Privacy Statement

Jugendstil, SLU (“Company”, “we”, “us”) is committed to protecting the privacy and personal data of our clients, website visitors, SaaS users, and any other individuals whose data we process. This Privacy Statement explains how we collect, process, store, and protect personal data in compliance with the laws of the Principality of Andorra, and, where applicable, the European Union General Data Protection Regulation (GDPR). By engaging with our services, using our websites, or accessing our software platforms, individuals acknowledge and agree to the practices described in this Privacy Statement.

1. Data Controller

The Company acts as the data controller for all personal data processed in the course of providing consultancy, software development, SaaS, and related services. The data controller is responsible for determining the purposes and means of processing personal data. All questions, requests, or complaints regarding personal data, including exercise of data subject rights, may be directed to our Data Protection Officer at [Insert Email].

2. Categories of Personal Data Collected

The Company collects and processes personal data for multiple purposes in connection with the provision of our services. Personal data may include, but is not limited to, the following categories. Information provided by clients and prospective clients, including names, job titles, email addresses, phone numbers, billing information, corporate identification, and project-related communications. Data collected from website interactions, including IP addresses, browser type, operating system, access times, navigation behavior, cookies, and similar tracking technologies. Information entered into our SaaS platforms, including user accounts, authentication credentials, configuration settings, uploaded content, logs of activity, and transactional data. Financial information required for processing payments, such as bank account numbers, credit card details, and invoicing information. Any additional personal data voluntarily provided to the Company in the context of communications, inquiries, feedback, or participation in events or promotions.

3. Purposes of Processing

Personal data is processed for purposes necessary to perform our contractual obligations, comply with legal obligations, and pursue legitimate interests. The Company uses personal data to provide, operate, and manage consultancy and SaaS services, including project management, software development, deployment, maintenance, support, and training. Personal data is used to communicate with clients, prospects, and users regarding project status, updates, service notifications, or any operational changes affecting the provision of services. Personal data may be processed to facilitate billing, accounting, financial reconciliation, and collection of fees, as well as to comply with applicable taxation, auditing, or regulatory requirements. Analytics and performance monitoring may be conducted on personal data to improve service quality, enhance user experience, and optimize system performance. Personal data may be used for security monitoring, fraud prevention, and protection against unauthorized access, including detection and investigation of security incidents.

The legal bases for processing personal data include the necessity of processing for the performance of a contract, compliance with legal obligations, the legitimate interests of the Company in managing its business and services, and where applicable, consent provided by the data subject. Where processing relies on consent, the Company ensures that such consent is freely given, specific, informed, and revocable at any time.

5. Data Sharing and Disclosure

The Company may share personal data with third parties strictly for purposes necessary to provide the Services. Third-party service providers may include hosting providers, software vendors, payment processors, analytics platforms, or professional advisors. Such third parties are bound by contractual obligations requiring confidentiality, security, and compliance with applicable data protection laws. Personal data may be disclosed to government authorities, law enforcement agencies, or regulatory bodies if required by law or to respond to a legal process. The Company may also share personal data with subcontractors or partners when necessary to fulfill contractual obligations, provided that such entities adhere to strict confidentiality and security requirements. The Company does not sell or trade personal data to unrelated third parties.

6. Data Retention

The Company retains personal data only for as long as necessary to achieve the purposes outlined in this Privacy Statement or to comply with legal obligations. Data associated with consultancy projects, including client communications, Deliverables, and financial records, will generally be retained for a period of ten years from project completion, in compliance with Andorran accounting and taxation regulations. Data associated with SaaS services will be retained for the duration of the subscription and for thirty days after termination or cancellation of the subscription, unless otherwise agreed. After the retention period, personal data will be securely deleted, anonymized, or irreversibly rendered unusable.

7. Data Security

The Company implements technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data. Measures include encryption of data in transit and at rest, access controls based on role and responsibility, multi-factor authentication, regular security audits, and system monitoring to detect unauthorized access or anomalies. Employees, contractors, and subcontractors with access to personal data are subject to confidentiality obligations and undergo training on data protection and security protocols. Notwithstanding these measures, no system is completely immune to unauthorized access, and the Client acknowledges that residual risk may exist.

8. Data Subject Rights

Individuals whose personal data is processed by the Company may exercise their rights under applicable law. These rights include the right to access personal data, request rectification of inaccurate or incomplete information, request deletion of personal data where permitted, object to or restrict processing of personal data, and request the portability of data provided directly to the Company. Individuals may withdraw consent at any time where processing is based on consent. Requests to exercise any data subject rights should be directed to the Data Protection Officer at [Insert Email]. The Company will respond to such requests in accordance with legal timelines and will take reasonable steps to verify the identity of the requester.

9. International Data Transfers

Where personal data is transferred outside the Principality of Andorra or the European Economic Area, the Company ensures appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, or equivalent measures recognized by applicable law, to protect the privacy and rights of data subjects.

10. SaaS-Specific Data Processing

For SaaS services, personal data includes all information entered into user accounts, system logs, uploaded content, authentication credentials, and configuration settings. The Company processes this data solely to provide, maintain, and improve SaaS services, including software functionality, security, backups, updates, and user support. Data collected from SaaS usage may be aggregated or anonymized for analysis to improve service performance and feature development. Users are responsible for the content they upload, ensuring it does not violate applicable laws or third-party rights.

11. Cookies and Tracking

Our websites and web applications may use cookies, web beacons, or similar technologies to analyze website traffic, enhance user experience, and remember user preferences. Personal data collected through these technologies may include IP addresses, browsing patterns, and device information. Users can configure browser settings to block or delete cookies, but certain features or functionalities of our websites or applications may not operate properly without cookies.

12. Third-Party Services

Personal data may be processed by third-party service providers engaged by the Company for hosting, analytics, payment processing, or software components. The Company ensures that these providers are bound by contracts requiring compliance with data protection obligations, confidentiality, and security measures. The Company is not responsible for the privacy practices of third-party services not controlled by the Company.

13. Updates to Privacy Statement

The Company may update this Privacy Statement to reflect changes in legal requirements, business practices, or service offerings. The effective date at the beginning of this Privacy Statement will be updated accordingly. Users are encouraged to review the Privacy Statement periodically. Continued use of the Company’s services, websites, or SaaS platforms after such changes constitutes acceptance of the updated Privacy Statement.

14. Contact Information

For questions, concerns, or requests regarding personal data, data subject rights, or this Privacy Statement, individuals may contact the Company’s Data Protection Officer at: