Skip to main content

GDPR Compliance

Last updated: February 7, 2026

Skateparks.world is committed to protecting the privacy of individuals in accordance with the EU General Data Protection Regulation (GDPR). This page explains how we collect, process, and protect personal data.

Data Controller

Skateparks.world operates the website at skateparks.world. For data protection inquiries, please visit our contact page.

What Personal Data We Collect

We collect and process the following categories of personal data:

  • Account data: Email address, display name (when you create an account)
  • Review data: Display name, optional email, and review content (when you submit a rating or review)
  • Suggestion data: Name, optional email, and suggested changes (when you submit a park update)
  • Upload data: Name, optional email (when you upload photos)
  • Technical data: IP address hash (anonymised), browser type, and device information collected automatically

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent (Art. 6(1)(a)): When you voluntarily submit reviews, photos, or suggestions
  • Contract (Art. 6(1)(b)): When necessary to provide you with an account and our services
  • Legitimate interest (Art. 6(1)(f)): For website security, fraud prevention, and service improvement

Data Retention

We retain personal data only as long as necessary for the purposes described above:

  • Account data: Retained until you delete your account
  • Reviews and ratings: Retained indefinitely as community content, but can be removed upon request
  • Technical logs: Automatically deleted after 90 days

Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate personal data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to restrict processing (Art. 18): Request limitation of how we process your data
  • Right to object (Art. 21): Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, please contact us. We will respond within 30 days.

International Data Transfers

Our services are hosted on infrastructure provided by Vercel and Supabase, which may process data in the United States and other countries. These providers maintain appropriate safeguards including Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data transfers.

Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for database storage
  • IP address anonymisation (hashing)
  • Access controls and authentication for administrative functions

Cookies

For details on how we use cookies and similar technologies, see our Cookie Classification page.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.