Privacy Policy

1. Data controller

Siretic.com (the “Website”) is owned and operated by Sergi Domínguez del Río, who acts as the Data Controller for personal data processed via this Website. Mr. Domínguez del Río is a sole proprietor based in Girona, Spain. For any privacy-related inquiries or requests, you can contact him at hello@siretic.com. There is no separate Data Protection Officer; the Data Controller can be reached directly at the contact email for all data protection matters.

2. Data collected

We only collect personal data that is necessary for the purposes described in this Policy. This includes:
‍
• Contact Information: When you book a call or meeting through our scheduling tool (Koalendar, powered by Calendly), we collect your name and email address (and phone number if you voluntarily provide it, e.g. if phone contact becomes available in the future) . This information is provided directly by you when scheduling a call. We do not use any general contact forms on the site; if you wish to reach out outside of scheduling a call, you may do so via the contact email provided.
• Payment Information: If you choose to purchase our services or plans (for example, via the “Get started”/payment process on our site), payment details will be handled by our payment processor Stripe. This may include your credit card number, billing name and address, and other payment-related details. We do not store your full payment card information on our servers – it is processed securely by Stripe. We may receive limited information from Stripe (such as your name, email, and confirmation of payment) to record the transaction and provision the service.
• Usage and Analytics Data: When you visit and interact with our Website, we automatically collect certain technical and usage data via cookies and similar tracking technologies. This data may include your IP address, browser type, device information, pages viewed, the date/time of visits, and click-stream data. These analytics data help us understand how the Website is used and include information gathered through third-party analytics tools (described below). Where possible, IP anonymization and other privacy measures are applied in these analytics.
• Cookies and Online Identifiers: We use cookies and similar technologies to facilitate site functionality, analyze traffic, and enable third-party services (detailed in the “Cookies” section below). Some cookies may uniquely identify your browser or device (e.g. a randomly assigned ID) but do not directly identify you as a named individual.
• Other Data You Provide: If you contact us by email or other means, we will collect whatever personal data you choose to provide in that communication (such as your email address and the contents of your message). We will use this data to respond to your inquiry. We do not solicit or intentionally collect any sensitive personal data (such as racial or ethnic origin, political opinions, health information, etc.), and we ask that you do not send us such information. We also do not knowingly collect any personal data from children under the age of 16 (see Legal Compliance below regarding minors).

3. Purpose and legal basis

We process personal data only for specific, explicit, and legitimate purposes, and in compliance with the EU General Data Protection Regulation (GDPR) and applicable laws. For each processing activity, we rely on an appropriate legal basis under Article 6 GDPR, as described here:
‍
• Providing Our Services (Scheduling and Communication): We use your contact information (name, email, and phone if provided) to schedule and hold consultation calls or meetings that you have requested, and to communicate with you regarding your booking or inquiries. This is done to fulfill your request and our legitimate interest in providing the service. The legal basis for processing this data is legitimate interest (to respond to prospective clients and manage appointments) and/or contractual necessity (if the call or meeting is in preparation for providing a service or quote) under GDPR Art. 6(1)(b) and 6(1)(f). We only use your contact details to communicate about the specific purpose for which you provided them (e.g. arranging the call or responding to your questions). We will not add you to any mailing list or send unsolicited marketing emails just because you scheduled a call.
• Processing Payments: If you purchase a service or subscription, we process your personal data as necessary to complete the transaction and provide you with the paid services. This includes using payment information via Stripe to charge your card and using your contact information to issue receipts or invoices. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR) – we must process these details to fulfill our agreement with you – as well as our legitimate interest in preventing fraud and ensuring secure payments (Art. 6(1)(f) GDPR). For example, Stripe may employ fraud prevention measures (like device identification cookies) to protect your transaction .
• Analytics and Site Improvement: We use analytics data (collected via cookies and third-party tools like Google Analytics 4, Microsoft Clarity, Bing Analytics, and Mixpanel) to understand how users navigate and use our Website, so we can improve functionality, content, and user experience. For instance, we analyze aggregate metrics such as page visit counts, time spent on pages, button clicks, and other user interactions. Wherever possible, this data is analyzed in an anonymized or aggregated form. The legal basis for processing analytics data is your consent and our legitimate interests. Specifically, non-essential analytics cookies will only be deployed with your consent obtained through our cookie consent banner (per Art. 6(1)(a) GDPR and ePrivacy Directive requirements). At the same time, we have a legitimate interest (Art. 6(1)(f) GDPR) in analyzing usage of our site to improve our services and fix issues. We balance this interest with your rights and freedoms, and we do not collect more data than necessary for this purpose. You have the option to refuse or withdraw consent for analytics cookies at any time, as explained in the Cookies section.
• Service Performance and Security: We may process certain data to monitor the performance of our Website, ensure security, and debug or troubleshoot technical issues. This includes data like server logs and the use of performance cookies (e.g. to measure loading times or error rates). The legal basis for such processing is our legitimate interest in maintaining a reliable and secure service (Art. 6(1)(f) GDPR). Some strictly necessary data processing (like loading basic site scripts or security measures) is done under the exemption for necessary cookies and does not require consent.
• Legal Obligations: Where we are required by law to process or retain certain data, we will do so. For example, financial records of transactions may be kept for tax and accounting purposes (GDPR Art. 6(1)(c), compliance with a legal obligation). If we are required to disclose data in response to lawful requests by public authorities (e.g. for law enforcement or regulatory requirements), we will only do so after verifying the request and only to the extent required by law.
• Other Purposes with Consent: If we ever need to process your personal data for a new purpose not listed here, we will only do so after informing you and, if required, obtaining your consent. We do not sell your personal data or use it for any kind of automated decision-making or profiling that has legal or significant effects on you.

4. Third-Party services

In operating our Website, we rely on a few trusted third-party service providers to perform certain functions. These third parties may have access to some of your personal data solely for the purposes of performing these tasks on our behalf, and we have agreements in place to ensure they protect your data in line with GDPR. We do not share or disclose your data to unrelated third parties for their own marketing or purposes. The external services we use include:
‍
• Google Analytics 4 (Google Ireland Limited): We use Google Analytics 4 to collect anonymized statistical data about how visitors use our site. Google Analytics uses cookies to generate reports on website traffic, user interactions, and aggregated usage patterns. We have configured Google Analytics 4 in compliance with GDPR (including enabling IP anonymization). Google acts as our data processor for these analytics data. Google may process some data on servers outside the EU, but Google Analytics 4 provides options to keep European data in the EU and Google has committed to GDPR compliance and uses Standard Contractual Clauses for any transfers. For more details, see Google’s Privacy Policy. You can opt out of Google Analytics by not giving consent to analytics cookies or using Google’s opt-out tools.
• Microsoft Clarity and Microsoft Bing Analytics (Microsoft Corporation): We utilize Microsoft Clarity, which is a user behavior analytics tool, to understand how users interact with our pages (e.g. where they click or scroll). Clarity may set cookies (e.g. CLID, SM, ANONCHK) to collect information on user interactions and session details for analytical reporting. We also use the Microsoft Bing/UET analytics which sets cookies like MUID and MR to track website visits and advertising performance. These Microsoft services help us analyze traffic sources and may also assist in measuring the effectiveness of any Microsoft Ads campaigns we run. The data collected through Clarity and Bing is used in aggregate to improve our site and marketing. Microsoft may process data globally, but as our processor they are bound by EU standard data protection clauses. You can refuse these analytics cookies via our cookie consent banner.
• Mixpanel (Mixpanel, Inc.): Mixpanel is an analytics service that tracks user events and behaviors within the site (for example, button clicks or navigation flows) to help us improve user experience. Mixpanel cookies (often named with the prefix mp_ plus an identifier) are used to distinguish users and analyze usage trends. The information Mixpanel collects is pseudonymous (it does not include your name or contact info, but rather device and activity data). Mixpanel’s data is stored on servers within the EU when possible, and Mixpanel complies with GDPR requirements as a data processor. You can opt out of Mixpanel tracking by declining analytics cookies.
• Stripe (Stripe Payments Europe, Ltd.): We use Stripe to handle online payments for any purchases or subscriptions on Siretic.com. When you enter your payment details, you are interacting directly with Stripe’s secure platform. Stripe may collect and process your payment card information, billing address, and other identifiers (like your IP address and a device fingerprint for fraud prevention). Stripe sets certain cookies such as m on our site for fraud detection and prevention purposes – for example, to recognize if the same device has been used in fraudulent transactions on other sites. These cookies are categorized as Necessary and help protect both you and us during transactions. Stripe is a PCI-DSS compliant payment provider. Personal data processed by Stripe for payments may include transfers outside the EU (e.g., to the U.S.), but Stripe’s European entity and its Data Processing Addendum include safeguards like Standard Contractual Clauses to protect your data . We only receive the outcome of the payment (success or failure) and necessary details to fulfill the order (such as your name, email, and what was purchased).
• Koalendar/Calendly (Koalendar powered by Calendly, Inc.): For scheduling calls and meetings, our site uses an embedded Calendly service (through Koalendar) which allows you to pick a time slot and enter your contact details. When you use this tool, Calendly (Koalendar) will collect the data you input (name, email, and any other info requested on the booking form) and share it with us to schedule the meeting. Calendly may send you automated emails (e.g. confirmations and reminders for the meeting) on our behalf. Calendly also uses functional cookies like _cfuvid (a Cloudflare cookie) to maintain your session and form state, which is necessary for the scheduling process. The information you submit is stored by Calendly on our behalf; we have access to it to manage our appointments. Calendly is a US-based service, but data for EU users is typically stored in the EU and Calendly has committed to GDPR compliance and uses Standard Contractual Clauses for any necessary international transfers.
• Microsoft Advertising (Bing Ads) Conversion Tracking: In addition to analytics, we use Microsoft Advertising (formerly Bing Ads) UET tracking to understand the effectiveness of any advertising we conduct on the Bing network. This places a cookie named SRM_B (and possibly others) that serves as a unique ID for visitors, helping us measure ad conversions or retarget visitors with relevant ads. This is categorized under Performance/Advertising cookies. The data collected (e.g. that you visited our site and which pages) may be used by Microsoft to help optimize our ads that you might see on Bing or partner sites. We do not see personal identities from this – only aggregated ad performance reports. Microsoft handles this data under their privacy policy and as per GDPR requirements. You can opt out by refusing the “Performance” or “Advertising” cookies in our banner.

Each of these third-party services processes data only for the purposes we’ve described, and we do not allow them to use your data for any unrelated purpose. We have Data Processing Agreements in place where applicable. For more details on how these third parties handle personal data, you may refer to their privacy policies (e.g. Google Privacy Policy, Microsoft Privacy Statement, Mixpanel Privacy Policy, Stripe Privacy Policy, Calendly Privacy Policy). We ensure that all third-party processors we use are GDPR-compliant. If any of these providers transfer personal data outside the EEA (for example, to the United States), we ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or that the provider is part of a scheme recognized by the EU as adequate for data protection.

5. Data transfers

Location of Processing: Your personal data is principally processed and stored in the European Union. We do not intentionally transfer or store personal data outside the European Economic Area (EEA) in the regular course of business. Our servers and our primary operations are based in the EU.
‍
Third-Party International Transfers: Some of our above-mentioned service providers (such as Google, Microsoft, Mixpanel, Stripe, Calendly) are international companies. This means the data they process on our behalf might be transferred to or accessible from jurisdictions outside the EEA (for example, the United States). In all such cases, we have ensured that adequate safeguards are in place to protect your data. These safeguards include, as applicable, the use of Standard Contractual Clauses (SCCs) as approved by the European Commission, and compliance with any other requirements under GDPR for international transfers. Our providers are contractually bound to uphold EU privacy standards.
‍
We will not transfer your personal data to any third country or international organization unless such transfer is permitted under GDPR. This means either the European Commission has decided that the destination country ensures an adequate level of protection, or the transfer is governed by appropriate safeguards (such as SCCs) or a GDPR derogation applies. If you have questions about where your data is stored or transferred, feel free to contact us.

6. Data retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or justified by law or our legitimate business needs. In practice:
‍
• Contact and Scheduling Data: If you book a call or contact us but do not become a client, we may retain your contact information and any notes from our interaction for an indefinite period unless you request deletion. We keep this data to have a record of communications and to follow up on inquiries as needed. However, you have the right to ask for this data to be erased at any time (see User Rights below), and we will honor such requests.
• Client Data and Transaction Records: If you become a client or make a purchase, we will retain your personal data for as long as you are a customer and thereafter as required for our accounting, legal, or contractual obligations. For example, invoices and payment records may be kept for the legally required duration (e.g. up to 5-10 years under tax laws in Spain) and for our financial record-keeping.
• Analytics Data: Analytics and cookie data are retained according to the schedules of our analytics providers. For instance, Google Analytics data may be retained for 14 months (or a duration we configure) and then automatically deleted or anonymized. Mixpanel data retention is also limited per our settings. We don’t personally identify users in our analytics data, and we generally view it in aggregate form.
• Cookies: Cookie lifetimes vary (see the Cookies section for specifics on duration). Non-essential cookies will not be set or will be purged if you withdraw consent. You can also clear cookies from your browser at any time, which deletes the data they contain.
• Backup and Archives: Please note that residual copies of your data might remain in backup systems for a short period even after deletion, but we have processes to ensure backups are eventually purged or overwritten in the normal cycle. We do not use backup data except for genuine disaster recovery purposes.

In summary, we do not impose a fixed expiration date on the personal data we hold; instead, we periodically review the data we store. If we determine that data we hold is no longer necessary for any purpose and we are not legally obliged to keep it, we will either securely delete it or anonymize it. If you request deletion of your data, we will promptly remove or anonymize the data (subject to any legal requirements to retain certain information).

7. User rights

As an individual in the EU (data subject), you have specific rights under GDPR regarding your personal data. We are committed to upholding these rights and facilitating your exercise of them. Your principal rights are as follows:
‍
• Right of Access: You have the right to request confirmation of whether we are processing your personal data and, if so, access to that personal data. This includes the right to receive a copy of the personal data we hold about you, as well as information about how and why we process it.
• Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete . If you realize that any information we hold about you (such as your name or email address) is incorrect or out-of-date, please contact us and we will update it.
• Right to Erasure: You have the right to request deletion of your personal data in certain circumstances . This “right to be forgotten” applies, for example, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and we have no other legal basis to continue processing. We will honor valid erasure requests and also notify any third-party processors to delete your data, provided we are not required by law to retain it.
• Right to Restrict Processing: You have the right to request that we limit the processing of your data under certain conditions . For instance, if you contest the accuracy of the data or have objected to processing (see below), you can ask that we restrict processing while your request is being resolved. During restriction, we will still store your data but not use it.
• Right to Object: You have the right to object to our processing of your personal data at any time if the processing is based on our legitimate interests . If you object, we must stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights and interests or if processing is required for legal claims. Importantly, you have an unconditional right to object to your data being used for direct marketing purposes. (Note: We currently do not send marketing communications without consent, but if we ever do, you can opt-out easily.)
• Right to Data Portability: For data you have provided to us and which we process by automated means based on your consent or on a contract, you have the right to obtain that data in a structured, commonly used, machine-readable format . You also have the right to request that we transmit that data to another controller if technically feasible. In plain terms, this allows you to reuse your data across different services. (For example, if in the future we had a user account system, you could request an export of your profile info.)
• Right to Withdraw Consent: Where we rely on your consent to process data (e.g. for non-essential cookies or a hypothetical newsletter), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the processing that was based on consent. Withdrawal of consent will not affect the lawfulness of processing already carried out before the withdrawal. For example, if you gave consent to analytics cookies but later opt-out, we will stop collecting new analytics data from you, but it won’t erase data already collected (though you can request we delete that too). You can manage your cookie consent preferences via our Cookies settings (see below).
• Right to Lodge a Complaint: If you believe we have not complied with data protection laws, you have the right to file a complaint with a supervisory authority. We encourage you to contact us first so we can address your concerns directly, but you are entitled to go directly to the authority. Our primary supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) given our location in Spain. You can find their contact details on their official site. Alternatively, if you reside in another EU member state, you may contact your local Data Protection Authority. This right exists in addition to any other administrative or judicial remedy.

Exercising Your Rights: You can exercise any of these rights by contacting us at hello@siretic.com. Please clearly state your request (for example, “I am requesting access to my personal data” or “Please delete the data you have about me”). We may need to verify your identity before acting on a request (to ensure we don’t modify or disclose data to the wrong person). We will respond to your request as soon as possible, and in any case within one month as required by GDPR. If your request is complex or if we have received many requests, this period may be extended by an additional two months, but we will inform you of any extension within the first month. Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive, we may either refuse or charge a reasonable fee (as permitted by GDPR). We will explain our reasoning in such cases. Rest assured, your rights are very important to us, and we are committed to ensuring you can exercise them fully.

8. Cookies

Our Website uses cookies and similar tracking technologies to ensure it functions correctly, to analyze traffic, and to integrate with third-party services. A cookie is a small text file that a website saves on your device when you visit. Cookies serve various purposes: some cookies are essential for the site to work, while others help us improve your experience or assist in marketing efforts. When you first visited Siretic.com, you should have seen a cookie consent banner allowing you to accept or customize your cookie preferences. We honor your choices on that banner. At Cookies Policy we provide more information about the types of cookies we use and why.

Contact: If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please feel free to reach out to us:

Email: hello@siretic.com
Postal Mail: Sergi Domínguez del Río – Siretic, Girona, Spain. (Please note this is our business mailing location; we will provide a full postal address if required for any formal correspondence.)

We take privacy seriously and will respond promptly to any communications. Whether you want to exercise your data rights, have a question about what data we have about you, or need clarification on any part of this Policy, we encourage you to contact us. We prefer to resolve all privacy-related issues amicably and transparently.

Legal Compliance: We are committed to processing personal data in accordance with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Spain’s national data protection law (the Ley Orgánica 3/2018, de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD)). This Privacy Policy is designed to meet the information disclosure requirements of GDPR (in particular Articles 12-14) and related laws. Terms like “personal data”, “controller”, “processor”, etc., are used in the sense defined by the GDPR.

In the event of any conflict between this Policy and your rights under applicable law, your legal rights will always take precedence. If any provision of this Policy is found to be unenforceable or invalid under law, the remaining provisions will remain in full force and effect.

Minors: Our Website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you are under 16 (or under the applicable age of consent in your country, which is 14 in Spain), please do not submit any personal information to us. If we become aware that we have inadvertently collected personal data from a child without proper consent, we will take steps to delete such information promptly. Parents or guardians who believe that we might have information about a minor can contact us to request deletion.

Changes to This Policy: We may update this Privacy Policy from time to time, for example to reflect changes in our services, legal requirements, or data processing practices. If we make significant changes, we will notify users either via email (if we have your email and appropriate consent) or by posting a prominent notice on our site. We encourage you to review this Policy periodically. The “Last updated” date at the top indicates when the latest changes were made. Your continued use of the Website after any modifications to the Policy have been posted constitutes your acknowledgment of the changes. If changes require new consent (for example, if we introduce a new cookie category or a new purpose for data processing), we will obtain that consent as required.

Jurisdiction and Dispute Resolution: As the Website operator is based in Spain, this Privacy Policy, and any disputes arising from it or related to the use of personal data, are governed by the laws of Spain and applicable EU regulations. In the unlikely event of a dispute that we cannot resolve amicably, it will fall under the jurisdiction of the competent courts of Spain, without prejudice to your rights under local law to seek remedies in the country where you reside.

By using Siretic.com, you acknowledge that you have read and understood this Privacy Policy. We appreciate your trust in us to handle your personal data respectfully and lawfully. If you have any questions or need further clarification, please do not hesitate to contact us at hello@siretic.com – we are here to help.