Legal

Privacy Policy

Last updated: June 2026

1. Data Controller

The data controller for ARCH CHALLENGE 2026 is MGM Cape Verde, reachable at info@archchallenge.net. All personal data collected through this website is processed in accordance with the EU General Data Protection Regulation (GDPR) and applicable national legislation.

2. Data We Collect

We collect the following categories of personal data:

  • Registration data: first name, last name, email address, country of residence, profession, university or studio name, registration type (individual or team).
  • Team member data: names, emails and countries of additional team members provided during registration.
  • Payment data: payment status and registration fee amount. We do not store payment card details — payments are handled by third-party processors.
  • Submission data: files uploaded through the participant dashboard.
  • Technical data: session identifiers, IP address, browser type, and access timestamps collected automatically when you use the website.

3. Purposes and Legal Basis

We process your personal data for the following purposes:

  • Competition management (legal basis: contract performance) — to register you as a participant, manage your submission and communicate competition updates.
  • Payment processing (legal basis: contract performance) — to manage registration fees and confirm payment status.
  • Communication (legal basis: legitimate interest) — to send you confirmation emails, important notices and competition-related announcements.
  • Legal obligations (legal basis: legal obligation) — to comply with applicable laws and regulations.
  • Website improvement (legal basis: consent) — analytics cookies, only if you have given explicit consent.

4. Data Retention

Registration and submission data is retained for the duration of the competition and for a period of 3 years thereafter for legal and administrative purposes. Session data is deleted after 7 days of inactivity. If you withdraw your registration, your personal data will be deleted within 30 days, except where retention is required by law.

5. Data Sharing

We do not sell or rent your personal data. We may share data with:

  • Jury members — anonymised submission data only, without identifying participant information.
  • Email service providers — to deliver transactional emails (e.g. Resend). These providers act as data processors under GDPR and are bound by data processing agreements.
  • Cloudflare — for website hosting and content delivery. Data is processed in accordance with Cloudflare's privacy policy.
  • Legal authorities — where required by law or court order.

6. International Transfers

Your data may be processed on servers located outside the European Economic Area (EEA), including in the United States. Where this occurs, we ensure adequate safeguards are in place through Standard Contractual Clauses or other GDPR-compliant mechanisms.

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request correction of inaccurate data.
  • Right to erasure — you may request deletion of your data, subject to legal obligations.
  • Right to restriction — you may request that we restrict processing of your data in certain circumstances.
  • Right to data portability — you may request your data in a structured, machine-readable format.
  • Right to object — you may object to processing based on legitimate interest.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@archchallenge.net. We will respond within 30 days.

8. Cookies

We use cookies and similar technologies on this website. For full details on the types of cookies we use and how to manage your preferences, please refer to our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. Passwords are stored as salted cryptographic hashes and are never stored in plain text. All data in transit is encrypted via HTTPS.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates the most recent revision. We will notify registered participants of material changes by email.

11. Contact

For any privacy-related queries, please contact us at:
MGM Cape Verde — ARCH CHALLENGE
info@archchallenge.net