Privacy Policy

    Last updated: 10 April 2026

    1. Data Controller

    COOLWEB Studio
    Email: contact@coolwebstudio.com
    Phone: +34 697 76 04 18
    Location: Spain

    COOLWEB Studio ("we", "us") is the data controller responsible for processing your personal data through this website (coolwebstudio.com).

    2. Data We Collect

    We collect the following categories of personal data:

    • Contact form data: Name, email address, phone number (optional), and message content — provided voluntarily when you submit our contact or quote form.
    • Analytics data: Pages visited, referrer URL, screen size, browser user agent, approximate location (country), and a random session identifier — collected automatically via our internal analytics system and third-party tools (Google Analytics, Microsoft Clarity).
    • Advertising data: Conversion tracking cookies set by Google Ads to measure the effectiveness of our advertising campaigns.
    • Functional data: Language preference stored in your browser's local storage.
    • Scheduling data: When you use our Calendly booking widget, Calendly may set its own cookies and collect data according to its own privacy policy.

    3. Legal Basis for Processing

    We process your data based on the following legal grounds under the GDPR (Articles 6 and 7):

    • Consent (Art. 6(1)(a)): For analytics cookies (Google Analytics, Microsoft Clarity) and advertising cookies (Google Ads). You may grant or withdraw consent at any time via our cookie banner.
    • Contract performance (Art. 6(1)(b)): For processing contact form submissions in order to respond to your enquiry and potentially enter into a service agreement.
    • Legitimate interest (Art. 6(1)(f)): For strictly necessary functional data (language preference, cookie consent choice) and internal visit tracking for site security and basic usage statistics.

    4. Third-Party Processors

    Your data may be shared with the following third-party service providers who act as data processors on our behalf:

    • Google LLC (USA) — Google Analytics (site analytics), Google Ads (conversion tracking). Data transfers to the USA are covered by the EU-US Data Privacy Framework.
    • Microsoft Corporation (USA) — Microsoft Clarity (session recordings, heatmaps). Covered by the EU-US Data Privacy Framework.
    • Calendly LLC (USA) — Scheduling widget. See Calendly Privacy Policy.
    • Supabase Inc. (USA) — Backend infrastructure for contact form storage, internal analytics, and backend functions. Covered by Standard Contractual Clauses (SCCs).
    • ipapi.co — IP geolocation API used once per visit for automatic language detection (country-level only). Your IP address is sent to determine your country; no personal data is stored by us from this service.
    • Telegram Messenger — We receive instant notifications of new contact form submissions via Telegram. Only the message content you submit (name, email, phone, message) is forwarded.

    5. International Data Transfers

    Some of our processors are located in the United States. We ensure adequate protection through:

    • The EU-US Data Privacy Framework (for Google and Microsoft)
    • Standard Contractual Clauses (SCCs) approved by the European Commission (for other US-based processors)

    Where required, we implement supplementary measures to ensure your data is protected to EU standards.

    6. Data Retention

    • Contact form data: Retained for up to 12 months after the last communication, or longer if a business relationship is established.
    • Analytics data: Aggregated analytics are retained for up to 26 months. Individual session data from our internal tracking is retained for 6 months.
    • Cookie consent preferences: Stored in your browser indefinitely until you clear your local storage or change your preference.

    7. Your Rights

    Under the GDPR, you have the right to:

    • Access your personal data (Art. 15)
    • Rectify inaccurate data (Art. 16)
    • Erase your data ("right to be forgotten") (Art. 17)
    • Restrict processing (Art. 18)
    • Data portability — receive your data in a structured format (Art. 20)
    • Object to processing based on legitimate interest (Art. 21)
    • Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3))

    To exercise any of these rights, contact us at contact@coolwebstudio.com. We will respond within 30 days.

    You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es

    8. Data Security

    We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS/TLS), secure backend infrastructure, and access controls. However, no method of electronic transmission is 100% secure.

    9. Cookies

    This website uses cookies and similar technologies. For full details on the cookies we use, their purpose, and how to manage them, please see our Cookie Policy.

    View our Cookie Policy

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates the latest revision. We encourage you to review this page periodically.