Privacy Policy

We may collect and process the following categories of personal data:

We process your personal data for the following purposes:

• Handling enquiries: Responding to requests for information, quotes or contact submitted via the website or by email.
• Service delivery: Executing service contracts, including project management, invoicing and technical support.
• Meeting scheduling: Coordinating and confirming meetings requested through our booking system.
• Website improvement: Analysing browsing behaviour in aggregate and anonymous form to improve user experience using Google Analytics 4.
• Legal compliance: Meeting applicable legal and tax obligations.

Processing of your data is based on the following legal grounds under Article 6 of the GDPR:

• Consent (Art. 6.1.a GDPR): For sending marketing communications and analysing browsing via analytical cookies.
• Performance of a contract (Art. 6.1.b GDPR): For the delivery of contracted services and management of the commercial relationship.
• Legitimate interest (Art. 6.1.f GDPR): For responding to your enquiries and maintaining contact in the context of a potential business relationship.
• Legal obligation (Art. 6.1.c GDPR): For compliance with applicable tax, accounting and legal obligations.

Maedcore does not transfer personal data to third parties except in the following cases:

• Technology service providers acting as data processors (web hosting, management tools), with whom the appropriate data processing agreements have been signed.
• Google LLC, as provider of Google Analytics 4, for web traffic analysis. Data is transferred to US servers under the EU-U.S. Data Privacy Framework.
• Cal.com (meeting booking system), only with the data necessary to confirm the requested appointment.
• Public authorities when required by law.

Personal data will be retained for as long as necessary to fulfil the purposes for which it was collected:

• Enquiry data: up to 1 year from the last communication or until deletion is requested.
• Client data: for the duration of the contract and thereafter during applicable statutory limitation periods (generally 5 years for civil obligations and 4 years for tax obligations).
• Browsing data (Google Analytics): 14 months per GA4 default settings.

As a data subject, you may exercise the following rights with Maedcore:

To exercise your rights, please send an email to info@maedcore.com with the subject "GDPR Rights Request", attaching a copy of your ID or other identifying document.

If you believe that the processing of your data infringes data protection law, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

Maedcore implements appropriate technical and organisational measures to ensure a level of security appropriate to the processing risk, in accordance with Article 32 of the GDPR. These measures include encrypted communications (HTTPS/TLS), access controls and incident management procedures.

Maedcore reserves the right to update this Privacy Policy to reflect legislative or business changes. Amendments will be published on this page with an updated date. For significant changes, you will be notified through our usual communication channels.