Privacy Policy (GDPR)

1. Data Controller

My Tech Plan, S.L. (hereinafter, "My Tech Plan")

• Tax ID (NIF): B72963432
• Address: C/ Hermosilla nº 48, Esc. Derecha, Planta 1, 28001, Madrid (Spain)
• Website: mytechplan.com
• Contact email: hola@mytechplan.com
• Privacy email: rgpd@mytechplan.com
• Phone: +34 600 579 356

2. Scope

This policy applies to browsing and forms on mytechplan.com, as well as to services, programs, and events managed by My Tech Plan and related communications.

Certain events or projects may include specific data processing (for example, sharing data with sponsors/partners or co-organizers for their own purposes). In such cases, My Tech Plan may publish an annex or specific policy applicable to the event/project.

3. Personal Data We Process

Depending on the case, My Tech Plan may process the following categories of data:

3.1 Identification and contact

Name, surname, email, and phone number (when provided, and whenever necessary for the stated purpose).

3.2 Professional data

Role/position, company, years of experience, and other professional information voluntarily provided by the data subject through forms or registration processes.

3.3 Registration, attendance, and event operations data

Registration/ticket identifier, attendance status (e.g., check-in), and metadata necessary for the operational management of the service/event.

3.4 Billing data

Tax and billing data necessary for the issuance and management of invoices. Billing is managed through FactuPro as the invoicing system. When applicable, My Tech Plan will adopt the compliance measures associated with Computerized Invoicing Systems (SIF) and VERI*FACTU, in accordance with current tax regulations.

3.5 Payment data

Payment transactions related to ticket purchases and/or services are processed through Shopify, including Shopify Payments when enabled, and, where applicable, through payment service providers such as Stripe and/or PayPal. In these cases, certain identifying and transactional data may be processed and communicated to said providers for the sole purpose of executing the payment, managing refunds/chargebacks, and preventing fraud, in accordance with each provider's own terms and policies.

3.6 Image and voice (if applicable)

In the context of certain events, My Tech Plan may take photographs and audiovisual recordings (image and, where applicable, voice) for documentation and communication purposes (for example, website, social media, and corporate materials). As a general rule, wide-angle shots of the event will be prioritized.

In the case of interviews, testimonials, or pieces in which the person is the main and identifiable subject, participation will be voluntary, and authorization will be deemed to exist when the person expressly agrees to participate (for example, by agreeing to answer questions and allowing the placement of the microphone and/or recording), after being informed that the content may be distributed through corporate channels.

The person may at any time request the interruption of the recording, ask that a specific fragment not be published, or withdraw their authorization subsequently, by writing to rgpd@mytechplan.com, and My Tech Plan will address the request to the extent technically possible and in accordance with applicable regulations.

3.7 Technical data

IP address, logs, and browsing data associated with the use of the website and its cookies/equivalent technologies (see Cookie Policy).

3.8 Special categories of data (Art. 9 GDPR)

Special categories of data are particularly sensitive data (for example, health, ideology, religion, trade union membership, sexual orientation, or biometric/genetic data). My Tech Plan does not, as a general rule, request or process this type of data. If in any specific case it were necessary (e.g., accessibility), specific information will be provided and the corresponding safeguards and legal basis will be applied.

4. Purposes, Legal Bases, and Retention

4.1 Service provision, registration management, and support

Purpose: managing requests, registrations, provision of services/programs/events, operational communications (confirmations, changes, logistical information), and user/client support.

Legal basis: performance of a contract / pre-contractual measures.

Retention: during the provision of the service and, subsequently, up to 24 months for support, incidents, and claims management, unless a longer legal period applies.

4.2 Billing, accounting, and tax compliance

Purpose: issuance, management, and retention of invoices; accounting; compliance with tax obligations and attention to authority requirements.

Legal basis: legal obligation.

Retention: in accordance with applicable regulations (tax/accounting periods). Billing is managed through FactuPro and, where applicable, in compliance with Computerized Invoicing Systems (SIF) and VERI*FACTU requirements.

4.3 Payment management and fraud prevention

Purpose: processing payments, managing refunds/chargebacks, and applying fraud prevention controls associated with the transaction.

Legal basis: performance of a contract and, where applicable, legitimate interest in transaction security and fraud prevention.

Retention: for the time necessary for transaction management, refunds, and claims, and the periods required by applicable regulations and payment method rules.

4.4 Commercial communications from My Tech Plan

Purpose: sending communications about My Tech Plan's events, programs, services, and solutions.

Legal basis: consent. As an exception, when there is a prior contractual relationship involving similar products/services, My Tech Plan may send communications as permitted by applicable regulations, always offering a simple and free unsubscribe mechanism.

Retention: until withdrawal of consent or objection / unsubscription.

4.5 Co-organized events or events executed for clients (partners/co-organizers)

In certain projects, My Tech Plan may act as organizer and/or provider for clients/partners/co-organizers.

Purpose: coordination of the event/project (operations, accreditation, access, logistics, security, and event communications).

Legal basis: performance of a contract / legitimate organizational interest, as applicable to each project.

Retention: during the execution of the project and, subsequently, for the time necessary for support, incidents, and claims.

Note: if the event includes data processing for third-party purposes (for example, sharing data with sponsors for hiring/commercial contact), Annex I or the event-specific policy will apply, with its corresponding legal basis and conditions.

4.6 Image and audiovisual (if applicable)

Purpose: documentation and communication of the event (e.g., photographs and video summary).

Legal basis: legitimate interest for general event images (wide-angle shots) and, when the person is the main and identifiable subject (interviews/testimonials), consent where applicable.

Retention: while the material is relevant for corporate communication, with periodic reviews, without prejudice to objection/withdrawal requests where applicable.

5. Recipients

5.1 Service providers (data processors)

My Tech Plan may disclose personal data to providers that deliver services necessary for business operations (for example, web hosting, communication tools, ticketing/attendee registration, support, analytics, billing, and payment gateways). Such providers will process data following My Tech Plan's instructions and under the corresponding data processing agreements.

For ticketing/registration purposes, My Tech Plan may use third-party platforms (for example, Eventbrite or Shopify and associated extensions), depending on the specific event or service. For billing purposes, My Tech Plan uses FactuPro.

5.2 Payment providers

For the processing of payments, refunds, and chargebacks, My Tech Plan may use payment service providers (for example, Shopify Payments and, where applicable, Stripe and/or PayPal). These providers may process the data necessary for payment execution and fraud prevention, in accordance with their own terms and policies.

5.3 Clients, partners, and co-organizers

In co-organized projects or events, or events executed for third parties, the client/partner/co-organizer may receive the strictly necessary data for the operational management of the event (for example, accreditation, access, logistics, or security), as controller or under the applicable model for each project.

When the event includes data processing for third-party purposes (for example, sharing data with sponsors/partners for commercial or recruitment purposes), specific information will be provided through Annex I or the event-specific policy, including recipients, legal basis, and conditions.

5.4 Authorities and third parties by legal obligation

My Tech Plan may disclose data to Public Administrations, competent authorities, courts, and tribunals when there is a legal obligation or valid requirement.

6. International Transfers

If My Tech Plan uses providers or infrastructure involving the processing of data outside the European Economic Area (EEA), My Tech Plan will apply the appropriate safeguards provided for in data protection regulations to ensure an equivalent level of protection, such as European Commission adequacy decisions or the execution of Standard Contractual Clauses or other legally admitted mechanisms.

When required, My Tech Plan may implement supplementary measures to strengthen the security of the processing and will assess, where applicable, the conditions of the transfer in accordance with applicable regulations.

7. Rights

Data subjects may exercise the following data protection rights: access, rectification, erasure, objection, restriction of processing, portability, and withdrawal of consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

To exercise these rights, the data subject may contact My Tech Plan at rgpd@mytechplan.com, indicating the right they wish to exercise and providing the necessary information to identify their request. My Tech Plan may request additional documentation to verify identity when necessary and to protect the security of the processing.

Additionally, the data subject may file a complaint with the Spanish Data Protection Agency (AEPD) if they consider that their rights have not been adequately addressed.

8. Security

My Tech Plan applies reasonable technical and organizational measures to ensure a level of security appropriate to the risk and to protect personal data against destruction, loss, alteration, unauthorized disclosure, or access.

Among others, these measures may include: access controls and permissions, encryption of communications (TLS), backups, incident management, and internal procedures aimed at confidentiality and integrity of information.

In the event of a security incident affecting personal data, My Tech Plan will act in accordance with applicable regulations, including, where appropriate, notification to the supervisory authority and/or the affected persons.

9. Minors

My Tech Plan's services, programs, and events are not directed at minors under 14 years of age. Therefore, personal data from minors under that age is not knowingly collected.

If My Tech Plan detects or becomes aware that personal data from a minor under 14 has been provided without the corresponding authorization, it will proceed with its deletion as soon as possible and may request additional information to verify the situation.

10. Cookies

My Tech Plan uses cookies and similar technologies that may collect and store information about the use of the website. Consent is requested through a banner when accessing the website.

Necessary Cookies

Essential for the site to function. No consent required.

Analytics Cookies

Help us understand how the site is used. Only activated with explicit consent.

Marketing Cookies

Allow us to show personalized content. Only activated with explicit consent.

Third-Party Services

The site uses the following services that may set their own cookies:

• Google Tag Manager: management of analytics and marketing scripts.
• Google reCAPTCHA Enterprise: spam protection for forms. May set session cookies to verify user interaction.

Managing Cookies

You can modify your preferences at any time by clicking "Manage Cookies" in the site footer, or by configuring your browser to block or delete cookies.

11. Changes

My Tech Plan may update this Privacy Policy to reflect legal, technical, or operational changes, as well as to adapt its content to new services or processing activities.

The current version will always be available on the website and will include the date of last update. In case of substantial changes, My Tech Plan may additionally communicate them through the usual channels when reasonable or required.

12. Automated Decisions and Profiling

My Tech Plan does not make automated decisions that produce legal effects for the data subject, nor does it carry out profiling with significant effects as defined by data protection regulations. Should such processing activities be incorporated, specific and prior information will be provided.

1. Data Controller

My Tech Plan, S.L. (see full details in the General Privacy Policy).

Privacy contact: rgpd@mytechplan.com

2. Data Processed in the Context of the Event

The following data may be processed during registration and attendance at the GenAI Summit EU:

• First and last name
• Email
• Role/position
• Company
• Years of experience
• Phone number (optional; for last-minute logistical incidents and communications)
• Ticket/registration identifier and attendance status (check-in)

3. Purposes and Legal Basis

3.1 Event management (mandatory)

Purpose: registration, accreditation, access control, operational communications (confirmations, changes, agenda, logistical information), and attendee support.

Legal basis: performance of a contract / pre-contractual measures.

3.2 Communication of attendee list to sponsors and partners (optional)

Purpose: to allow certain sponsors and partners to contact attendees, by email, for professional purposes (for example, talent/hiring) and/or commercial purposes related to the event.

Legal basis: attendee consent, granted through express acceptance of this Annex when applicable.

4. Recipients: Sponsors and Partners

When consent has been given, My Tech Plan will communicate a standardized attendee list (Excel/CSV) to GenAI Summit EU sponsors and partners included in the Silver, Gold, and Platinum categories.

Data included in the list: first name, last name, email, role, company, years of experience, and phone number only if provided by the attendee.

Inclusion criteria: the list will include those who attended the event and gave the corresponding consent.

Final list of entities: the final list of sponsors and partners will be publicly available and published before the event starts on official channels (including the event website) and, where applicable, through informational email communications.

Role of third parties: sponsors and partners receiving the data will generally act as independent data controllers, using the data for their own purposes and fulfilling data subject rights.

5. Retention Periods

• My Tech Plan: retains proof of consent and traceability for 5 years.
• Sponsors/partners: may process the data for a maximum of 12 months from receipt, unless required otherwise by law or upon exercise of data subject rights.

6. Image, Video, and Streaming (Event Extras)

During the event, image/video capture may take place for documentation and communication purposes (photographs and event video summaries).

In the case of interviews, testimonials, or pieces in which the person is the main and identifiable subject, participation will be voluntary, and authorization will be deemed to exist when the person expressly agrees to participate (for example, by agreeing to answer questions and allowing the placement of the microphone and/or recording), after being informed that the content may be distributed through corporate channels.

The person may at any time request the interruption of the recording, ask that a specific fragment not be published, or withdraw their authorization subsequently, by writing to rgpd@mytechplan.com, and My Tech Plan will address the request to the extent technically possible and in accordance with applicable regulations.

Streaming (if applicable) will be designed to avoid making individual attendees the main identifiable subject.

7. Withdrawal of Consent and Erasure

You may withdraw your consent and request erasure by writing to rgpd@mytechplan.com.

If your data has already been communicated to sponsors/partners, My Tech Plan may forward your request to those entities. You may also exercise your rights directly with each sponsor/partner as an independent data controller.

8. Acceptance in Forms (Shopify / Event Ticketing)

The form/checkout displays, at most, the following checkboxes:

• Mandatory: "I have read and understand the Privacy Policy of My Tech Plan".
• Optional (GenAI Summit EU): "I have read and accept Annex I — GenAI Summit EU".

9. Complaint

Supervisory authority: Spanish Data Protection Agency (AEPD).