Legal

Privacy Notice

Last updated: 2026-05-02

This notice explains how personal data is handled in connection with joanromerocra.com. It is provided in accordance with Regulation (EU) 2016/679 (GDPR) and Spain's Ley Organica 3/2018 (LOPDGDD).

Data Controller

Operator: Senda Tech Solution SL
Registered address: Calle Melquiades Alvarez 20, Puerta 3, Planta 4, 33003 Oviedo, Asturias, Spain
CIF: B26914895
Contact: contact@joanromerocra.com

What This Site Does and Does Not Collect

joanromerocra.com is a static website. It does not:

• Set cookies of any kind.
• Run analytics scripts.
• Load third-party trackers, pixels, or tag managers.
• Collect any personal data through the website itself.
• Log visitor IP addresses at the application layer.

The hosting infrastructure (Amazon CloudFront and Amazon S3) may retain standard access logs at the infrastructure level, including IP addresses, as part of normal CDN and storage operation. At the time of writing, access logging is disabled for this CloudFront distribution and S3 bucket. If logging is enabled in the future, this notice will be updated before that change is deployed.

Contact by Email

The only way to transmit personal data to Joan Romero through this website is by using the email link (contact@joanromerocra.com). This link opens the visitor's own email client. The website itself does not process or transmit any data when a visitor clicks the link.

When a visitor chooses to send an email to contact@joanromerocra.com:

• The email and its metadata (sender address, date, subject, and message content) are received and stored in a Google Workspace mailbox.
• Google Workspace acts as a data processor for email hosting on behalf of Joan Romero.
• The email is processed for the sole purpose of reading and responding to the inquiry.

Legal basis: The visitor initiates contact voluntarily, which constitutes consent under GDPR Article 6(1)(a) for the initial message. Subsequent communication to handle the inquiry rests on legitimate interest under GDPR Article 6(1)(f), specifically the mutual interest of both parties in progressing an inquiry.

Recipients and Processors

Google LLC (Google Workspace)
Google processes email content and metadata as part of providing email hosting. Google acts as a data processor under a Data Processing Agreement with Workspace customers. More information: workspace.google.com/intl/en/terms/dpa_terms.html

Amazon Web Services (static hosting)
AWS provides S3 and CloudFront for hosting this static website. No personal data entered by visitors is transmitted to or processed by AWS through the website itself. Standard server logs, if enabled, may include IP addresses. At the time of writing, logging is disabled.

No personal data is sold, shared with advertisers, or disclosed to any third party beyond the processors named above, except where required by law.

International Transfers

Google and AWS are US-based companies. Data processing may involve transfers of personal data outside the European Economic Area (EEA). Both companies rely on standard contractual clauses (SCCs) and, where applicable, adequacy decisions, as the legal basis for international transfers.

Your Rights Under GDPR

Under the GDPR and LOPDGDD, you have the following rights regarding personal data that Joan Romero holds about you:

• Access: Request a copy of the personal data held about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal grounds for retention.
• Restriction: Request that processing be restricted in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format where technically feasible.
• Objection: Object to processing based on legitimate interest.
• Withdrawal of consent: Where processing is based on consent, withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, send a request to: contact@joanromerocra.com

You also have the right to lodge a complaint with Spain's supervisory authority, the Agencia Espanola de Proteccion de Datos (AEPD): www.aepd.es

Changes to This Notice

If the data practices described above change (for example, if analytics are added or logging is enabled), this notice will be updated before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

CRA technical leadership and implementation. Not legal advice.