliance with applicable data protection regulations. For detailed information about how Cloudflare processes data and its security measures, you can consult their Trust Hub and GDPR Center at www.cloudflare.com/es-es/trust-hub/gdpr/.
3.2 Smartframe
The site uses SmartFrame Technologies Ltd. for the protection and secure display of images. SmartFrame's information processing occurs at two different levels.
The first level corresponds to the essential technical measures necessary for basic service operation and intellectual property rights protection. This includes temporary session storage and technical cookies essential for proper image display and protection. This processing is based on legitimate interest, which manifests in two fundamental aspects: firstly, the need to provide secure visual content display service that users request when accessing the website, and secondly, the protection of copyright over photographic works, ensuring that artistic content is displayed and shared in a controlled manner, preventing unauthorized use. This protection is essential to safeguard the intellectual property of photographic work and ensure respect for copyright in the digital environment.
The second level involves generating statistics about visual content viewing. SmartFrame processes this information in an aggregated and anonymous form, generating data that does not allow individual user identification. These statistics include general metrics such as total views, general geographic regions from where content is accessed, and general patterns of image interaction. As this information is completely anonymized, this processing does not constitute personal data processing as established in current data protection regulations and, therefore, does not require additional consent.
The website has chosen to implement SmartFrame specifically for its privacy-focused approach and its ability to provide useful information about visual content usage without compromising user privacy. For detailed information about SmartFrame's technical measures, anonymization processes, and privacy policies, you can directly consult their documentation at www.smartframe.io/privacy-policy and their cookie policy at www.smartframe.io/cookie-policy.
4. Security Measures
The website's security is built on multiple layers of protection. The first layer consists of SSL/TLS encryption provided by Cloudflare, which ensures that all communications between the user's browser and the website are encrypted and secure. This is evidenced by the «https://» protocol and the padlock visible in the browser's address bar.
Cloudflare provides additional security measures including protection against Distributed Denial of Service (DDoS) attacks, a web application firewall that filters malicious traffic, and continuous threat monitoring systems. These measures are constantly updated to respond to new security threats. The implemented static website architecture offers significant security advantages. By not using databases or dynamic information processing on the server, it eliminates a wide surface of potential attacks. This architecture significantly simplifies the security model, as there are no entry points for SQL injections, cross-site scripting (XSS) attacks, or other common vulnerabilities found in dynamic websites.
For visual content protection, SmartFrame implements specific technologies that prevent unauthorized image copying and provide granular control over how content is shared and displayed. This additional security layer ensures the integrity and copyright of visual content without compromising user experience.
The website maintains all its security components up to date and performs periodic verifications to ensure all protection measures are functioning correctly. These security practices align with current industry standards and best practices in web security.
5. Email Communication
The website provides an email address in the footer for contacting the photographer. This communication method is designed so that users must use their own email service provider (such as Gmail, Outlook, or other services) to send messages. The website does not incorporate contact forms or direct messaging systems, ensuring that communication is established entirely through the user's and photographer's email servers.
Email communication privacy and security are subject to various factors that users should consider. Primarily, they depend on the security measures implemented by the user's chosen email provider and their corresponding privacy policies. Additionally, the privacy level is determined by the amount and type of information that users voluntarily choose to include in their messages.
In this context, it is essential to understand that any personal information shared in email communications is done under the user's express responsibility and decision. Therefore, it is recommended to include only the information strictly necessary for the purpose of the communication, carefully evaluating what personal data is shared in each message.
6. Social Media Links
Regarding social media links provided on the website, a warning system has been implemented before redirection. This system informs users that they are about to leave the website and access an external platform that operates under its own privacy and cookie policies. Personal data processing on these platforms is governed by each social network's specific conditions, which may differ significantly from those applied on this website.
Given the independent nature of these platforms and their specific data processing policies, it is essential for users to consult and review the privacy policies of each social network before interacting with their services. This precaution will allow users to make informed decisions about using these platforms and the processing of their personal data in these environments. This same consideration applies to all external links included on this website, including those mentioned in this privacy policy, as each destination website operates under its own policies and terms of use.
7. User Rights and Control
It is essential to emphasize that this website has been designed under the principle of data minimization, meaning it does not directly collect or store personal data. Nevertheless, in compliance with current data protection regulations and in the interest of maximum transparency, we recognize and guarantee all rights granted to users by law concerning their personal data.
The current regulatory framework for personal data protection establishes fundamental rights that all users may exercise. These include the right of access, which allows users to know if data concerning them is being processed and to receive detailed information about such processing. The right to rectification enables users to correct inaccurate data or complete incomplete data. The right to erasure, also known as the «right to be forgotten», allows users to request the deletion of personal data when it is no longer necessary for the purposes for which it was collected.
Equally important are the right to restriction of processing, which allows users to limit the processing of their data under certain circumstances; the right to data portability, which facilitates obtaining and reusing personal data in a structured format; and the right to object, which allows users to oppose the processing of their data for reasons related to their particular situation.
To exercise any of these rights, or to resolve doubts or submit queries related to personal data processing, users can contact the website controller through the email address provided in the footer. The communication should include a clear description of the right to be exercised and the information necessary to process the request appropriately.
It is important to note that, given the static nature of this website and its policy of not collecting personal data, the exercise of these rights will mainly relate to technical information processed by the third-party services mentioned in this policy, such as Cloudflare and SmartFrame, always within the limits and scope described in the corresponding sections.
8. Supervisory Authorities
If a user considers that the processing of their personal data does not comply with current regulations, they have the right to file a complaint with the competent supervisory authority in their jurisdiction.
9. Modifications and Contact
This policy may be updated when necessary to reflect changes in privacy practices or applicable regulations. Since this website does not collect personal data or maintain a user database, it is not possible to send direct notifications about policy updates.
The website commits to maintaining updated links to third-party privacy policies (Cloudflare and SmartFrame) included in this document. However, since these policies are managed by their respective companies, it is recommended to always verify the most recent information directly on their official websites.
For any inquiries related to this policy, you can contact us through the email address provided in the website footer. The update date shown below allows you to identify the current version of the policy.
Last updated: December 15, 2024.