Privacy Policy

This Privacy Policy explains how darkpsychology.eu collects, uses, stores, and protects the personal data of users who visit the site, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, “GDPR”) and Spanish Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

1. Data Controller

  • Controller: Octavio Ortega Esteban
  • NIF: 03892442Z
  • Address: Calle Concilios de Toledo, 2 portal 7, 4B, Toledo, Spain
  • Contact email for data protection matters: octavio@kerchak.com

A Data Protection Officer (DPO) has not been appointed because this site does not meet the criteria of Article 37 GDPR that would require one.

2. What data we collect and why

darkpsychology.eu is a personal blog with no user registration or commercial transactions. The data we may process is limited and described below.

2.1 Comments on articles

If you leave a comment on an article, we collect:

  • The data you enter in the form (name or pseudonym, email, optional website)
  • Your IP address
  • The User-Agent string of your browser
  • Date and time of the comment

Purpose: to publish your comment, allow basic moderation, and prevent spam. Legal basis: your express consent (Art. 6.1.a GDPR), provided when you submit the comment. Retention: as long as the comment remains published. If you request deletion, we will remove your comment within thirty (30) days.

2.2 Direct contact via email

If you write to us at octavio@kerchak.com, we receive your email address and the content of the message.

Purpose: to respond to your request. Legal basis: your consent (Art. 6.1.a GDPR) and the legitimate interest in responding to communications received (Art. 6.1.f GDPR). Retention: for the time necessary to handle your request, plus a reasonable period for documentary purposes (maximum two years), unless legal obligations require longer retention.

2.3 Browsing data and cookies

When you visit the site, technical data are automatically generated, including IP address, type of browser, operating system, pages visited, and time on site. This data is processed in line with our Cookie Policy (see specific document).

Purpose: site security, basic statistics, and technical functioning. Legal basis: legitimate interest in operating the site safely (Art. 6.1.f GDPR) for strictly technical data, and your express consent for analytics or non-essential cookies (Art. 6.1.a GDPR).

2.4 Server logs

Our hosting provider keeps technical access logs (IP addresses, dates, requested URLs) for security and incident-resolution purposes.

Purpose: site security, fraud prevention, debugging. Legal basis: legitimate interest (Art. 6.1.f GDPR). Retention: in accordance with the hosting provider’s policies (typically 30 to 90 days).

3. We do not collect special category data

This site does not request, collect, or process special category personal data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life, or sexual orientation), as defined in Article 9 GDPR.

If, in a comment or message, you voluntarily share information of this kind, we recommend that you do not do so. We will not use it beyond what is strictly necessary to address your specific case, and we will delete it as soon as possible.

4. Data recipients (data sharing)

We do not sell, rent, or assign your personal data to third parties for commercial purposes.

Your data may be processed by the following service providers, who act as data processors under Article 28 GDPR:

  • Hosting provider Cloudi NextGen S.L. — to store the website and its data.
  • Email service provider Gmail — to receive and respond to your communications.

These providers process the data only on our instructions and in accordance with the GDPR.

5. International data transfers

Some service providers may be based outside the European Economic Area (EEA) — for example, in the United States. In such cases, we ensure that transfers are subject to appropriate safeguards under Chapter V GDPR, including:

  • Standard Contractual Clauses (SCC) approved by the European Commission, or
  • EU-U.S. Data Privacy Framework for certified providers, or
  • Other transfer mechanisms recognised by the GDPR.

If you wish to know which specific providers handle your data and the legal basis for any international transfer, please contact us at octavio@kerchak.com.

6. Retention periods

We keep your personal data for the time strictly necessary for the purposes for which they were collected and to comply with legal obligations. The specific retention periods are indicated in section 2 of this policy.

When data are no longer necessary, we delete them or anonymise them irreversibly.

7. Your rights under the GDPR

You have the following rights over your personal data:

  • Right of access (Art. 15 GDPR): to know what data we hold about you.
  • Right to rectification (Art. 16 GDPR): to correct inaccurate or incomplete data.
  • Right to erasure / “right to be forgotten” (Art. 17 GDPR): to request deletion of your data when no legal cause justifies retention.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR), particularly to processing based on legitimate interest.
  • Right not to be subject to automated decisions (Art. 22 GDPR). This site does not perform automated decision-making or profiling.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, write to octavio@kerchak.com specifying:

  • The right you wish to exercise
  • A copy of an identification document (DNI, passport, etc.) to verify your identity
  • A clear and concise description of your request

We will respond within thirty (30) days, extendable by sixty (60) additional days in complex cases (we will inform you accordingly if so).

8. Right to lodge a complaint

If you believe that your rights have been violated or that we have not handled your request properly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

  • Website: https://www.aepd.es
  • Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
  • Phone: +34 901 100 099 / +34 91 266 35 17

If you reside in another EU Member State, you may also contact your national supervisory authority.

9. Security measures

We apply technical and organisational measures appropriate to the risk of processing, including:

  • HTTPS encryption across the site
  • Strong access passwords and two-factor authentication on critical accounts
  • Periodic backups
  • WordPress and plugin updates
  • Spam and intrusion-prevention filters

No system is 100% secure. In the event of a personal data breach affecting your rights, we will notify you in accordance with Articles 33 and 34 GDPR.

10. Children

This site is not directed to children under the age of 14 (the age of valid consent for digital services in Spain, in accordance with Article 7 LOPDGDD). We do not knowingly collect data from minors. If a parent or guardian becomes aware that their child has provided data on this site, they may write to octavio@kerchak.com requesting deletion.

11. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or editorial changes. The current version, with its publication date, will always be available on this page. Substantial changes will be communicated through a notice on the site.

Last updated: 27 April, 2026