Privacy Policy

1. Data Controller and Contact Details


You can contact us for any queries or to exercise your rights under the GDPR

2. Personal Data We Collect

2.1. Facebook Meta Pixel

  • Data Collected: Page views, button clicks, purchase events, and associated metadata (e.g. browser, device, timestamp).
  • Purpose: To measure ad performance and optimize marketing campaigns.
  • Legal Basis: Your prior consent (GDPR Art. 6(1)(a)).
  • Details: We implement Meta Pixel in compliance with Facebook’s GDPR guidance; each Controller remains responsible for obtaining valid consent before pixel activation

2.2. Google Analytics

  • Data Collected: Cookies that record anonymous identifiers, anonymized IP addresses, session duration, pages visited, and referral data.
  • Purpose: To understand site usage and improve our Service.
  • Legal Basis: Your consent. We enable IP anonymization and configure data‑retention settings per GDPR best practices

2.3. Self‑Hosted Privacy‑Focused Analytics

  • Data Collected: Only aggregated, non‑personal metrics (e.g. page views, bounce rate).
  • Purpose: To gain insights while minimizing personal data handling.
  • Legal Basis: Legitimate interest (GDPR Art. 6(1)(f)), balanced against your privacy rights.

3. Cookies and Consent Management

  • We use a GDPR‑compliant cookie banner that classifies cookies into categories (essential, analytics, marketing) and blocks non‑essential cookies until you opt in
  • Consent is recorded and can be withdrawn at any time via our cookie settings link

4. Third‑Party Sharing and International Transfers

  • Meta Pixel & Google Analytics: Data is transmitted to Meta Platforms, Inc. (USA) and Google LLC (USA). We have executed EU Standard Contractual Clauses for all such transfers under GDPR Art. 46
  • Other Sub‑processors: We only use processors who agree to GDPR‑compliant terms.

5. Data Retention

  • Analytics cookies and logs are retained for up to 26 months (configurable within Google Analytics) or deleted immediately when consent is withdrawn
  • Self‑hosted aggregated data is retained for no longer than 12 months.

6. Your Rights under GDPR

Under Chapters III and IV of the GDPR, you have the right to:

  1. Access your personal data.
  2. Rectify inaccuracies.
  3. Erase data (“right to be forgotten”).
  4. Restrict or object to processing.
  5. Data portability.
  6. Withdraw consent at any time without affecting lawfulness of prior processing.

Requests will be handled within one month of receipt

7. Security and Confidentiality

We implement appropriate technical and organisational measures—encryption, access controls, regular audits—to ensure a level of security appropriate to the risk (GDPR Art. 32)

8. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal requirements or our processing activities. You will be notified of material changes via email or a prominent notice on our site

9. Supervisory Authority

If you believe your GDPR rights have been violated, you may lodge a complaint with your local data protection authority, for example:

  • Spain: Agencia Española de Protección de Datos (AEPD)

Key References for Further Reading:

  • GDPR Regulation (EU) 2016/679, Articles 6, 7, 12–23, 32, 44–50
  • Facebook Meta Pixel Implementation & GDPR ﹣ Meta for Developers
  • Google Analytics GDPR Compliance Guide (2025)
  • TermsFeed Google Analytics Privacy Policy Template

This policy ensures transparency, user control, and full alignment with GDPR requirements while using Facebook Meta Pixel, Google Analytics, and privacy‑focused self‑hosted analytics.