Privacy Policy

The data controller is Caplendario, with registered address at C. Vitoria, 139, 09007 Burgos, Spain. You can contact us regarding data protection matters at info@caplendario.com or by calling +34 947 220 494.

This Privacy Policy applies to all personal data collected through the website caplendario.com, including its English and Spanish language versions, and through any direct communications with our office.

We collect only the personal data that you voluntarily provide to us. This includes:

• Name and email address when you submit a contact or appointment request form
• Subject and message content when you contact us directly
• Session preference information (format, topic of interest) when booking an orientation session
• Technical data collected automatically by our server, including IP address, browser type, operating system and pages visited

We do not collect sensitive personal data (special categories under Article 9 GDPR) and we do not request financial account details, identification documents or health information through this website.

We process your personal data on the following legal bases as defined in Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD):

• Consent (Article 6.1.a GDPR): When you tick the privacy checkbox on our contact or booking forms, you give explicit consent for us to process your data to respond to your enquiry.
• Legitimate interest (Article 6.1.f GDPR): For basic server log data collected automatically for security and operational purposes.
• Pre-contractual measures (Article 6.1.b GDPR): When you request an orientation session, processing your contact details is necessary to arrange that session.

Your personal data is used exclusively for the following purposes:

• Responding to your enquiries or requests for information
• Confirming and arranging orientation session appointments
• Sending educational materials you have specifically requested
• Maintaining records of interactions for service quality and legal compliance purposes
• Analysing anonymous, aggregated website usage data to improve our content

We do not use your data for automated decision-making or profiling. We do not send unsolicited marketing communications.

We do not sell, rent or trade your personal data to any third party. We may share your data with the following categories of recipients only where strictly necessary:

• Hosting and technical service providers: Our website hosting provider processes server data on our behalf under a data processing agreement compliant with Article 28 GDPR.
• Public authorities: We may disclose data to competent authorities where required by applicable law or court order.

Any third-party processor we engage is bound by contractual obligations to process data only on our instructions and to maintain appropriate security measures.

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law:

• Contact form data and appointment requests: retained for up to 12 months from the date of the last interaction, unless an ongoing relationship develops
• Server log data: retained for a maximum of 12 months for security purposes
• Cookie consent records: retained for the duration of the consent period (12 months from the date of consent)

After the applicable retention period, data is securely deleted or anonymised.

Under GDPR and the LOPDGDD, you have the following rights, which you may exercise at any time by contacting us at info@caplendario.com:

• Right of access (Article 15 GDPR): You may request confirmation of whether we process your data and obtain a copy of it.
• Right to rectification (Article 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure (Article 17 GDPR): You may request deletion of your data where it is no longer necessary for the purpose collected, or where you withdraw consent.
• Right to restriction (Article 18 GDPR): You may request that we limit processing in certain circumstances.
• Right to data portability (Article 20 GDPR): Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
• Right to object (Article 21 GDPR): You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) at www.aepd.es if you consider that your rights have not been respected.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure or destruction. These measures include encrypted data transmission (HTTPS), access controls limiting data access to authorised personnel only, and regular review of our security practices.

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We encourage you to use secure connections when communicating with us.

We process and store your data within the European Economic Area (EEA). Where any service provider operates outside the EEA, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as Standard Contractual Clauses approved by the European Commission.

We use cookies and similar tracking technologies on this website. For detailed information about the cookies we use, their purpose and how to manage your preferences, please refer to our Cookie Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically. Continued use of the website after any changes constitutes acceptance of the updated policy.