ARRETIA (“we”, “our”, or “us”) is committed to ensuring the privacy, integrity, and security of the personal data entrusted to us. This Privacy Policy describes how we collect, use, store, and protect your information when you visit our website (the “Site”) or interact with us through forms, communications, or services available therein.

We process your data in accordance with applicable data protection regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and other relevant legislation.

1. Data Controller

The data controller for the purposes of this Privacy Policy is ARRETIA. You can contact us at: contact@arretia.com.

2. Categories of Data We Collect

When you interact with our Site or submit your information through a contact or registration form, we may collect and process the following categories of personal data:

a) Directly Provided Data

• Full name

• Email address

• Company or affiliation (if applicable)

• Any message or content voluntarily provided

b) Automatically Collected Data

Through standard web technologies and our service providers, we may collect:

• IP address

• Device and browser type/version

• Language preferences

• Operating system

• Referrer URLs

• Date, time, and duration of page visits

• Interaction data (e.g., clicks, scrolling)

This information is collected solely for technical performance, security auditing, and aggregated usage analysis.

c) Communication Metadata

• Records of communications initiated via our forms or direct contact

• Time stamps and delivery/read status, if applicable

3. Purpose and Legal Basis of Processing

We process personal data only when we have a lawful basis under Article 6 of the GDPR. The purposes and associated legal grounds include:

We will never use your personal data for purposes incompatible with those listed above without prior notice and, where required, your explicit consent.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or contractual requirements. The criteria used to determine retention periods include:

• The duration of our relationship or communication

• Legal or regulatory obligations to retain data

• The existence of actual or potential disputes

• Technical and operational requirements

When your data is no longer necessary, we securely erase, anonymize, or archive it in accordance with industry standards.

5. Data Sharing and Recipients

We do not sell, rent, or disclose your data to third parties for commercial purposes.

However, we may share your personal data with:

• Service providers (e.g., hosting, form management, analytics, mailing systems), solely to provide services on our behalf and under strict confidentiality and data protection agreements.

• Authorities or regulatory bodies, only where legally required or to defend our legal rights.

• Professional advisors, where necessary for compliance, auditing, or the protection of legitimate interests.

Wherever possible, data is processed within the European Economic Area (EEA). If processing occurs outside the EEA, we ensure it is safeguarded by appropriate legal mechanisms (e.g., Standard Contractual Clauses, adequacy decisions, or equivalent protections).

6. Data Security

We implement robust technical and organizational security measures, including:

• Secure transmission via HTTPS/TLS encryption

• Access control and authentication protocols

• Encrypted storage (when applicable)

• Regular monitoring and auditing of systems

While no system can guarantee absolute security, we strive to adhere to the highest standards of data protection and proactively manage vulnerabilities.

7. Your Rights Under the GDPR

As a data subject, you have the right to:

• Access: Obtain confirmation and a copy of your personal data.

• Rectify: Request correction of inaccurate or incomplete data.

• Erase: Request deletion of your data (“right to be forgotten”), under certain conditions.

• Restrict: Request limitation of data processing in specific circumstances.

• Object: Object to processing based on legitimate interests or direct marketing.

• Portability: Receive your data in a structured, commonly used, and machine-readable format.

• Withdraw Consent: At any time, without affecting prior lawful processing.

You may exercise these rights by contacting us at: contact@arretia.com.
We will respond within the legally established timeframe (typically 30 days).

You also have the right to lodge a complaint with your local data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD): www.aepd.es

8. Minors

Our website and services are not intended for individuals under the age of 16. We do not knowingly collect or process data from minors. If you believe we may have inadvertently collected such information, please contact us immediately.

9. Cookies and Analytics

We currently do not use tracking cookies for behavioral profiling.

If we implement cookies or analytics in the future, we will:

• Notify users via a cookie banner

• Request explicit consent before storing non-essential cookies

• Provide a Cookie Policy with clear configuration options

10. Third-Party Links

Our website may contain links to third-party websites, plug-ins, or services. We are not responsible for the privacy practices or content of such external platforms. We encourage you to review their respective privacy policies before sharing any personal data.

11. Updates to This Policy

We may revise this Privacy Policy from time to time, particularly to reflect changes in legislation, services, or technological advancements. Material updates will be communicated via our website.