Privacy Policy
1. Data Controller
Schifflers Tech Consulting, S.L.
CIF/NIF: B56922933
Address: Avenida Brasil, 29 – Piso 1B, 28020 Madrid, Spain
Email: 
2. Processing Purposes & Legal Basis
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Contact form enquiries | Name, email, company, message | Art. 6.1.b GDPR — pre-contractual relationship |
| Web analytics | Anonymous usage data, cookies | Art. 6.1.a GDPR — consent |
| Spam protection (Google reCAPTCHA) | Browser/device signals | Art. 6.1.f GDPR — legitimate interest |
| Security monitoring | IP addresses, access logs | Art. 6.1.f GDPR — legitimate interest |
By using our contact forms you accept Google reCAPTCHA processing. See Google’s Privacy Policy and Terms of Service.
3. Retention Period
- Contact form data: retained for the duration of the business relationship and up to 3 years thereafter unless a longer period is required by law.
- Cookies: per your consent settings. Session cookies expire on browser close; analytics cookies per provider settings.
- Security logs: up to 12 months.
4. Recipients & Data Processors
We use the following third-party processors. All are bound by data processing agreements:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Hostinger International Ltd. | Website hosting & infrastructure | EU (Lithuania) / USA | SCCs / EU-US Data Privacy Framework |
| Google LLC (reCAPTCHA) | Spam protection | USA | EU-US Data Privacy Framework |
| Google LLC (Workspace) | Email communications, Anonymised analytics data | USA | EU-US Data Privacy Framework |
| Automattic Inc. (Akismet) | Comment spam filtering | USA | SCCs |
| CookieYes Ltd. | Cookie consent management | EU (Ireland) | EU-based processor |
| Wordfence / Defiant Inc. | Website security & firewall | USA | SCCs |
No personal data is sold or shared with third parties for marketing purposes.
5. International Transfers
Some processors are located outside the European Economic Area (EEA). Transfers to the USA are protected under the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as approved by the European Commission.
6. Your Rights
Under GDPR you have the right to:
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data (“right to be forgotten”).
- Restriction — limit how we process your data.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, without affecting prior processing.
To exercise any right, contact us at:
You may also lodge a complaint with the Spanish Data Protection Authority: www.aepd.es (Agencia Española de Protección de Datos).
7. Cookies
We use essential, analytics, and third-party cookies. You can manage your preferences at any time via the cookie consent banner on our website. For full details see our cookie settings panel.
8. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including SSL/TLS encryption, restricted access controls, regular security assessments, and GDPR-compliant data handling procedures.
9. Minors
Our services are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data through our site, please contact us immediately.