Privacy policy

Controller

The controller of personal data is the owner identified in the “Controller / service provider details” section above, using the contact details published there.

To exercise your data protection rights, please use the “Email for data protection requests” address.

Purposes, legal basis and retention

Data you provide via the contact form or email will be processed to handle your request, manage any pre-contractual or contractual relationship, and communicate about it.

The legal basis may be performance of pre-contractual/contractual steps (Art. 6(1)(b) GDPR), consent (Art. 6(1)(a)) or legitimate interests (Art. 6(1)(f)), as appropriate.

Data are kept only as long as necessary for those purposes and for statutory retention periods (commercial, tax, liability, etc.).

Recipients and processors

We do not sell your data. Disclosure occurs only where required by law or needed to provide the service (e.g. hosting or email providers), with appropriate GDPR safeguards such as processing agreements where required.

No transfers outside the European Economic Area are planned. If any are introduced later, we will inform you and put in place appropriate safeguards (adequacy decision, standard contractual clauses, etc.).

Your rights

You may exercise rights of access, rectification, erasure, objection, restriction, portability and, where processing is based on consent, withdraw consent, by writing to the data protection email above and proving your identity.

You may lodge a complaint with the Spanish supervisory authority (AEPD) at www.aepd.es if you consider processing infringes the law.

Children

The Site is not directed at children under 14. If you believe we have collected a child’s data without proper parental consent, please contact us so we can delete it.

Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in line with Art. 32 GDPR.