Política de Privacidad

PRIVACY POLICY AND DATA PROCESSING OF MADBITCOIN.ORG AND MADBITCOINSUMMIT.COM

Last updated: 1 November 2025

This data protection policy complies with:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights.

IDENTITY OF THE DATA CONTROLLER AND CONTACT DETAILS

Controller: Aldona Zukowska-Caramés
NIE/Identifier: X8911719R
Contact email: info@madbitcoin.org
Websites: https://madbitcoin.org / https://madbitcoinsummit.com
Address for correspondence: Calle Serrano, 110, CP 28006, Madrid, Spain
Users may contact this address in case of complaints or requests.

1. SCOPE AND PURPOSE OF THE POLICY

This policy informs about the processing of personal data collected through MadBitcoin’s websites and forms (including ticket purchases, newsletters, speaker/sponsor forms, CV submissions, and the management of both physical and online events).

It also regulates the use of tracking technologies such as cookies. The cookies policy is included on this website. Both domains offer payment options in EUR and Bitcoin (on-chain and Lightning).

2. CATEGORIES OF DATA PROCESSED

Depending on the purpose of the processing, the following categories of data are processed.

These categories arise from the interaction of third parties as consumers, users, attendees, or contractors of products or services within the digital environments of the domains owned by the Controller:
https://madbitcoin.org
https://madbitcoinsummit.com

Specifically, the categories of data processed by the Website owner include:

Identification data: name, surname(s), NIF/CIF.
Contact data: email, phone number, postal address.
Billing data: tax address, company details.
Payment data: processed by external payment providers.
Professional data: company, position, sector.
Browsing data: IP address, cookies, access logs.
Usage metadata: interaction with the website and networking app.
Bitcoin payments: transaction identifiers and public addresses necessary for accounting verification (on-chain transactions are public).

No special categories of data are processed in accordance with Article 9 GDPR.

3. PURPOSES OF DATA PROCESSING FOR THE VARIOUS SERVICES AND/OR PRODUCTS OFFERED

a) Management of registrations, accreditations, and ticket purchases (including the issuance of invoices as part of the execution of different product and service categories).
b) Logistical management of the event (access lists, accreditations, VIP credentials, attendee assistance).
c) Sending informational and commercial communications (newsletter, promotions, updates on organized events—especially the MadBitcoin Summit to be held on 9–12 May 2026).
d) Management of speakers, sponsors, and suppliers. The legitimate interest of data processing includes related contracts, negotiations, and billing.
e) Processing of applications and CVs for speaking opportunities or employment.
f) Production and dissemination of podcasts and educational content on the website and on third-party platforms (including YouTube and similar). It also includes services within the Academy section of the aforementioned websites.
g) Handling inquiries, complaints, and claims through the Controller’s contact channels.
h) Accounting verification of payments in fiat currency or Bitcoin to ensure accurate billing based on the contracting profile.
i) Access to the networking app and organization of parallel activities.

4. LEGAL BASIS FOR DATA PROCESSING AND LAWFULNESS

1) Explicit consent.
Processing is lawful only if the data subject gives consent for one or more of the specific purposes listed above. This applies when the data subject participates directly or indirectly in the event or enters into any contract for services or products offered via the websites. (Art. 6.1(a) GDPR and Art. 6 LOPDGDD).

2) Contract performance.
Processing is lawful when necessary for the performance of contracts with speakers, sponsors, collaborators, and attendees purchasing various ticket types or other products and services. (Art. 6.1(b) GDPR).

3) Legal obligation (Art. 6.1(c) GDPR).
Processing carried out by the Controller to comply with legal, accounting, and fiscal duties shall follow the principles of:

Lawfulness, fairness, and transparency – informing users clearly.
Purpose limitation – using data only for event management, billing, networking, and communication.
Data minimization – collecting only what is strictly necessary.
Accuracy and currency.
Storage limitation – not keeping data longer than necessary.
Integrity and confidentiality – implementing technical and organizational security measures.
Accountability – demonstrating compliance with GDPR obligations.

4) Legitimate interest.
Processing is necessary for the legitimate interests pursued by MadBitcoin or a third party, provided these do not override the rights and freedoms of the data subject (Art. 6.1(f) GDPR).

**5. BITCOIN PAYMENTS (on-chain / Lightning) – SPECIFIC NOTICE**

If the customer chooses to pay in BTC (on-chain or Lightning), they should be aware that on-chain transactions are public on the blockchain and their traceability does not depend on MadBitcoin.

MadBitcoin will only retain the data essential to verify and record the transaction (receiving address, transaction ID, date, and amount) and will process it based on contract execution and legal accounting/tax obligations.

It is recommended that the payment gateway inform buyers that “on-chain transactions are public.”

6. DATA RETENTION

Personal data will be retained for as long as necessary to fulfil the purpose for which they were collected, and thereafter for the periods required by tax, accounting, and commercial law.

Specifically:

Purchase/accounting data: retained for the legally required minimum period (currently 6 years for accounting/tax purposes in Spain, to be confirmed with a tax advisor).
Marketing (newsletter) data: retained until consent is withdrawn.
Applications (CVs): retention is determined by agreement with the data recipient.

7. RECIPIENTS AND DATA PROCESSORS

Recipients include:

Technology and payment service providers.
Tax and administrative authorities where there is a legal obligation.

Data may be shared with processors and technical providers offering services to MadBitcoin, including ticketing platforms, fiat/BTC payment gateways, hosting providers, mailing/CRM systems, analytics services, communication agencies, and event logistics companies. Each provider’s own website and policies apply regarding legal notices, privacy, cookies, and applicable EU/Spanish payment service regulations.

8. INTERNATIONAL DATA TRANSFERS

If any provider processes data outside the European Economic Area (EEA), the safeguards required by the GDPR will be implemented (adequacy decisions or standard contractual clauses). The country and applicable safeguards will be identified where specific transfers occur.

9. DATA SUBJECTS’ RIGHTS

Users may exercise their rights to:

Access, rectification, erasure, objection, restriction, and portability (Arts. 15–22 GDPR and Arts. 11–18 LOPDGDD).
Withdraw consent at any time.
File a complaint with the Spanish Data Protection Agency (AEPD) if they believe their rights have been violated.

10. SECURITY MEASURES

The Controller will implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of data (Arts. 24–34 GDPR).

MadBitcoin applies reasonable technical and organizational measures to protect data, including access control, encryption when appropriate, backups, and data processing agreements requiring security safeguards. Operational security details are not published for safety reasons.

11. COOKIES AND TRACKING TECHNOLOGIES

MadBitcoin and its service or product environments have a separate and accessible Cookies Policy. A specific Consent Management Platform (CMP) is also provided.

The cookies policy explains the categories, purposes, and responsible parties for each cookie (own or third-party).

Due to the functionality of the websites https://madbitcoin.org and https://madbitcoinsummit.com, where ticket purchasing, social integrations, and analytics are offered, all valid consents are logged.

This enables the maintenance of a Record of Processing Activities (RPA/ROPA), as required by Article 30 GDPR and Article 31 of Organic Law 3/2018 (LOPDGDD), providing an inventory of all data processing activities to demonstrate compliance.

12. CHANGES TO THIS POLICY

This policy may be updated whenever necessary in accordance with legal changes or updates to services and products.

The update date is stated at the top of this document (1 November 2025). Any material changes will be announced on MadBitcoin’s official domains.