PromethEUs - Privacy Policy

1. Purpose and scope

It applies to processing carried out:

when browsing the Site (technical data),
when creating and using an account,
when subscribing to the newsletter,
when publishing content (e.g. comments),
when implementing security and moderation measures.

2. Data controller

The data controller is PromethEUs, an unincorporated association (in the process of registration with the prefecture).

Address: 26 rue du Capitaine Ferber, 92130 Issy-les-Moulineaux, France

Contact: contact@prometheus-euro.eu

DPO: no data protection officer has been appointed at this stage.

3. Data processed

3.1 Data provided directly

Depending on the features used, PromethEUs may process:

Account: email address, username/profile name, account settings; hashed password (never in plain text).
Profile (optional): photo, banner, biography, links, country, date of birth (if provided).
Newsletter: email address, subscription/unsubscription status, technical traces related to registration.
Published content: comments and associated metadata (date/time, account identifier).

Note: if certain data (phone/postal address) are exchanged by email in a one-off context, they are not collected via a dedicated Site form.

3.2 Data collected automatically

When accessing the Site and for security purposes, PromethEUs may process:

Technical data: IP address, user-agent, timestamps, session information, technical identifiers.
Security data: anti-abuse events (anti-bruteforce, anti-spam, abnormal access detection), blocklists.

4. Purposes and legal bases

PromethEUs processes your data only when a legal basis exists (Article 6 GDPR).

Purpose	Main data	Legal basis
Account creation and management	email, username, settings	Performance of a contract (requested service)
Profile functionality	profile data	Contract + user choice (options)
Publishing content (e.g. comments)	content, identifier, timestamp	Contract (feature) + moderation rules
Newsletter	email, status	Consent
Service notifications (security, account)	email	Contract or legitimate interest (as applicable)
Security, fraud prevention and moderation	IP, user-agent, events	Legitimate interest (securing the service)
Legal obligations (if applicable)	necessary elements	Legal obligation

Mandatory nature of data.

Data required for account creation/management are mandatory to provide the service.
Profile data marked as “optional” are not mandatory.
Newsletter consent is free: refusal does not prevent use of the Site outside the newsletter.

5. Data recipients

Data are accessible:

to authorized members of the PromethEUs team (access limited by roles and needs),
to providers strictly necessary for operating the Site, acting as processors or independent controllers depending on the case.

Technical providers (examples)

Hosting / email: IONOS (France).
Site security / protection: Cloudflare (depending on configuration).
Mapping / third-party content: external services (tiles, APIs, video players) that may receive technical data (IP, user-agent).

PromethEUs does not sell your personal data.

6. Transfers outside the European Union

Some third-party services (e.g. online fonts, CDNs, embedded videos) may result in access to technical data (including IP address) by entities located outside the EU.

When transfers outside the EU exist, PromethEUs implements appropriate safeguards provided by the GDPR (e.g. standard contractual clauses) and seeks to limit such transfers when possible (e.g. self-hosting resources).

7. Retention periods

PromethEUs keeps data only for as long as necessary for the purposes pursued.

Account: as long as the account is active; deletion/anonymization when the account is closed.
Inactivity: a cleanup policy for inactive accounts is planned (target: 180 days of inactivity).
Deletion: after a deletion request, a technical grace period may apply (target: 30 days) before final purge/anonymization.
Newsletter: until consent is withdrawn (unsubscribe); minimal technical evidence of withdrawal may be retained if necessary.
Security/anti-abuse: short retention limited to incident handling (target: <= 30 days), unless required otherwise (disputes, attacks, legal obligations).
Backups: limited retention (target: <= 30 days), with progressive overwrite.

The targets above must match the settings actually in place. In case of divergence, actual practice prevails and this policy must be updated.

8. Cookies and similar technologies

The Site primarily uses strictly necessary cookies (e.g. session cookie) for operation and security.

8.1 Strictly necessary cookies

These cookies do not require prior consent (operation/security). Example:

Session cookie (e.g. PHPSESSID): session maintenance/authentication, “session” or short duration.

8.2 Non-essential cookies

PromethEUs does not implement advertising or audience measurement cookies to date.

If non-essential cookies are added later, a compliant consent mechanism will be deployed (with refusal as easy as acceptance).

9. Security

PromethEUs implements appropriate technical and organizational measures, including:

access control (roles),
anti-abuse protection (anti-bruteforce/anti-spam),
logging of sensitive actions,
backups and restoration procedures.

10. Your rights

In accordance with the GDPR, you have the following rights: access, rectification, erasure, restriction, objection, portability (under the conditions provided by law).

Exercise of rights: contact@prometheus-euro.eu (subject: “GDPR — Exercise of rights”).

PromethEUs may request additional information to verify your identity before processing a request.

A response is provided within GDPR time limits (typically 1 month, extendable in certain cases).

11. Complaint

You may lodge a complaint with the competent supervisory authority, notably the CNIL for France.

12. Policy updates

PromethEUs may update this policy to reflect changes to the Site, its services, or applicable law. The update date appears in the header.

Privacy Policy — PromethEUs