Privacy Policy

Last updated: 24 November 2025

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit or use our website and related services (the “Services”). We process personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

1) Data Controller and Contact Details
Controller: MAZENET, a business unit of C4MS & Partners SL
Registered address: MAZENET, a business unit of C4MS & Partners SL
Tax ID (NIF/CIF): B10619211
Email: privacy@mazenet.es

2) Categories of Personal Data We Collect
We may collect and process the following personal data:

Identification and contact data: name, surname, email address, telephone number, postal address, company/organization, position or role. Account data: username, password, user ID, preferences, communication settings. Transaction and billing data: invoicing details, payment method, order history. We do not store full payment card details; payments are processed by certified providers. Website usage and technical data: IP address, device identifiers, browser type and version, operating system, access times, pages viewed, referring URLs, and interactions with the Services. Communications data: content of messages, support requests, and feedback. Marketing data: preferences regarding newsletters, events, and promotions. If expressly provided by you and necessary for the purpose: professional data (e.g., sector, company size).
We do not intentionally collect special categories of personal data unless expressly requested and necessary for a specific purpose, in which case we will inform you and obtain your explicit consent where required.

3) Purposes and Legal Bases for Processing
We process personal data for the following purposes:

Provision of Services and customer management, including account administration, order processing, customer support, and fulfillment of contractual obligations. Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR).

Billing, fraud prevention, and compliance with accounting, tax, and legal obligations. Legal basis: compliance with legal obligations (Art. 6(1)(c) GDPR).

Service improvement, analytics, and security monitoring (e.g., troubleshooting, usage metrics, performance, and detecting or preventing abuse). Legal basis: our legitimate interests in improving and securing the Services (Art. 6(1)(f) GDPR). Where required, we implement safeguards and conduct a balancing test.

Marketing communications (e.g., newsletters, product updates, promotions) and personalization of content, subject to your preferences and applicable opt-in requirements.Legal basis: your consent (Art. 6(1)(a) GDPR) and/or our legitimate interests in promoting our Services (Art. 6(1)(f) GDPR) where permitted by law. You may withdraw consent or opt out at any time.

Managing events, surveys, and promotions. Legal basis: consent and/or performance of a contract.

Compliance, enforcement, and exercise of legal claims. Legal basis: compliance with legal obligations and our legitimate interests in safeguarding rights.

4) Sources of Data
We obtain data directly from you when you interact with the Services, create an account, complete forms, contact us, or make purchases. We may also collect data automatically through cookies and similar technologies. Where permitted, we may receive data from third-party providers (e.g., payment processors, analytics providers) and business partners.

5) Cookies and Similar Technologies
We use cookies and similar technologies for functionality, analytics, and, where applicable, advertising. Where required, we request your consent via our cookie banner before setting non-essential cookies. For detailed information on the types of cookies we use, their purposes, lifespans, and how to manage your preferences, please refer to our separate Cookie Policy.

6) Recipients and Data Sharing
We share personal data only as necessary and in accordance with applicable law:
Service providers acting on our behalf under data processing agreements (e.g., hosting, IT support, customer service, analytics, email delivery, payment processing).
Professional advisers (e.g., auditors, legal counsel, accountants) under confidentiality obligations.
Authorities and courts when required by law or to protect our rights, security, users, or the public.
Successors in the event of a corporate transaction (merger, acquisition, restructuring), subject to appropriate safeguards.
We do not sell personal data.

7) International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we will ensure appropriate safeguards, such as adequacy decisions by the European Commission, the use of standard contractual clauses, or other lawful transfer mechanisms, and implement supplementary measures when necessary. You may request a copy of the applicable safeguards using the contact details above.

8) Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting obligations. In general:
Account and customer data are retained for the duration of the contractual relationship and for the statutory limitation periods thereafter.

Billing and transaction data are retained for the periods required by tax and accounting laws.
Marketing data are retained until you withdraw consent or object, and for limited periods thereafter to record your preferences.
Technical and analytics data are retained for proportionate periods necessary for security, performance, and service improvement.

9) Your Rights
Subject to the GDPR and LOPDGDD, you have the following rights:
Right of access to your personal data. Right to rectification of inaccurate or incomplete data. Right to erasure (“right to be forgotten”) where applicable. Right to restriction of processing in certain cases. Right to data portability where processing is based on consent or contract and carried out by automated means. Right to object to processing based on legitimate interests, including profiling; and to object to direct marketing at any time. Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise your rights, please contact us using the details above and specify your request. We may ask for proof of identity where necessary to protect your data.

10) Complaints
If you believe your data protection rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) or with your local supervisory authority in the EEA. We encourage you to contact us first so we can address your concerns.

11) Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, taking into account the nature of the data and the risks involved. Access to personal data is limited to authorized personnel and service providers under contractual obligations of confidentiality and security.

12) Children’s Privacy
Our Services are not directed to children under 18, and we do not knowingly collect personal data from them. If we learn that we have collected data from a minor without appropriate consent, we will take reasonable steps to delete it.

13) Automated Decision-Making
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. If this changes, we will provide meaningful information about the logic involved, as well as the significance and envisaged consequences, and obtain consent where required.

14) Third-Party Links
Our Services may include links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We recommend reviewing their privacy policies.

15) Updates to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. The updated version will be indicated by an updated “Last updated” date. Where required by law, we will notify you of material changes and, if necessary, obtain your consent.

16) How to Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us.
Email: privacy@mazenet.es