COOKIES POLICY
Last updated: 2025-11-01.
1. WHAT COOKIES ARE. SITE STRUCTURE
Cookies are small files that a website can place on your device when you visit it. They are used to improve navigation, store preferences, manage sessions and—with your consent—carry out statistical measurement and marketing.
The site madbitcoinsummit.com/es includes features such as: ticket sales, social‑media integrations, a networking app, and payments in BTC and EUR.
2. APPLICABLE LEGISLATION
- Regulation (EU) 2016/679 (GDPR), Art. 4(11), Art. 6, Art. 7; Recital 32.
- EDPB — Guidelines 05/2020 on consent under Regulation 2016/679 (European Data Protection Board).
- Spanish Data Protection Agency (AEPD) — Guide on the use of cookies (updated version); press note on alignment with EDPB criteria (implementation 11/01/2024).
- EDPB guidance and practical notes on cookie walls, logging refusals, and granular consent.
Processing of personal data via cookies and similar technologies requires—whenever the cookies are not strictly necessary—free, specific, informed, unambiguous and prior consent from the data subject. This derives from GDPR Art. 4(11) and Art. 6 and is developed in Recital 32. The EDPB has clarified the elements and scope of consent (clarity, affirmative action, ability to withdraw), and the AEPD has aligned its Cookie Guide accordingly.
3. COOKIE CATEGORIES
Technical or strictly necessary cookies
Required for the technical operation of the website and the purchase process (do not require consent). Examples:
- Maintain user session.
- Remember language and basic navigation preferences.
- Manage the ticket cart and checkout.
- Security and fraud prevention.
Functional / preference cookies
- Remember language and preferences. A cookie that stores the language selected after clicking “ES / EN” does not require consent.
- However, a cookie that remembers browsing preferences to show personalized content does require consent.
Analytics cookies
- Tools such as Google Analytics or similar to measure visits, page views, session duration, etc.
- They help to understand site performance and user behavior.
Marketing / advertising cookies
- Possible integrations with social networks (LinkedIn, X/Twitter, Instagram, etc.).
- Tracking pixels for advertising campaigns.
- Audience segmentation for remarketing.
Third‑party cookies for payments
- When using EUR payment gateways, they usually set their own cookies to verify transactions.
- In the case of Bitcoin payments (on‑chain or Lightning), no cookies are set, but transaction identifiers are generated on‑chain (public data, not a cookie).
On our domain the following are used:
First‑party cookies
Cookies sent to the user’s device from a server or domain managed by the publisher and providing the service requested by the user. Specifically, we use:
| TYPE | PROVIDER | PURPOSE |
|---|---|---|
| Strictly necessary | MADBITCOIN | Provide registration, session and activation of free and paid services. Session continuity across different browsers. |
Third‑party cookies
Payment providers are subject to the following sectoral rules:
- EU framework: PSD2 (Directive (EU) 2015/2366) and its transposition into Spanish law. In Spain, the relevant regulation is Law 16/2009 on Payment Services and its updates for PSD2.
- For BTC payments, compliance with Regulation (EU) 2023/1114 (MiCA) on markets in crypto‑assets.
This is without prejudice to other applicable rules.
| TYPE | PROVIDER | PURPOSE |
|---|---|---|
| Payment methods | GETNET EUROPE, Entidad de Pago, S.L.U. Commercial Registry of Madrid, Volume 30,826, Page 98, Sheet M‑554,802. Links: https://www.getnet.eu/cookies • soportetpvgetnet@getnet.eu • +34 91 050 34 04 • https://www.getnet.eu/politica-de-privacidad • https://www.getnet.eu/reclamaciones | Provide registration, session and activation of payment services up to execution. |
| BTC payments | BITCOINFORME S.L. (BIT2ME brand) CIF B54835301. Authorized by the CNMV as a crypto‑asset service provider (CASP) under Regulation (EU) 2023/1114 (MiCA), resolution of 2025‑07‑28. Links: https://bit2me.com/es • +34 910 91 37 88 • Terms: https://legal.bit2me.com/es/support/solutions/articles/35000292850-términos-y-condiciones-generales-de-los-servicios-de-bit2me • Cookies: https://legal.bit2me.com/es/support/solutions/articles/35000291056-política-de-cookies • Privacy: https://legal.bit2me.com/es/support/solutions/articles/35000291559-política-de-privacidad | Provide registration, session and activation of payment services up to execution in BTC. Carry out activities proper to a crypto‑asset service provider as defined in Regulation (EU) 2023/1114. |
3bis. RELEVANT DEFINITIONS (for interpretation and contractual execution)
- Valid consent: an express and verifiable statement, through a free and specific affirmative action for each purpose.
- CMP (Consent Management Platform): the technical tool that shows the first and second information layers, blocks scripts until consent, and records consent evidence.
- Verifiable consent log: digital evidence enabling reconstruction of what was accepted, when, and under which context.
4. CONSENT MANAGEMENT
Purpose: regulate the mechanism for obtaining, recording, storing and withdrawing consent for the activation and use of cookies and other tracking technologies on the website, in accordance with the GDPR, applicable ePrivacy rules and the AEPD Cookie Guide.
On first visit, the site will display a consent manager (CMP) with visible options: Accept all / Reject all / Configure preferences.
Consent must be recorded in a verifiable way (timestamp, policy version, IP where appropriate).
4.1 Legal basis
Before activating any non‑essential cookies or tracking technologies, MadBitcoin obtains prior, free, informed, specific and unambiguous consent from the data subject, under GDPR Art. 6 and EDPB/AEPD guidance.
4.2 Principles
Consent will be: (i) prior to activation of non‑essential cookies; (ii) separate per purpose; (iii) documented and verifiable; (iv) revocable at any time.
4.3 Minimum required UX/mechanism
On the user’s first visit, a CMP will offer, at minimum, clear and visible options: Accept all, Reject all, and Configure preferences.
“Reject all” must have the same visibility and ease of use as “Accept all”. No pre‑ticked boxes or dark patterns will be used.
4.4 Granularity and separation of acts
The CMP will request consent by purpose categories (e.g., analytics, marketing, personalization) and, where appropriate, by provider. Acceptance of Terms & Conditions or the Privacy Policy is a separate act and must not be conflated with cookie consent.
4.5 Technical prior blocking
There will be technical blocking that prevents the execution of non‑essential scripts, tags and cookies until consent is given. Technically, third‑party tags will be sandboxed and injected only when the CMP indicates consent for that category.
4.6 Handling refusals
Refusals will be logged as an indicator/flag and only the information necessary to evidence the refusal will be kept, without creating profiles. The chosen configuration will be respected until changed or withdrawn by the user. Where the user rejects per category, the policy may store it as a generic flag or code, without creating a unique identifier that facilitates profiling—aligning with EDPB practical suggestions where applicable. The controller will document the approach in the Records of Processing Activities (ROPA).
4.7 Processor obligations
Any provider involved in activating or storing consent records (CMP, e‑commerce platforms, mailing providers, payment gateways, ticket providers) must sign a data processing agreement (Art. 28 GDPR) that includes secure export of consent records upon the controller’s request.
4.8 Right to withdraw
The user may withdraw consent at any time via the “Manage cookies” panel accessible from the footer. Withdrawal will take effect in real time and will be logged as a revocation in the evidence system.
4.9 Versioning and re‑consent
Any material change in purposes or the set of providers will trigger a new policy version and a re‑consent request where appropriate.
Before activating cookies or tracking technologies that are not strictly necessary for service delivery, MadBitcoin will request consent via a CMP allowing the user to accept, reject or configure preferences by categories and, where applicable, by providers. Consent will be prior, free, informed, specific and verifiable; MadBitcoin will electronically record evidence of consent (including date/time, policy version and categories consented). Withdrawal can be exercised at any time via the “Manage cookies” panel. In case of refusal, only strictly necessary cookies will be activated and the essential service will be ensured.
5. HOW TO DISABLE OR DELETE COOKIES
The user can review and change preferences via the “Manage cookies” link in the footer. Cookies can also be deactivated through the browser settings. However, disabling strictly necessary cookies may prevent the site from working correctly.
At any time the user can stop accepting cookies through the browser, allowing, blocking or deleting cookies installed on the device (computer, mobile, tablet and other devices). Without enabling the cookies described above, certain web services will not be provided.
Below are links explaining how to manage cookies in the main browsers:
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=es&answer=95647
- Explorer: https://support.microsoft.com/es-es/kb/278835
- Firefox: http://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-que-los-sitios-we
- Safari: https://support.apple.com/kb/PH17191?locale=es_ES
6. RECORDS OF PROCESSING ACTIVITIES
The Records of Processing Activities (ROPA) are the internal written inventory the controller (and processors) must maintain for all personal‑data processing activities, including management of users and contracting parties. In this case, user consent is required.
The purpose is to demonstrate GDPR compliance and facilitate supervision by the supervisory authority (AEPD). The obligation is set out in Art. 30 GDPR.
Each consent record should include at least:
- consent_id (unique identifier).
- user_id / order_id (where there is a session or order) — nullable when the user is not authenticated.
- timestamp (ISO‑8601 with timezone) of acceptance or refusal.
- policy_version (identifier/version of the Cookies/Privacy Policy shown).
- consent_interface (initial banner / granular panel / checkout / API).
- categories_consented (e.g., ["analytics","marketing"]).
- raw_consent_payload (JSON with vendor/cookie details consented).
- cmp_id and cmp_version (identifier and version of the CMP used).
- user_agent and ip_hash (if IP is stored, keep a salted hash; justify in the ROPA).
- revoked (boolean) and revoked_timestamp (if applicable).
- jurisdiction / country (when the user’s location may affect validity).
Records will be kept in a secure repository with access controls, encryption in transit (TLS) and at rest (AES‑256), and auditable access logs. Evidence will be retained for at least 5 years unless different legal retention periods apply.
7. PRESERVATION AND SECURITY OF EVIDENCE
Security: consent tables/files must be recorded with access controls, encryption in transit (TLS) and at rest (AES‑256), and access‑audit logs. Do not store IPs in clear text unless justified.
Storage format: structured in a relational database or document store (JSON) with export capability — always with encrypted backups and export to CSV/JSON for audits.
Retention: for evidentiary reasons, keep evidence for at least 5 years unless other laws require different periods.
8. CONTACT FOR COOKIE‑RELATED QUESTIONS OR CLAIMS
Data Controller
- Official domains: madbitcoinsummit.com and madbitcoin.org
- Controller: Aldona Zukowska‑Carames, NIF: X8911719R
- Address: Calle Serrano, 110, 28006 Madrid
- Email: info@madbitcoin.org