Privacy Policy

This privacy policy explains how the HHH Project (“we”, “us”) collects, uses, and protects personal data in connection with the website hhhproject.es. This policy is effective from July 2026 and applies to all visitors to the site. It has been written in compliance with the General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection (LOPDGDD).

Who We Are

The HHH Project operates the website hhhproject.es, an informational blog about urban neighbourhoods and cardiovascular health. The data controller for personal data processed through this site can be contacted at [email protected].

What Data We Collect and Why

Server Logs

When you visit this website, our web hosting provider automatically records certain technical information in server logs. This includes your IP address, the pages you visit, your browser type, and the date and time of your visit. This data is processed for the legitimate interest of maintaining website security and diagnosing technical problems. Server log data is retained for a maximum of 30 days and is not used to identify individual visitors.

Contact Enquiries

If you send us an email via the address listed on the contact page, we will receive and store the information you include in that message — typically your name, email address, and the content of your enquiry. This data is used solely to respond to your message. It is not shared with third parties and is deleted once the enquiry has been resolved, or within 12 months if no resolution is required.

Cookies

This site uses only essential cookies necessary for the website to function. We do not use cookies for advertising, tracking, or analytics purposes. No cookie consent for non-essential cookies is required because none are set. If this changes in the future, this policy and any applicable cookie notice will be updated before any non-essential cookies are introduced.

What We Do Not Collect

This site does not operate user accounts, membership areas, or e-commerce functionality. We do not collect payment information, create user profiles, or store browsing histories. We do not use third-party advertising networks or social media tracking pixels.

Legal Basis for Processing

Personal data processed through server logs is processed on the basis of legitimate interests (Article 6(1)(f) GDPR) — specifically, the interest in maintaining a secure and functioning website. Personal data submitted via email contact is processed on the basis of your consent in initiating contact (Article 6(1)(a) GDPR) and, where relevant, to take steps at your request (Article 6(1)(b) GDPR).

Data Sharing

We do not sell, rent, or share personal data with third parties for commercial purposes. Server log data is held by our hosting provider, who acts as a data processor under a data processing agreement. We do not transfer personal data outside the European Economic Area.

Data Retention

Server log data is retained for up to 30 days. Email correspondence is retained for up to 12 months from the date of last contact, after which it is deleted. If you request deletion of your data earlier, we will comply within 30 days.

Your Rights

Under the GDPR, you have the right to access personal data we hold about you, to request correction of inaccurate data, to request deletion of your data (the “right to be forgotten”), to object to processing based on legitimate interests, and to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos — AEPD) at www.aepd.es. To exercise any of these rights, contact us at [email protected].

Changes to This Policy

We may update this privacy policy from time to time. Any material changes will be posted on this page with an updated effective date. Continued use of the site after changes are posted constitutes acceptance of the revised policy.

Last updated: July 2026