Privacy Policy

1. Information We Collect

We collect different types of information depending on how you interact with us. This section describes the categories of personal information we may collect.

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

• Contact us through our website, email, phone, or other communication channels
• Request a quote, consultation, or information about our services
• Engage our services and enter into a business relationship with us
• Subscribe to our newsletter or marketing communications
• Participate in surveys, promotions, or events
• Apply for employment or submit your resume
• Provide feedback or testimonials about our services

This information may include:

• Contact information: name, email address, phone number, mailing address
• Professional information: company name, job title, industry, company size
• Account credentials: username, password (encrypted)
• Financial information: billing address, payment card details (processed securely by our payment providers)
• Project information: requirements, specifications, files, and materials you provide
• Communication records: emails, chat logs, call recordings (with consent), and support tickets
• Any other information you choose to provide

1.2 Information Collected Automatically

When you visit our website or use our online services, we automatically collect certain information about your device and your visit, including:

• Device information: IP address, device type, operating system, browser type and version, screen resolution, device identifiers
• Usage information: pages visited, time spent on each page, clickstream data, referring and exit pages, date and time of visit
• Location information: approximate geographic location based on IP address, country, region, and city
• Connection information: internet service provider, connection speed, network type

We collect this information using cookies, web beacons, and similar technologies. For more information, please see our Cookie Policy.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Business partners and referral sources who recommend our services
• Social media platforms when you interact with our social media presence or use social login features
• Analytics providers who help us understand website traffic and user behavior
• Marketing partners who assist with advertising and lead generation
• Publicly available sources such as company websites, LinkedIn, and business directories
• Credit reporting agencies and fraud prevention services (for business clients)

2. How We Use Your Information

We use the information we collect for various legitimate business purposes. Below is a detailed explanation of how we use your personal information:

2.1 Providing and Improving Our Services

• To provide, operate, and maintain our services as requested
• To process and fulfill service requests, including project delivery and support
• To communicate with you about projects, services, account matters, and support inquiries
• To personalize your experience and deliver content relevant to your interests
• To improve, develop, and enhance our services, website, and user experience
• To conduct research and analysis to better understand our clients and market

2.2 Marketing and Communications

• To send you marketing communications about our services, promotions, and events (with your consent where required)
• To send newsletters and industry insights you have subscribed to
• To invite you to participate in surveys, research, or feedback programs
• To display targeted advertisements on third-party platforms
• To measure the effectiveness of our marketing campaigns

2.3 Security and Legal Compliance

• To protect the security and integrity of our systems, services, and data
• To detect, prevent, and address fraud, security threats, and technical issues
• To verify your identity and prevent unauthorized access
• To comply with legal obligations, regulations, and lawful requests from authorities
• To enforce our terms of service and other agreements
• To protect our rights, property, and safety, and that of our clients and others

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we are required to have a valid legal basis for processing your personal data. We rely on the following legal bases:

3.1 Contract Performance

Processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract. This includes providing our services, processing payments, and communicating about your projects.

3.2 Legitimate Interests

Processing is necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

• Operating, improving, and promoting our business and services
• Understanding how our website and services are used
• Sending marketing communications to existing clients about similar services
• Protecting our business from fraud and security threats
• Establishing, exercising, or defending legal claims

3.3 Consent

For certain processing activities, we rely on your explicit consent, which you may withdraw at any time. This includes:

• Sending marketing communications to individuals who are not existing clients
• Using non-essential cookies and similar tracking technologies
• Processing sensitive personal data (if applicable)

3.4 Legal Obligation

Processing is necessary to comply with our legal obligations, such as tax reporting, responding to lawful requests from authorities, and maintaining records as required by law.

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for their own marketing purposes. We may share your information only in the following circumstances:

4.1 Service Providers and Partners

We may share your information with trusted third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud, Cloudflare)
• Payment processors and financial institutions
• Email delivery and communication platforms
• Analytics and performance monitoring services
• Customer relationship management (CRM) systems
• Professional services (legal, accounting, consulting)

These providers are contractually obligated to protect your information, use it only for the purposes for which it was disclosed, and comply with applicable data protection laws.

4.2 Business Transfers

If Flectar is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

4.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to valid legal requests, including:

• To comply with a subpoena, court order, or other legal process
• To respond to requests from government or regulatory authorities
• To protect and defend our rights, property, or safety
• To protect the safety of our clients, employees, or the public
• To investigate potential violations of our terms or policies
• To detect, prevent, or address fraud, security, or technical issues

4.4 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so, or when you direct us to share information with specific parties.

5. International Data Transfers

Flectar is headquartered in Spain, and we process and store data primarily within the European Economic Area (EEA). However, your information may be transferred to, and processed in, countries other than the country in which you reside, including countries that may have different data protection laws.

When we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place to protect your information, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules for transfers within corporate groups
• Adequacy decisions by the European Commission for transfers to countries with adequate protection
• Your explicit consent for specific transfers

You may request a copy of the safeguards we use for international transfers by contacting us using the information provided below.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period depends on the nature of the information and the purposes for which it is processed.

Our general retention periods are as follows:

• Client project data and contracts: 7 years after project completion (for legal and tax compliance)
• Financial and billing records: 7 years (as required by Spanish tax law)
• Marketing contacts: Until you unsubscribe or request deletion, plus 2 years of inactivity
• Website analytics data: 26 months (standard Google Analytics retention)
• Support tickets and communications: 3 years after resolution
• Job applications: 2 years after the application process concludes

When personal information is no longer needed, we will securely delete or anonymize it. In some cases, we may anonymize your information for research or statistical purposes, in which case we may use this information indefinitely without further notice.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to helping you exercise these rights.

7.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interests, and for direct marketing purposes.

Right to Withdraw Consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD).

7.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.

Right to Delete

You have the right to request that we delete your personal information, subject to certain exceptions provided by law.

Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

Right to Opt-Out of Sale/Sharing

You have the right to opt-out of the sale or sharing of your personal information for cross-context behavioral advertising. Note: Flectar does not sell personal information as defined by the CCPA/CPRA.

Right to Limit Use of Sensitive Personal Information

You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to provide the services you request.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your privacy rights.

7.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will verify your identity before processing your request to protect your privacy and security.

We will respond to your request within the timeframe required by applicable law: within one month for GDPR requests (extendable by two months for complex requests), and within 45 days for CCPA requests (extendable by an additional 45 days if necessary).

You may also designate an authorized agent to make requests on your behalf. We may require verification of the agent's authorization before processing the request.

8. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.

8.1 Security Measures

Our security measures include, but are not limited to:

• Encryption of data in transit using TLS 1.3 and secure HTTPS connections
• Encryption of sensitive data at rest using AES-256 encryption
• Secure access controls with role-based permissions and multi-factor authentication
• Regular security assessments, vulnerability scans, and penetration testing
• Continuous monitoring and logging of system access and activities
• Employee security awareness training and background checks
• Incident response procedures and breach notification protocols
• Regular backups and disaster recovery planning
• Physical security controls at our facilities and data centers

8.2 Data Breach Response

In the event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities as required by applicable law. For GDPR purposes, we will notify the supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to your rights and freedoms.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

9. Children's Privacy

Our Services are intended for businesses and individuals who are at least 16 years of age. We do not knowingly collect personal information from children under 16 years of age.

If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers promptly.

10. Third-Party Links and Services

Our website and services may contain links to third-party websites, plugins, applications, and services that are not operated by us. These links are provided for your convenience and information.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every website you visit before providing any personal information.

The inclusion of any link does not imply endorsement by Flectar of the linked site or service. Your interactions with third-party services are governed by the privacy policies of those services.

11. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing activity not be tracked. There is currently no universally accepted standard for how websites should respond to DNT signals.

Our website does not currently respond to DNT signals. However, you can manage your privacy preferences through our cookie consent tool, your browser settings, or the opt-out mechanisms described in our Cookie Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this policy.

For material changes that significantly affect your privacy rights or how we process your personal information, we will provide additional notice through one or more of the following methods:

• A prominent notice on our website
• An email notification to the address associated with your account
• A notification within our services or client portal

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of such changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or if you wish to exercise any of your privacy rights, please contact us at:

For general inquiries, you may also contact us at hello@flectar.com.

We will acknowledge receipt of your request and respond within the timeframe required by applicable law. We are committed to working with you to resolve any privacy concerns you may have.