Skateparks.world is committed to protecting the privacy of individuals in accordance with the EU General Data Protection Regulation (GDPR). This page explains how we collect, process, and protect personal data.
Data Controller
Skateparks.world operates the website at skateparks.world. For data protection inquiries, please visit our contact page.
What Personal Data We Collect
We collect and process the following categories of personal data:
- Account data: Email address, display name (when you create an account)
- Review data: Display name, optional email, and review content (when you submit a rating or review)
- Suggestion data: Name, optional email, and suggested changes (when you submit a park update)
- Upload data: Name, optional email (when you upload photos)
- Technical data: IP address hash (anonymised), browser type, and device information collected automatically
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent (Art. 6(1)(a)): When you voluntarily submit reviews, photos, or suggestions
- Contract (Art. 6(1)(b)): When necessary to provide you with an account and our services
- Legitimate interest (Art. 6(1)(f)): For website security, fraud prevention, and service improvement
Data Retention
We retain personal data only as long as necessary for the purposes described above:
- Account data: Retained until you delete your account
- Reviews and ratings: Retained indefinitely as community content, but can be removed upon request
- Technical logs: Automatically deleted after 90 days
Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to restrict processing (Art. 18): Request limitation of how we process your data
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw previously given consent at any time
To exercise any of these rights, please contact us. We will respond within 30 days.
International Data Transfers
Our services are hosted on infrastructure provided by Vercel and Supabase, which may process data in the United States and other countries. These providers maintain appropriate safeguards including Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data transfers.
Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for database storage
- IP address anonymisation (hashing)
- Access controls and authentication for administrative functions
Cookies
For details on how we use cookies and similar technologies, see our Cookie Classification page.
Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.