Privacy Policy

Introduction

At Webspain, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services. We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy applies to all visitors, clients, and users of Webspain services. By using our website or services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

We only collect information that is necessary to provide our services and communicate with you:

• Contact Information: Name, email address, phone number, and company name when you contact us or request our services
• Project Information: Details about your project requirements, preferences, and specifications
• Payment Information: Billing address and payment details (processed securely through third-party payment providers)
• Communication Records: Emails, messages, and call notes related to your projects
• Technical Information: Basic server logs for security and performance (IP address, browser type, access times)

We do NOT collect: Tracking cookies, analytics data, behavioral data, or any information beyond what is strictly necessary for service delivery.

No User Tracking

Unlike many websites, we have made a conscious decision NOT to track our visitors:

• We do not use Google Analytics or similar tracking services
• We do not use advertising pixels or cookies
• We do not track your browsing behavior across websites
• We do not build user profiles or behavioral patterns
• We do not use retargeting or remarketing technologies

How We Use Your Information

The information we collect is used exclusively for:

• Responding to your inquiries and providing customer support
• Delivering the services you have contracted
• Processing payments and maintaining billing records
• Sending project updates and service-related communications
• Maintaining and improving our services
• Complying with legal obligations

We will never use your information for unsolicited marketing, sell your data to third parties, or share it outside of what is necessary to deliver our services.

Data Storage & Security

We take appropriate technical and organizational measures to protect your personal data:

• Encryption: All data transmission is encrypted using SSL/TLS
• Secure Storage: Data is stored on secure, encrypted servers in the EU
• Access Controls: Strict access limitations and authentication requirements
• Regular Backups: Daily encrypted backups with secure retention policies
• Security Monitoring: Continuous monitoring for unauthorized access attempts
• Data Minimization: We only retain data for as long as necessary

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We continuously update our security practices to protect your information.

Third-Party Services

To provide our services, we may use trusted third-party providers:

• Hosting Providers: Vercel, AWS, Digital Ocean (for infrastructure)
• Email Services: For transactional emails and communication
• Payment Processors: Secure payment gateways for billing (they maintain their own PCI compliance)
• Development Tools: GitHub, project management platforms (for internal use only)

All third-party services we use are GDPR-compliant and process data only as instructed by us. We have Data Processing Agreements (DPAs) in place with all relevant providers. These services do not have permission to use your data for their own purposes.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at info@webspain.net. We will respond to your request within 30 days as required by GDPR.

Data Deletion & Retention

We believe in your right to control your data:

• You can request deletion of your data at any time
• We will permanently delete your data within 30 days of your request
• Active project data is retained for the duration of service delivery
• Financial records are retained for 7 years as required by Spanish law
• After service termination, client data is retained for 90 days then deleted
• Backups containing your data are also deleted according to our retention schedule

Client Project Data

When we build and host websites or applications for you:

• You retain ownership of all your content and data
• We act as a data processor on your behalf
• Your visitors' data (if applicable) is processed according to YOUR privacy policy
• We implement appropriate security measures for your users
• You are responsible for ensuring your project complies with GDPR
• We can assist with GDPR compliance for your website or application

If your website or application collects user data, you must have your own privacy policy and obtain appropriate consents. We can help you implement these requirements as part of your project.

Cookies & Local Storage

Our website uses minimal, essential functionality only:

• No Tracking Cookies: We do not use cookies for analytics or advertising
• Session Storage: Temporary storage for contact form functionality only
• No Third-Party Cookies: No external tracking scripts or pixels

Since we don't use tracking cookies, you don't need to accept any cookie consent banner on our site. The only data stored locally is temporary and necessary for the website to function (like remembering form inputs before submission).

International Data Transfers

As a Spain-based company, we primarily process data within the European Union:

• All personal data is stored on servers located in the EU
• We use EU-based or GDPR-compliant service providers wherever possible
• Any data transfers outside the EU are protected by appropriate safeguards
• Standard Contractual Clauses (SCCs) are in place for international transfers

Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements:

• We will notify active clients of significant changes via email
• The updated policy will be posted on our website with a new "Last Updated" date
• Continued use of our services after changes constitutes acceptance
• Material changes will be communicated at least 30 days in advance

Data Protection Officer

For questions about data protection, privacy concerns, or to exercise your GDPR rights, please contact:

Email: info@webspain.net
Subject Line: "Data Privacy Request"
Response Time: Within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Contractual Necessity: To fulfill our service agreements with you
• Legitimate Interest: To communicate about services and maintain business relationships
• Legal Obligation: To comply with accounting, tax, and other legal requirements
• Consent: Where explicitly provided for specific purposes

Transparency Commitment

We believe in radical transparency about data practices:

• We will always be clear about what data we collect and why
• We will never use your data in ways you haven't agreed to
• We will promptly notify you of any data breaches
• We will answer your privacy questions honestly and completely

If you have any questions about this policy or our data practices, please don't hesitate to reach out. We're here to help and ensure your privacy is protected.