Legal
Privacy Policy
Last updated: June 29, 2026 · GDPR Regulation (EU) 2016/679
1. Data Controller
| Company | Bavarli Agency |
| Legal representative | [YOUR_FULL_NAME] |
| Tax ID | [YOUR_NIF/CIF] |
| Address | [YOUR_ADDRESS] |
| Phone | +34 678 192 766 |
| Privacy email | info@bavarli.com |
| Website | bavarli.com |
2. What data we collect and why
| Activity | Data collected | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Contact form | Name, email, phone, business type, city, message | Respond to enquiries and send a free audit proposal | Legitimate interest / Consent (Art. 6.1.a/f GDPR) | 12 months |
| Web analytics | Anonymised IP, pages visited | Improve the website | Consent (Art. 6.1.a GDPR) | Per cookie policy |
3. Recipients and international transfers
Your data may be shared with the following processors:
- Vercel Inc. (USA) — website hosting. Data transfers are covered by Standard Contractual Clauses approved by the European Commission.
- Notion Labs Inc. (USA) — CRM to manage enquiries. Covered by Standard Contractual Clauses.
- Resend Inc. (USA) — transactional email delivery. Covered by Standard Contractual Clauses.
No data is sold or shared with third parties for marketing purposes.
4. Your rights (GDPR Chapter III)
| Access (Art. 15) | Obtain a copy of your personal data. |
| Rectification (Art. 16) | Correct inaccurate or incomplete data. |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten"). |
| Restriction (Art. 18) | Limit how we process your data in certain cases. |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format. |
| Objection (Art. 21) | Object to processing based on legitimate interest. |
To exercise any of these rights, email us at info@bavarli.com. We will respond within 1 month (extendable to 3 months for complex cases).
You also have the right to lodge a complaint with your national supervisory authority. In Spain: AEPD — www.aepd.es.
5. Security
We apply technical and organisational measures in accordance with Art. 32 GDPR, including encryption in transit (TLS) and access controls. All form submissions are transmitted over HTTPS.
6. Minors
This website is not directed at persons under 16 years of age. We do not knowingly collect personal data from minors.
7. Updates to this policy
We may update this Privacy Policy from time to time. The revision date at the top of this page will always reflect the most recent version. Continued use of the site after an update constitutes acceptance of the revised policy.
