Privacy Policy
Last updated: 12 August 2025
Controller: WAISET X S.L. ("we", "us", "our")
CIF/VAT: B10838522
Registered address: Calle Llull 321, 08019 Barcelona, Spain (CINC Business Center)
Email: hello@getwebin10.com
Website: https://getwebin10.com
This Privacy Policy explains how we process personal data when you visit our Website, contact us, or engage our services. It also explains your rights under the EU/UK GDPR and the Spanish LOPDGDD.
If a separate Data Processing Addendum (DPA) is required (e.g., when we act as a processor for a client’s CMS/hosting), we will sign it upon request. This Policy covers our role as controller for data collected via this Website and our sales/support channels.
1) Data we collect
We collect and process the following categories of personal data:
- Contact & lead data: name, company, email, phone (optional), message contents, meeting preferences (when you use our contact form or book a call).
- Booking data (Calendly): meeting date/time, timezone, answers to pre‑qualification questions.
- Technical data: IP address, device/browser information, timestamps, and basic logs generated by our hosting/CDN for security and diagnostics.
- Analytics data: pseudonymous events (page views, CTA clicks) via Umami; configured by default to be cookieless.
- Support & service data: information you share during projects (briefs, assets, credentials limited to what is necessary).
- Communications: emails, records of calls or messages (e.g., WhatsApp) necessary to respond to your requests.
We do not intentionally collect special category data. Please avoid sending sensitive information not strictly necessary.
2) Purposes and legal bases
We process personal data for the purposes and on the legal bases below (Art. 6 GDPR):
| Purpose | Examples | Legal basis |
|---|---|---|
| Respond to enquiries & provide quotes | Contact form, email replies, pre‑sales calls | Performance of a contract or pre‑contractual steps (Art. 6(1)(b)) |
| Book and manage meetings | Calendly bookings & reminders | Performance of a contract (Art. 6(1)(b)) |
| Provide and secure the Website | Hosting, DDoS/abuse prevention, logs | Legitimate interests (Art. 6(1)(f)) |
| Analytics & conversion measurement | Umami events, performance metrics | Legitimate interests (Art. 6(1)(f)); where cookies are used, consent (Art. 6(1)(a)) |
| Marketing communications | News about our services to opt‑in contacts | Consent (Art. 6(1)(a)); you may opt‑out any time |
| Contract administration & compliance | Invoicing, taxes, accounting | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent (e.g., optional cookies/ads tags), you may withdraw it at any time without affecting prior processing.
3) Cookies & similar technologies
We use cookieless analytics by default. If we later deploy cookies (functional, analytics, or advertising), we will request your prior consent through our banner/settings. For details, see our Cookies Policy and the Cookie Settings link in the footer.
4) Retention
- Enquiries/leads: up to 12 months after last interaction or until you request deletion.
- Client/project files: for the duration of the contract and normally up to 6 years thereafter for legal/accounting purposes.
- Technical logs: typically 12 months (shorter/longer where required for security or legal reasons).
- Marketing consent records: retained while your consent is valid and a short period thereafter to evidence compliance.
We may retain data longer if necessary to establish, exercise, or defend legal claims.
5) Sharing & processors
We share data only as necessary with trusted providers under data processing agreements:
- Hosting/CDN: Vercel, Inc. – Website hosting, logs, deployments.
- Email delivery: Resend, Inc. – Contact form emails and transactional messages.
- Analytics: Umami Software, Inc. (Umami Cloud) or self‑hosted Umami – cookieless analytics.
- Scheduling: Calendly, LLC – Meeting booking and reminders.
- Communication tools: WhatsApp Business (Meta Platforms) – when you choose to contact us via WhatsApp.
We may disclose data to public authorities when legally required and to professional advisors (legal/accounting) under confidentiality.
6) International transfers
Some providers are located outside the EEA/UK (e.g., US). Where this occurs, we rely on a valid transfer mechanism such as Standard Contractual Clauses (SCCs), and implement appropriate safeguards (encryption in transit/at rest, access controls). Copies of SCCs or a summary of safeguards are available on request where applicable.
7) Security
We implement technical and organisational measures appropriate to the risk, including HTTPS, access controls, least‑privilege, encrypted transport/storage by our providers, and regular updates. No system is 100% secure; residual risks remain.
8) Your rights
Subject to legal limitations, you have the right to access, rectify, erase, restrict processing, object (including to processing based on legitimate interests), and data portability. Where processing is based on consent, you may withdraw it at any time.
To exercise your rights, contact hello@getwebin10.com and include proof of identity if needed. You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) or your local authority.
9) Children
Our services are intended for business users. We do not knowingly collect data from children under 16.
10) Changes to this Policy
We may update this Policy from time to time. The current version and date will be posted here. Material changes will be communicated where appropriate.
Contact
WAISET X S.L.
Calle Llull 321, 08019 Barcelona, Spain (CINC Business Center)
Email: hello@getwebin10.com