Privacy policy

Controller: Enric Robert López (self-employed), trading as Halthia.

Privacy contact email: support@halthia.com.

Tax ID: 49502957B. Business address: Vilanova i la Geltrú (Barcelona), Spain.

Landing and commercial forms: we process professional contact data (name, email, phone, company, role) and consent metadata (accepted legal version, timestamp, language and capture source).

Lead forms may include anti-abuse verification mechanisms (for example CAPTCHA-like checks) to reduce fraud and malicious automation.

Contracted SaaS service: we process customer and user data for account setup, support, billing and service operation.

Do not submit sensitive client information through landing forms.

Handling demo and contact requests and managing commercial opportunities (consent and/or pre-contractual measures).

Providing contracted services, account management and support (contract performance).

Meeting legal obligations in accounting, tax and security matters (legal obligation).

Sending our own commercial communications where consent or legitimate interest applies under applicable law.

Lead and commercial request data: for the time required to handle the request and while there is legitimate commercial interest, plus any applicable legal limitation periods.

Account and contract data: during the contract term and afterwards for the legal limitation and compliance periods required by applicable law.

Accounting and billing records: for the periods required by applicable tax and accounting law.

Audit and security logs: for as long as needed for security, support, incident investigation and legal compliance.

Client data in the SaaS: where Halthia acts as processor, retention follows controller instructions (customer) and applicable contractual/legal requirements.

Cookie consent records: up to 13 months in line with AEPD guidance.

After retention periods, data is securely deleted or pseudonymized.

We rely on infrastructure, anti-abuse security, email, analytics and payment providers under data processing agreements.

The up-to-date public list of providers and purposes is available at /en/subprocessors.

Where international transfers occur, we apply GDPR-compliant safeguards (such as standard contractual clauses), and where required we apply supplementary measures and transfer impact assessments.

You can review the DPA at /en/dpa and the subprocessor list at /en/subprocessors.

Service availability and support commitments are published at /en/sla and incident/breach handling is published at /en/security-incidents.

You may exercise your rights of access, rectification, erasure, objection, restriction and portability by emailing support@halthia.com.

Where needed to prevent unauthorized disclosure, we may request reasonable additional information to verify identity before fulfilling a request.

You may also withdraw consent at any time when processing is based on consent, without affecting prior lawful processing.

If you believe your rights are not properly addressed, you may lodge a complaint with the Spanish Data Protection Authority (AEPD).

We apply reasonable technical and organizational measures to protect data against unauthorized access, loss, alteration or disclosure.

These controls are reviewed and updated on a risk-based basis.

We do not perform automated decision-making with legal or similarly significant effects on landing users.

We may update this policy to reflect legal, technical or operational changes. The current version is always published on this page.

Please also review the Terms of service (/en/terms), Cookie policy (/en/cookies) and Legal notice (/en/legal-notice).

For pre-contractual legal review: DPA (/en/dpa), subprocessors (/en/subprocessors), SLA and support policy (/en/sla), and incident/breach policy (/en/security-incidents).