1. Who We Are
Website: MECi-Trade.com
Data Controller: MECi Trade
Contact: Page
This policy explains how we collect, use, and protect your personal data in compliance with GDPR, CCPA, and Swiss data protection laws.
2. Data We Collect
Comments & User Submissions
- Name, email address, website URL, comment text
- IP address and browser user agent (for spam detection and security)
- Timestamp of submission
- Gravatar profile picture (if you use Gravatar service)
Account Registration
- Email address, username, password (hashed)
- Profile information you voluntarily provide
- Login history and device information
Media Uploads
- File name, upload date, file metadata
- EXIF data (if embedded in images) — we recommend removing location data before uploading
Cookies & Tracking
- Session cookies (authentication)
- Preference cookies (display settings, language)
- Analytics cookies (via [specify: Google Analytics, Matomo, etc.])
- Third-party cookies from embedded content
Automated Data Collection
- Device type, browser type, operating system
- Pages visited, time spent, referral source
- Interaction data with embedded content (videos, forms, etc.)
3. Legal Basis for Processing
We process your data based on:
- Consent: Comments, cookies, media uploads
- Contract: Account registration, service delivery
- Legal Obligation: Tax records, fraud prevention, law enforcement requests
- Legitimate Interest: Spam detection, security, site improvement
You have the right to withdraw consent at any time.
4. How We Use Your Data
| Purpose | Data Used | Retention |
|---|---|---|
| Comment moderation & spam detection | Email, IP, user agent | Indefinitely (unless deleted) |
| Account management | Email, username, profile info | Until account deletion |
| Service improvement & analytics | Anonymized usage data | 12 months |
| Security & fraud prevention | IP address, login history | 90 days |
| Password reset | Email, IP address | During reset process only |
| Marketing communications | Email (with consent only) | Until unsubscribed |
5. Third-Party Data Sharing
We share data with:
- Gravatar (Automattic): Profile picture retrieval — Privacy Policy
- Spam Detection Service: For automated comment filtering
- Analytics Provider: Google Analytics — anonymised usage data
- Embedded Content Providers: YouTube, Vimeo, etc. — direct data collection by third parties
- Law Enforcement: Only when legally required by court order
We do NOT:
- Sell your personal data
- Share data for marketing purposes without consent
- Transfer data outside the EU/Switzerland without appropriate safeguards
6. Cookie Policy
| Cookie Type | Purpose | Duration | Opt-Out |
|---|---|---|---|
| Session (PHPSESSID) | Authentication | Until logout | Browser settings |
| Comment preferences | Name, email, website | 1 year | Clear cookies |
| Login cookies | Persistent authentication | 2 days (14 days if “Remember Me”) | Log out |
| Screen options | Display preferences | 1 year | User settings |
| Post edit tracking | Article ID tracking | 1 day | Automatic |
| Analytics | Usage tracking | 12 months | [Opt-out link] |
Embedded Content Cookies: Third-party providers (YouTube, Vimeo, etc.) may set their own cookies. Review their privacy policies for details.
You can disable cookies in your browser settings, though this may limit functionality.
7. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Comments & metadata | Indefinitely (unless deleted) | Auto-approval of follow-up comments |
| User accounts | Until deletion | Account management |
| Login history | 90 days | Security audit trail |
| Analytics data | 12 months | Performance analysis |
| Password reset logs | 30 days | Security compliance |
| IP addresses (spam detection) | 90 days | Fraud prevention |
You may request deletion of your data at any time, subject to legal retention requirements.
8. Your Privacy Rights
Under GDPR and CCPA, you have the right to:
✓ Access: Request a copy of all personal data we hold about you
✓ Rectification: Correct inaccurate or incomplete data
✓ Erasure: Request deletion of your data (“right to be forgotten”)
✓ Restriction: Limit how we process your data
✓ Portability: Receive your data in a portable format
✓ Objection: Opt-out of marketing, analytics, or profiling
✓ Withdraw Consent: Revoke permission for data processing
✓ Lodge a Complaint: Contact your local data protection authority
To exercise these rights, contact us.
We will respond within 30 days.
9. Data Security
We implement:
- SSL/TLS encryption for data in transit
- Password hashing (bcrypt or equivalent)
- Regular security audits and penetration testing
- Access controls and staff training
- Incident response procedures
However, no system is 100% secure. We cannot guarantee absolute protection against unauthorized access.
10. International Data Transfers
If you are outside the EU/Switzerland, your data may be transferred to our servers in globally. We ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (where applicable)
- Your explicit consent
11. Third-Party Links & Embedded Content
Our Site may contain links to external websites and embedded content (YouTube, Vimeo, etc.). We are not responsible for their privacy practices. Review their privacy policies before interacting.
12. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted here with a revised “Last Updated” date. Material changes may be communicated via email or in-app notification. Continued use constitutes acceptance.
13. Contact Us
Data Protection Authority (for complaints): Swiss DPA
By using this Site, you acknowledge you have read and understood this Privacy Policy.