This policy explains how we process personal data related to the use of https://capillaroscopy.com in accordance with Regulation (EU) 2016/679 and applicable Spanish law.

CONTROLLER

CAPILLARY IO SL
VAT number: B99564148
Address: Calle Isaac Peral 1 duplicado 4º F, 50001 Zaragoza, Spain
Email: [email protected]

WHAT DATA WE MAY PROCESS

We may process the following categories of data:

  • Data you voluntarily send when contacting us, such as your name, email address, country, and message content.
  • Technical and security-related data generated through browsing or through mechanisms designed to protect the website against abuse, malicious traffic, or automated submissions.
  • Aggregated, non-cookie-based usage data used to understand in general how the website is used and to improve its content and performance.

We process your data for the following purposes:

  • To answer inquiries or requests that you send to us.
    Legal basis: your consent or, where relevant, pre-contractual steps requested by you.

  • To keep the website secure and to prevent abuse, fraud, spam, or automated attacks.
    Legal basis: our legitimate interest in protecting the integrity, availability, and security of the site.

  • To measure website usage in an aggregated way in order to improve content, structure, and performance without individually identifying visitors.
    Legal basis: our legitimate interest in improving the service through privacy-respecting analytics.

  • To comply with legal obligations and to handle potential claims.
    Legal basis: compliance with legal obligations and our legitimate interest in defending our rights.

SERVICE PROVIDERS AND PROCESSORS

To operate the website we may rely on service providers acting as processors or technical vendors, including:

  • Cloudflare, for infrastructure, security, and malicious traffic protection.
  • Mailgun, for delivery of messages sent through the contact form or equivalent channels.
  • Plausible Analytics, for aggregated, cookieless analytics.
  • Google Fonts, for web font delivery.
  • jsDelivr and related CDN providers, for loading frontend assets such as GLightbox when those resources are served externally.

These providers only access the information necessary to deliver their services, subject to their contractual terms and, where applicable, data processing agreements.

When fonts or externally hosted frontend assets are requested, the provider may receive standard technical request data such as IP address, user agent, referrer, requested URL, and timestamp. We use these requests to deliver typography and interface functionality, not for advertising profiling.

RECIPIENTS

We do not sell your data and we do not disclose it for advertising purposes.

We may disclose data to authorities, courts, tribunals, or law enforcement agencies when required by law or when necessary for the establishment, exercise, or defense of legal claims.

INTERNATIONAL TRANSFERS

Some technical providers may process certain information outside the European Economic Area or allow remote access from third countries.

Where this happens, we seek to ensure that an appropriate legal basis and suitable safeguards are in place, such as standard contractual clauses, adequacy decisions, or equivalent mechanisms where applicable.

RETENTION

  • Communications you send to us are kept for the time necessary to manage your request and, afterwards, for the legal periods needed to address possible liabilities.
  • Technical and security data are kept for as long as reasonably necessary to prevent abuse, investigate incidents, and protect the site.
  • Aggregated analytics are kept without individually identifying visitors.

AUTOMATED DECISIONS

We do not carry out automated decision-making with legal effects on you, nor do we create individualized profiles for advertising purposes.

YOUR RIGHTS

You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and, where applicable, portability by writing to [email protected].

If you believe that the processing of your data does not comply with the law, you may lodge a complaint with the Spanish Data Protection Authority: https://www.aepd.es.

NEWSLETTER AND FUTURE FEATURES

As of the date of this policy, the site does not offer user registration or an active newsletter subscription. If new features involving additional personal data processing are introduced in the future, this policy will be updated before they are activated.

CHANGES TO THIS POLICY

We may update this policy to reflect legal, technical, or functional changes to the website. The version published on this page will be the current one.