At YAG Comunicación, we take the protection of the personal data you provide us very seriously. This policy clearly explains what data we collect, what we use it for, and what rights you have, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
1. Data Controller
- Name: Yeray Álamo González
- Trade Name: YAG Comunicación
- Address: our European Hub, Europe, United States
- Email: hello@yagcomunicacion.com
- Phone: +34 680 762 331
2. Purpose of Processing
At YAG Comunicación we process your personal data for the following purposes, depending on the relationship you maintain with us:
- Contact form: manage your inquiry, respond to you and, where appropriate, prepare a commercial proposal for the services you request.
- Clients: provide the contracted services, invoice, maintain the contractual relationship and comply with legal obligations (commercial, fiscal, accounting).
- Marketing: send you commercial communications about our services when you have given your express consent or there is a prior contractual relationship.
- Web analytics: understand how the Website is used through self-hosted analytical cookies (Matomo), always under your prior consent.
No profiles are created with automated decisions that produce legal effects on the data subject.
3. Legal Basis for Processing
| Processing | Legal Basis |
|---|---|
| Contact form | Consent of the data subject (Art. 6.1.a GDPR) |
| Provision of services to clients | Execution of contract (Art. 6.1.b GDPR) |
| Invoicing and tax obligations | Legal obligation (Art. 6.1.c GDPR) |
| Commercial communications | Consent or legitimate interest (Art. 6.1.a or 6.1.f GDPR) |
| Web analytics | Consent (Art. 6.1.a GDPR) |
4. Retention Period
The personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected and during the legally established periods:
- Inquiries and contacts: 2 years from the last contact.
- Contracts and invoices: for the duration of the contractual relationship and, once finalized, during the legal prescription periods (up to 6 years for commercial and tax obligations).
- Commercial communications: until the user revokes their consent.
- Cookies: according to the periods indicated in the Cookies Policy.
5. Recipients and Data Processors
We do not transfer your data to third parties except under legal obligation. However, we use providers that act as data processors and are bound by contract under Art. 28 GDPR:
- Hetzner Online GmbH (Germany, EU) — hosting and server services.
- Vercel Inc. (USA) — frontend hosting under EU-US Data Privacy Framework Adequacy Decision.
- Cloudflare, Inc. (USA) — CDN and security, under EU-US Data Privacy Framework Adequacy Decision.
- Google Ireland Ltd. (Ireland, EU) — professional email services (Google Workspace), only if applicable.
- Matomo Analytics (Self-hosted on own servers (Hetzner, EU)) — no transfer to third parties.
No international data transfers are made outside of mechanisms with adequate guarantees (Adequacy Decision or Standard Contractual Clauses).
6. User Rights
You can exercise the following rights by sending an email to indicating your name and the right you wish to exercise, accompanied by a copy of your ID or equivalent identifying document:hello@yagcomunicacion.com indicating your name and the right you wish to exercise, accompanied by a copy of your ID or equivalent identifying document:
- Access: know what data of yours we process.
- Rectification: correct inaccurate data.
- Erasure ("right to be forgotten"): delete data when it is no longer necessary.
- Objection: object to processing for reasons related to your particular situation.
- Limitation: limit processing in certain cases.
- Portability: receive the data in a structured, commonly used and machine-readable format.
- Not to be subject to automated decisions with legal effects.
You have the right to file a claim with the competent supervisory authority if you consider that the processing does not comply with current regulations.
7. Security Measures
YAG Comunicación applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- TLS 1.3 encryption on all communications with the website.
- Two-factor authentication on internal systems.
- Encrypted and automated backups.
- Access logging to systems that process personal data.
- Continuous staff training in data protection.
8. Minors
YAG Comunicación services are directed at people of legal age. We do not consciously collect personal data from children under 14 years of age. If we detect that we have received data from a minor under 14 years of age without verifiable consent from their parents or guardians, we will proceed to delete it without delay.
9. Modifications
YAG Comunicación reserves the right to modify this Privacy Policy to adapt it to new legislation or case law, as well as to industry practices. In such case, the changes introduced will be announced on this page with reasonable notice before they are put into practice.